Microsoft has released the latest version of the semi-annual Security Intelligence Report (SIR). Microsoft gathers data from millions of Windows computers and high-traffic Internet sites to compile a detailed analysis of the current threat landscape and highlight attack trends. The Microsoft SIR contains some valuable insight, particularly given the recent release of Windows 7.
Looking at the highlights of the Security Intelligence Report, a lot of the information is interesting and may help you win a game of Trivial Pursuit for geeks, but doesn't provide much beyond the trivia factor for most people. For example, knowing which countries were targeted most by worms or Trojans doesn't really help you much unless you're planning on traveling to one of those countries and may want to increase your security controls accordingly.
Other statistics provide more useful information. The fact that 71.2 percent of the attacks against Microsoft Office targeted a single vulnerability for which a patch had existed for three years strongly supports implementing patch management policies that assess and implement updates in a timely manner.
The most actionable information in this Security Intelligence Report though is related to which operating systems are compromised the most. Comparing the most up to date versions of Windows XP and Windows Vista, Windows XP SP3 was compromised 61.75 percent more often than Windows Vista SP1 (75 percent more if you compare Windows XP Sp3 with the 64-bit version of Windows Vista Sp1).
These results don't yet include metrics from Windows 7, but because Windows 7 has the security of Windows Vista and then some it seems safe to assume that Windows 7 will fare at least well, if not better, compared with Windows XP.
It may seem like perhaps Windows XP is compromised more because it has a higher market share--similar to why Windows in general is targeted more often than Linux or Mac OS X. But, the Security Intelligence Report measures the rate of compromise relative to the number of systems, so the stat is an apples to apples assuming a similar number of systems.
By most accounts the release of Windows 7 is going well thus far and it seems like Microsoft may have succeeded in overcoming the ghost of Windows Vista past. There are still those diehard Windows XP users that aren't yet willing to forgive or forget and are reluctant to make the switch until Windows 7 has been around and proven itself. They are comfortable with Windows XP and they say 'if it isn't broke, why fix it?'
Well, what the Security Intelligence Report reveals is that Windows XP is, in fact, broken. Users may be comfortable with the tried and true operating system, but it lacks the security features of Windows Vista and Windows 7, and it has been around long enough that attackers and malware developers are pretty comfortable with it as well.
If you are sitting on the sidelines trying to decide whether or not its time to let Windows XP go and move on to Windows 7, the information in this Security Intelligence Report should be the push you need to convince you. To protect your PC, and protect the rest of us on the Internet from your compromised PC, go ahead and switch to Windows 7.
Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com .