Apr 292013

According to Microsoft’s latest security intelligence report, less than 1 in a thousand Windows 8 PCs were infected by malware in Q4 2012. The actual infection rates contrast sharply with the far higher rates of Windows 7 in the same period as shown below:

32-bit Windows 7 SP1 – 4.8 per 1000.
32-bit Windows 8 – 0.8 per 1000.

64-bit Windows 7 SP1 – 3.3 per 1000.
64-bit Windows 8 – 0.2 per 1000.

The scale of the difference would appear to be proof that W8 is vastly superior in terms of security and, at first glance, this seems quite alarming if you run an earlier version of Windows! According to these figures, W7 PCs are on average between 6 and 16 times more likely to be infected than W8. The infection rates for all supported versions of Windows are shown below:


Malware infection rates Q4 2012

Is W8 Really Up To 16 Times Safer? W8 does indeed have some further security improvements but nowhere near enough to account for such large differences in infection rates.

In our view they are due to several factors:

1. Windows Defender – W8 includes Defender antivirus software so it provides some malware protection right out of the box. Even though our recent review rated Defender worst for protection (out of 25 antivirus products tested) it is still much better than nothing and is easy to use – it requires no installation or setup to work.

Microsoft’s report noted that PCs which did not have up-to-date antivirus protection were 5.5 times more likely to report malware infections than PCs that did have some protection.

2. Other Software – Security holes in other software on a computer are now more likely to be the cause of malware infection, not Windows itself. In Kaspersky’s malware report last year the top 10 vulnerabilities to malware did not contain any entries from Microsoft. The software most targeted by viruses included Adobe Flash Player, Java and Adobe Reader – Java vulnerabilities were exploited in more than 50% of all attacks and 5 out of the top 10 vulnerabilities were in Adobe products.

However, many people don’t bother updating these programs and may even stick with whatever was on their PC when they bought it – so the older the PC, the more out of date and insecure it will have become, risking more virus infections.

One major advantage of a new W8 PC is therefore not W8 per se, but the fact that the other software is likely to be far more up to date, and therefore less of a security risk, than on an older PC.

3. The Way Microsoft Calculated The Figures – The infection rates were tabulated from scans conducted by the Malicious Software Removal Tool (MSRT) – this is a “free utility updated monthly and pushed to Windows users via Microsoft’s update services.”

Using MSRT to calculate infection rates is not a good way to provide accurate statistics because it is only a once a month check. You may have had 50 viruses during the month but, as long as you removed them all in the weeks before the next MSRT check, it would conclude that you had no infections at all and those infections would go unrecorded…

Also, because many viruses block or redirect internet access, you would often have had to remove the viruses completely before you could download the next monthly version of MSRT. We would therefore take the reported infection rates with a very large bucketful of salt but they are still useful in showing trends and variances between different operating systems.


Microsoft’s statistics on virus infection rates reveal interesting trends but are fundamentally flawed in terms of accurate infection rates. Although the overall trends may be correct, we would not expect to find huge differences between fully patched W7 and W8 PCs if they both had all the other software up to date and both had good antivirus protection.

Many PC users could certainly lower their virus infection rates dramatically by updating the other software on them (which is really nothing to do with the version of Windows installed).

For advice on security and updating other software, see articles in our Security category.

 Leave a Reply


(required but will NOT be published)