A look at Microsoft’s SIR v14
So…. I finally had a chance to finish reading the latest full edition of Microsoft’s latest Security Intelligence Report.
There’s a lot of really good info in the report. The executive summary also does a good job of highlighting key points. That said, I had a couple of observations of my own that others might find interesting.
Overall, the data led me to conclude that people who keep their operating systems up to date – whether we are talking versions or patches/service-packs – are more likely to pay attention to other aspects of security, such as malware protection.
While this isn’t necessarily an unexpected conclusion, it’s good to see the charts and stats which lend support for it. This might help us to convince both consumers and corporations that this is important!
Operating System Anomalies
I found it interesting that the percentage of systems with up-to-date anti-malware solutions was found to be higher on the x64 editions of Windows than on their 32-bit counterparts. Based on anecdotal evidence, I would have expected that more people running x64 Windows would have elected to forgo malware protection software.
Another puzzler for me was why 64-bit Vista was worse than 32-bit Vista for both protected and unprotected systems. I’d love to hear the explanation for that one, as I can’t imagine any reason why that should be.
The final interesting discrepancy (again with Vista) is that Vista SP2 numbers for both 32-bit and 64-bit editions are better than the corresponding Windows 7 RTM numbers. No good reasons for why this should be. The most careful users tend to be the ones who keep up with the latest OS – that has been my experience, and that’s what the overall data seems to suggest for every other operating system reported. Weird.
Here’s an excerpt from the report:
The RTM version of Windows 7, which had the highest percentage of unprotected computers of any platform (shown in Figure 4), also displayed the highest infection rates for unprotected computers, with a CCM of 20.4 for the 32-bit edition and 12.5 for the 64-bit edition. This correlation suggests that a larger population of unprotected users within a platform creates an attractive target for attackers.
This has been argued for some time, particularly during the epic OS wars of the past few decades. Yes, even though it is not the complete answer, there is definitely some truth to idea that the size of market impacts the size of the opportunity for infection and thus will have a direct impact upon the amount of malware that is created.
Just look at the mobile market, which sports a different ranking of market share vs. the desktop, and we can see that the size of ecosystem, not underlying OS, is the most significant indicator of the amount of available malware.
No, it’s not the only factor, of course, but it’s clearly a very significant factor.
Given that unprotected systems/users in Japan faired better than the worldwide average for all protected systems/users, I wonder if there are additional regional, geographic, cultural or socio-economic factors that contribute to how safe or at-risk any particular group of computer users will be?
It would be interesting to determine what the discrepancy was (if any) between the average number of installed applications on infected and unprotected systems vs. that found on protected and uninfected systems. I’m certain that we can learn something from that as well.
In general, it seems to me that people who are security minded will keep up with patch management and employ other good, safe computing practices, including the installation of anti-malware solutions, whereas those who are not so security minded are likely to engage in much riskier behaviors which include going to risky sites, not using malware protection, etc.
That’s my first pass… If anything else stands out over the next few weeks, I’ll follow up with another post.