The analysis of trojans, viruses, rootkits, spyware, and other nasty malware has been a subject of interest to many types of computer organizations over the years, and Microsoft is no exception. The Redmond-based software giant just released its third volume of the Microsoft Security Intelligence Report (SIR), covering the period between January and June of 2007. The report, available in both Microsoft's XPS and Adobe's PDF format, looks at the types of malware released during that period and also tracks the effectiveness of Microsoft's own Malicious Software Removal Tool (MSRT), which is currently bundled as part of products like Windows Defender and Windows Live OneCare. Microsoft claims that data from the MSRT shows that infection rates are "significantly lower" among Windows Vista and Windows XP SP2 systems compared to older Windows operating systems.
The Microsoft report states that nearly 3,500 software vulnerabilities were discovered in operating systems and third-party softwareduring the first half of 2007, with the majority being medium- and high-risk in severity. This is up slightly from the second half of 2006 and up significantly from 2003, when the figure was closer to 500. Microsoft noted that a decreasing percentage of these vulnerabilitiesapply tooperating systems, with third-party applications showing a multiyear trend of having a higher percentage of the total. The report says that it "may be inferred that applications are becoming a more attractive target to security researchers, relative to operating systems."
Microsoft noted that the percentage of vulnerabilities in its own products that have actual exploit code available dropped from 29.3 percent in 2006 to 20.9 percent in 2007. In addition, the report suggests that newer versions of Microsoft products have "a distinct decrease" in the number of exploitable vulnerabilities. Windows XP and Office XP ranked equally in terms of the number of vulnerabilities discovered between 2006 and 2007, while Server 2003, Vista, Office 2003, and Office 2007 showed significantly fewer vulnerabilities. While the report doesn't say so, the change is almost certainly due to the dramatic shift in company policy towards security issues that happened all over the Microsoft campus around the Windows XP SP2 timeframe.
Data from the MSRT was also used to promote the idea that more recent Microsoft products are safer than older versions. For the first half of 2007, Windows XP (without service packs) had the highest percentage of systems cleaned, at 32.9 percent, with Windows XP SP1 trailing slightly behind at 20.9 percent of systems. Windows XP SP2 systems comprised 7 percent of the total, while Windows Vista machines were the smallest percentage at 2.8 percent. These numbers were normalized (divided by the percentage of machines running that particular OS) to account for the fact that there are many more XP computers in the wild than Vista machines, so the statistics do suggest that Microsoft's operating systems are becoming less vulnerable to infection over time.
The MSRT also removed significantly more malware in 2007 than in previous periods: one out of every 217 computers was cleaned this yearcompared to one in 409 back in 2006. Microsoft explains this increase by citing improvements in the MSRT's detection capabilities. The average number of infections per computer has stayed remarkably constant since MSRT's inception, at about 2.2 infections per machine.