Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Operating system security vulnerabilities

Operating system security vulnerabilities

  • Comments 3

A few weeks ago, Microsoft released its 2008 Security and Intelligence Report.  In it, they detail a number of interesting trends.  One is how much the Malicious Software Removal Tool removes per operating system infection.

image

The infection rate for Windows Vista is significantly lower than that of its predecessor,
Windows XP, in all configurations. Specifically:

  • Comparing the latest service packs for each version, the infection rate of
    Windows Vista SP1 is 48.8 percent less than that of Windows XP SP3.

  • Comparing the n-1 service packs for each version, the infection rate of the release
    to manufacturing (RTM) version of Windows Vista is 56.2 percent less than that
    of Windows XP SP2.

  • Comparing the RTM versions of these operating systems, the infection rate of the
    RTM version of Windows Vista is 85.4 percent less than that of the RTM version
    of Windows XP.

The higher the service pack level, the lower the rate of infection. This trend can be
observed consistently across client and server operating systems. There are two reasons
for this:

  • Service packs include fixes for all security vulnerabilities fixed in security updates
    at the time of issue. They can also include additional security features, mitigations,
    or changes to default settings to protect users.

  • Users who install service packs generally maintain their computers better than
    users who do not install service packs and therefore may also be more cautious in
    the way they browse the Internet, open attachments, and engage in other activities
    that can open computers to attack.

Dare I say that if users upgrade their operating systems, we'd see fewer botnets?  Maybe, maybe not.  But it seems to make sense.

Leave a Comment
  • Please add 5 and 6 and type the answer here:
  • Post
Page 1 of 1 (3 items)