The last quarter of 2013 saw a dramatic rise in malware infections of computers running supported versions of Microsoft Windows, a report has revealed.
The increase was mainly due to the Rotbrow family of malware made up of Trojans that install browser add-ons. These claim to protect you from other add-ons, according to the latest version of the Microsoft Security Intelligence Report (SIR).
The number of infected machines is expected to return to more typical levels in 2014, the report said.
Typically older versions of operating systems show a higher infection rate, but Windows Vista topped the infection charts in the last three months of 2013.
Even Windows 7 recorded a higher infection rate than the 13-year-old Windows XP operating system, which was the oldest in the sample and for which Microsoft has since discontinued support.
According to the SIR version 16, Windows XP SP3 computers had an infection rate of just 2.42% in the last quarter of 2013, compared with 3.24% for Windows Vista SP2 and 2.59% for Windows 7 SP1.
Windows 8 had a 1.73% infection rate and Windows 8.1 just 0.08%, according to figures normalised to account for the different number of computers running each version of the operating system.
However, these figures do not necessarily mean that Windows 7 is a less safe environment than Windows XP, according to independent security consultant Graham Cluley.
If configured correctly, he said, Windows 7 can provide better security than Windows XP because users can take full advantage of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), a utility that can block malware successfully exploiting zero-day vulnerabilities.
Although EMET can be run on run on Windows XP Service Pack 3, users of that platform do not have access to all of its protection features, Cluley wrote in a blog post.
He also points out that the statistics in Microsoft’s report cover a period when Windows XP was still receiving security updates from Microsoft.
“Going forward we can expect XP computers to become more and more riddled with malware as security holes are left unpatched,” said Cluley.
He also points out this decline will not be reflected in future Microsoft SIRs because the company collects statistics only on supported versions of Windows.
According to a newly published security report by the Information Commissioner’s Office (ICO), failure to update the security of software is the most common reason companies fail to keep personal data safe.
The report highlights seven other common reasons organisations have failed to keep personal data secure that have been drawn from the ICO’s investigations into data breaches.
“In just the past couple of months we have already seen widespread concern over the expiry of support for Microsoft XP and the uncovering of the security flaw known as Heartbleed,” said Simon Rice, the ICO’s group manager for technology.
“While these security issues may seem complex, it is important that organisations of all sizes have a basic understanding of these types of threats and know what action they need to take to make sure their computer systems are keeping customers’ information secure,” he said.
Rice said ICO investigations have shown that while some organisations are taking IT security seriously, too many are failing at the basics.
Read more about Microsoft Security Intelligence Reports
- Europe tops Microsoft cyber security policy report
- Conficker still a threat to business, finds Security Intelligence Report
- Assessing the value of cloud security threat intelligence services
- Top cyber threats underline need for security awareness
- Microsoft Security Intelligence Report warns business of social network phishing attacks