Windows XP still less secure than Win 7 and Vista

The latest Microsoft Security Incident Report illustrates once again that Windows XP is significantly less secure.

Microsoft has released a new Security Incident Report--the eighth volume of Microsoft's quarterly overview of computer and network security trends. The report illustrates once again that security can be greatly improved by upgrading to the latest software, and through user education.

The Key Findings Summary points out some of the more relevant data discovered over the past three months. Here are some of the highlights:

• The 64-bit versions of Windows 7 and Windows Vista SP2 had lower infection rates than any other operating system configuration in 2H09, although the 32-bit versions both had infection rates that were less than half of Windows XP with its most up-to-date service pack, SP3.

• Domain-joined computers were much more likely to encounter worms than non-domain computers, primarily because of the way worms propagate. Worms typically spread most effectively via unsecured file shares and removable storage volumes, both of which are often plentiful in enterprise environments and less common in homes.

• In Windows XP, Microsoft vulnerabilities account for 55.3 percent of all attacks in the studied sample. (comparing targets of browser-based exploits)

• In Windows Vista and Windows 7, the proportion of Microsoft vulnerabilities is significantly smaller, accounting for just 24.6 percent of attacks in the studied sample. (comparing targets of browser-based exploits)

Vinny Gullotto, general manager of the Microsoft Malware Protection Center wrote in a post on The Official Microsoft Blog "The Internet holds great opportunity, but as cybercrime evolves it can be difficult to know how to stay protected."

Gullotto goes on to explain "As businesses continue a gradual migration toward cloud computing, bot herders in the malware community have adopted their own version of cloud computing--a "black cloud" built on global networks of compromised computers to install spyware, spread malware and spam around the world. Moreover, malware kits are developed, released, and updated just like legitimate products--complete with advanced features and minor releases to improve kit effectiveness."

I spoke with Graham Titterington, principal analyst at Ovum, about the Microsoft Security Incident Report, and he also pointed out the continuing trend of malware and other cyber attacks toward organized crime. Titterington told me that cyber criminals are very sophisticated, some even more so than legitimate businesses--complete with research and development teams, marketing, beta testing, and other tools to ensure the efficacy of the malicious code they develop.

Many look to legislators to craft new laws with harsher penalties to address the rise in cyber attacks and cyber crime. The problem with new laws is twofold. First, laws only hinder the activities of the law-abiding. Cyber criminals are already aware they are breaking the law, and obviously they don't care. So, creating new laws will not impede cyber attacks.

The other--perhaps even larger issue--is that the Internet is global, but laws are regional. Just because an attacker violates a law in the United States doesn't mean they have violated a law in Argentina. Tracking an attack to its true source, and engaging local authorities to cooperate in apprehending the perpetrators is like herding cats.

According to Titterington, the best that law enforcement can do to stop, or at least slow, cyber attacks is to follow the money. Disrupting the means for attackers to benefit monetarily from the attacks is arguably the quickest way to shut them down.

The latest Microsoft Security Incident Report also includes a new section with guidance from Microsoft on how to mitigate or protect against the threats described. The report says "Transform your security message from "no" to "how." Demonstrate to your organization how to be secure rather than telling them what they can or cannot do."

The advice from Microsoft includes tips such as using creative and engaging formats such as podcasts or contests, and focusing on "how-to" type formats. Microsoft also stresses the importance of basic user education--keeping users informed not to click on unknown or suspicious links, how to create and use strong passwords, not to share username or password information, and other common sense measures that need to be drilled on a regular basis.

The full Microsoft Security Incident Report v8 has 12 pages of information and links to additional resources to help IT administrators take specific action to protect their networks and computer systems from the threats discussed in the report.

Tony Bradley is co-author of Unified Communications for Dummies. He tweets as @Tony_BradleyPCW. You can follow him on his Facebook page, or contact him by email at tony_bradley@pcworld.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityMicrosoftwindows xp

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?