Win 7's Malware Infection Rate Climbs, XP's Falls

BogenDorpher writes "Microsoft released data today showcasing that Windows 7's malware infection rate has climbed by more than 30% during the second half of 2010, while the infection rate for Windows XP has dropped by more than 20%."

And this is a surprise?

[black6host]

What would one expect as usage of XP decreases and Win7 increases?

Re:And this is a surprise?

[Khoa]

What would one expect as usage of XP decreases and Win7 increases?

The changing usage rate between the two OS's is controlled for. FTFA: It's infection rate per 1000 machines.

Sensationalist article much?

[ferongr]

TFA: As ComputerWorld reports, during the second half of 2010, the data shows that 32bit Windows 7 computers were infected at an average rate of 4 PCs per 1,000, compared to 3 PCs per 1,000 that took place during the first half of 2010.

A difference of 1 thousandth is beyond statistical significance. How did this entry even get to the frontpage? It boggles the mind.

Re:RTFA

[snowraver1]

I have a HARD time believing that only 14 in 1000 windows XP machines are infected.

Re:And this is a surprise?

[John Hasler]

The changing usage rate will also drive malware authors to concentrate on Win7.

So newer is NOT better?

[metalmaster]

The article doesnt cover this, but im inclined to believe that malware authors have an easier time and higher infection rates when they target 3rd party software packages. As far as i know, the biggest thing to change from XP to Win7, from the user standpoint, is the more in your face security model. That makes the malware authors jump through extra hoops if they wanna get their code executed silently. However, attack a bug in a PDF reader or browser and things can be made to look like business as usual

Re:And this is a surprise?

[TheCouchPotatoFamine]

This is nonsensical. But to extend your analogy, it's as if microsoft's vehicle has no brakes. nothing to stop the user from smashing into anything after they've touched the gas. You act like it's just perfectly normal that drive-by downloads from IE aren't avoidable by a bit of proper engineering from the "car maker".

While it's possible for user to be misguided, the majority of errors come from the computer being complicit in allowing bad actions to happen merely so that a fringe of "convenience" can let users operate without having to remember their passwords, for instance.

Marketing wins over engineering, and THAT'S why you have crap OS's and apps that have exploits attached, like burrs. Walled gardens from single corporations aside, communities SHOULD run app-repositories of trusted code and that's obvious. Bad engineering, both technical and social...

Re:And this is a surprise?

[smash]

There's no reason codecs (or ANY SOFTWARE) installed on linux or any other OS can't own the user's data or operating system either.

There are three ways people get owned: remote exploits (count the number on 7 vs linux in the past 2 years - they're not so far apart), application exploits (again, count em) and user stupidity (no solution, other than sandboxing the user to contain the damage).

Even with a sandboxed app, it still has access to all of the data you have in the sandbox. If you've downloaded and installed a "virus scanner" and enabled it to access your entire filesystem, you're fucked.

Re:And this is a surprise?

[smash]

Yes, sure. However my point is that both machines were specifically targeted (i.e., here's a mac, here's a windows box, try and own them both - at a hacking convention). In the real world, the market share of OS X is not worth bothering with, when you can get 85-90% of desktops by targeting windows. The effort expended is not worth the potential return.

Thus, although in theory, on the test bench windows is more secure - in reality, there are a lot more Windows boxes getting owned, simply because the volume of expoits out there being developed, and the prevelance of them on the internet is much greater.

Look, i'm not disagreeing with the results you presented. I'm merely suggesting that in the real world you're a lot less likely to stumble across a trojan/exploit for your OS X box, because Windows is the focus of so much more exploit development.

Ditto for those still running, say Windows 98 or OS/2. No one codes exploits for it any more because its market share is so close to zero - yet its architectures is FAR less secure than Windows XP or 7.

Re:And this is a surprise?

[somersault]

Security through obscurity is nothing more than an illusion.

I always find this funny. Passwords, PINs, encryption/decryption keys, hardware tokens etc are all just forms of security through obscurity, too.. they just are a bit more obscure than running an an obscure OS when you use combinations of them, or pick a really good random password, etc.