Microsoft said last week that a skew toward more exploits on Windows Vista can be attributed to the demise of support for the operating system’s first service pack.
Data from the company’s newest security intelligence report showed that in the second half of 2011, Vista Service Pack 1 (SP1) was 17% more likely to be infected by malware than Windows XP SP3, the final upgrade to the nearly-11-year-old operating system.
That’s counter to the usual trend, which holds that newer editions of Windows are more secure, and thus exploited at a lower rate, than older versions like XP. Some editions of Windows 7, for example, boast an infection rate half that of XP.
Tim Rains, the director of Microsoft’s Trustworthy Computing group, attributed the rise of successful attacks on Vista SP1 to the edition’s retirement from security support.
"This means that Windows Vista SP1-based systems no longer automatically receive security updates and helps explain why there [was] a sudden and sharp increase in the malware infection rate on that specific platform," said Rains in a blog post last week.
Microsoft stopped delivering patches for Vista SP1 in July 2011. For the bulk of the reporting period, then, Vista SP1 users did not receive fixes to flaws, including some that were later exploited by criminals.
Vista SP2 will continue to be patched until mid-April 2017.
Rains also noted that the infection rates of both Windows XP SP3 and Vista dropped dramatically last year after Microsoft automatically pushed a "backport" update which disabled AutoRun, a Windows feature that major worms, including Conficker and Stuxnet, abused to infect millions of machines.
Rains seemed to intimate that the AutoRun disabling had more impact on XP than on Vista, and by Microsoft’s data, he may have been on to something: While XP’s infection rate continued to drop throughout the year, Vista SP2’s climbed from the second quarter to the third, and again from the third to the fourth.
Windows 7’s infection rate also increased each quarter of 2011.
Andrew Storms, director of security operations at nCircle Security, had a different theory for XP’s infection rate decline and the rise of Vista’s and Windows 7’s.
"As Microsoft’s intelligence gets better in [the Malicious Software Removal Tool] and fewer attackers focus on the older OS, then fewer infections should be found on the older OS," said Storms, talking about Windows XP.
Most of Microsoft’s infection rate data is derived from the Malicious Software Removal Tool (MSRT), a free utility it distributes to all Windows users each month that detects, then deletes selected malware families.
And the rise of infection rates in Vista and Windows 7?
"It would be expected that all the SKUs should go up slightly over time simply because new vulnerabilities are found, more attacks always happening, and so on," Storms added.
Rains urged XP and Vista users to upgrade to the supported service packs — SP3 for XP, SP2 for Vista — to continue to receive patches.
The 126-page Security Intelligence Report that Rains referenced can be found on Microsoft’s website (download PDF)
Windows XP’s infection rate fell each quarter last year, but bucking a long-time trend, the newer Vista’s rate climbed. (Image: Microsoft.)