Microsoft: Cybercriminals Find Easy Pickings in Older Software

Newer versions of Microsoft’s operating systems and software products are better at fighting cybercrime than older versions, according to a new report put out by Microsoft researchers.

Windows 7 and Windows Vista with Service Pack 2 had the lowest infection rates of any Microsoft OS, found the “Microsoft Security Intelligence Report,” based on data gathered from 500 million computers worldwide and from business online services.

“We observed more supporting data showing that following security fundamentals and migrating away from older technology can successfully mitigate potential attacks,” Jerry Mischel, a spokesperson for the software giant, told TechNewsWorld.

Mitigating Computer Infections

Computer users with the latest products and up-to-date antivirus applications are better able to resist the efforts of cybercriminals, Mischel said, noting that most cyberattacks target older versions and are less likely to be effective against newer versions.

Infection rates in newer Microsoft OSes were less than half that of Windows XP with its most up-to-date service pack during the reporting period, July to December 2009, according to the biannual report.

The 64-bit versions of Windows 7 and Windows Vista SP2 had even lower infection rates than their 32-bit counterparts, the researchers reported, noting that the 64-bit versions provide additional protections.

Similar results were found with Internet browsers. Cybertattacks hit Internet Explorer 6 more than four times as frequently as on newer versions.

The majority of successful attacks against Microsoft’s Office software succeeded against applications that had not been updated for at least five years, according to the report. Most of the attacks hit Office 2003 users who had not updated the sofware.

“One of the key methods used by criminals to achieve their goals is discovering and exploiting unpatched vulnerabilities in software,” Mischel said. “By reducing the exploitable vulnerabilities in software, the industry can raise the bar on cybercriminals.”

Industry-Wide Effort Needed

The Microsoft Security Development Lifecyle initiative, which has been implemented for all Microsoft software created since 2004, appears to be working, said Donald Retallack, research vice president of systems management and security at Directions on Microsoft, an independent provider of analysis of Microsoft products.

“Newer versions of their operating systems have less vulnerability than older ones,” he told TechNewsWorld. “However, the newer breeds of malware are becoming more specific, targeting company servers, for example,” he said, adding that malicious software writers have become more professional, developing and selling malware kits.

There needs to be more of an effort to convince users that it is not sufficient to just have antivirus and antispyware software, since attacks are increasingly based on social engineering techniques, Retallack said. One example is scaring users into clicking on a malicious website after presenting them with a pop-up saying their computer is at risk.

“Convincing businesses to train employees in good antimalware practices will take time,” said Retallack.

Botnets are continually adding features, and the rapid expansion of cloud computing presents new challenges in the fight against cybercrime, he warned.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels