Volume 8 of Microsoft’s Security Intelligence Report (SIR) was released recently, and it unsurprisingly concludes that Windows 7 and Windows Vista SP2 are more secure and resistant to infection than is Windows XP SP3.
According to the report, the 32-bit version of Windows 7 RTM and the 32-bit version of Windows Vista SP2 sport infection rates of 2.2 and 2.8, respectively, which both compare quite favorably to Windows XP SP3’s infection rate of 7.0. These infection rates are calculated by Microsoft using data collected by the Windows Malicious Software Removal Tool, which is run on Windows Update-enabled computers every month, and are measured in number of computers infected per 1,000 computers. See the graph below for a complete breakdown.
The 64-bit versions of Windows 7 and Windows Vista SP2 fare even better, with only 1.4 computers infected per every 1,000 computers scanned. Microsoft chalks this up to beefier security in the 64-bit versions of Windows, but also concedes that 64-bit computers are still often run by more tech-savvy users who are better able to keep their systems free of infection.
So what do these numbers mean? For Joe Consumer, they mean that Microsoft is still very interested in selling you a copy of Windows 7 (or even a new computer) to replace your aging and oh-so-insecure copy of XP. It also emphasizes the extent to which Windows Vista and Windows 7 are similar under the hood – most of the security improvements in 7 are also present in Vista.
The numbers are slightly more meaningful for businesses, who often need to quantify things before they can do something as major operating system upgrade. IT guys can take these numbers to their higher-ups to demonstrate one of the benefits of upgrading to Windows 7 as opposed to staying with XP for another year.
All in all, though, there’s nothing here that should surprise anyone. More up-to-date products are more secure than older versions. Microsoft wants you to buy Windows 7. Windows Vista isn’t as bad as its reputation would have you believe. Business as usual, really.
The Security Intelligence Report, which covers the months of July through December of 2009, can be read here. It is compiled using data from over 500 million Windows computers and other Microsoft services such as Hotmail and Bing.