On the newly published Volume 8 of the Microsoft Security Intelligence Report (SIR), you will find a familiar observation on malware infection across Windows operating systems, based on the Microsoft Windows Malicious Software Removal Tool (MSRT), one of the datasets that contributed to the SIR.
What’s new is the first appearance of Windows 7 and Windows Server 2008 R2, both released in late 2009. Data shows that Windows 7 is less likely to be infected by malware compared to the earlier client OSes, and Server 2008 R2 less likely to be infected than older versions of server OSes. For example, the CCM for Server 2008 R2 was 1.8 (read as: out of 1,000 MSRT executions on Server 2008 R2, 1.8 machines were detected with infection of prevalent malware covered by the MSRT detection capability) vs. the CCM of 3.0 for Server 2008 SP2 and 3.6 for Server 2008 RTM.
There are other takeaways from this figure:
1. A newer OS with a higher service pack (which includes the fixed security vulnerabilities in security updates at the time of issue) in general is less likely to be infected.
2. A 64-bit OS (with security hardening like PatchGuard and Data Execution Prevention) is more resilient to malware than its 32-bit counterpart (one exception is Windows Server 2003 SP2 where CCM on X64 is higher than on X86, which was called out in the SIR as “a reflection of the increasing dominance of 64-bit computers in the general server population and the accompanying relegation of 32-bit server platforms to specialized situations”)
3. A server OS (usually in a more locked down environment) is safer than the client OS. This is a consistent observation since the inception of the SIR.
For more information, read on at http://www.microsoft.com/sir.