Windows XP Has 10-Times The Infection Rate Of Windows 7

Martin Brinkmann
Nov 11, 2011
Updated • Dec 17, 2014
Antivirus, Security

The Security Intelligence Report is a biannual report by Microsoft that analyzes past and present security trends. It focuses on "software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches".

The latest report published yesterday focuses on the first and second quarter of 2011 and compares the findings with data from previous years.

How does malware propagate? According to Microsoft's report (gathered from Microsoft's Security Removal Tool) almost 45% requires user interaction, e.g. executing a file. Another 43% uses AutoRun capabilities via USB or a network to infect a system. The remaining 12% list file infections, exploits where updates are available and password brute force attacks.

It is interesting to note that disabling autorun would eliminate nearly 50% of all malware threats. Exploits, which get lots of coverage on the Internet attribute to only 6% of detections.

A look at the different types of exploits reveal that exploits targeting Java were responsible for up to one-half of all exploits in a given quarter. Operating system exploits have passed HTML and Script exploits in the second quarter which can be solely attributed to a vulnerability in Windows Shell which was for instance exploited by the Stuxnet family.

When it comes to document exploits it is Adobe Reader and Acrobat who have accounted for most of the exploits in the first half of 2011.

Operating system infection rates paint an interesting picture. Nearly ten times as many Windows XP SP3 systems get infected as Windows 7 SP1 64-bit systems. Windows 7 Service Pack 1 32-bit systems have a ratio of 1:6 compared to Windows XP's infection rate.

operating system infection rates

Even Windows Vista with its latest service pack installed reports only half of the infection rate that Windows XP reports.

A look at the different threat families and categories sees Adware at the top followed by misc potentially unwanted software, misc trojans and a second smaller group lead by Worms, Trojan downloaders, virus, password stealers and backdoors.

threat families

Email spam decreased dramatically in the past twelve months according to the Microsoft report. From 89 billion messages in July 2010 to 25 billion in June 2010. Microsoft attributes this to the takedown of two major botnets in August 2010 and March 2011.

Global Infection Rates by country

  • United States:
  • Brazil: Most trojan downloaders and droppers, most exploits, most password stealers and monitoring tools.
  • France: Most Adware
  • United Kingdom
  • China: Most backdoors and spyware
  • Germany
  • Russia: Most misc potentially unwanted software
  • Italy
  • Canada
  • Turkey: Most misc trojans, Worms and Viruses

global threats

Interested users can download the latest report and previous reports from Microsoft's Security Intelligence Report website.

Windows XP Has 10-Times The Infection Rate Of Windows 7
Article Name
Windows XP Has 10-Times The Infection Rate Of Windows 7
Microsoft's Security Intelligence Report for the first half of 2011 offers information about malware trends and affected operating systems.

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Brett said on July 27, 2012 at 5:52 pm

    Why do you compare Win7 64 bit to XP SP3, what is that 32 bit? Isn’t that like comparing apples to oranges? I have my doubts as to that rate difference. I repair PCs and see people subverting their own security all the time regardless of what version of windows. I’d say it’s probably more like 2 or maybe 3 to 1. If you’re security aware and vigilant and on XP, you’re 20 times safer than someone who’s not security aware and vigilant on Windows 7.

  2. Jean-Marie said on November 30, 2011 at 5:53 pm

    Hello there!
    Your article is funny, because apparently in a few months Windows 7 vulnerabilities have increased compared to the other relevant search result for “average time to infection”.

    Still, we’ve come a long way…

    1. Martin Brinkmann said on November 30, 2011 at 6:03 pm

      I do not think I’d call it funny. The drop in infection rate has probably something to do with a botnet that’s been taken down or better virus protection that protects XP computers from widespread malware.

  3. Rann Xerox said on November 26, 2011 at 9:27 pm

    When I setup family member’s PCs that still need to run XP (due to hardware or now wanting to spend money on an upgrade) I will install XP but setup more then one account, one that is Admin, the other as a users. I tell them to only use the Admin account when they install software and use the User account as their own.

    Of course I also set the OS to update as well as third party apps. The problem with apps like Java and Adobe is if you set them to update, they will sometimes bundle crap with their updates. A better solution is to find a non-Adobe PDF reader and install Chrome which has its own built-in Flash player that updates with the browser.

  4. what the said on November 15, 2011 at 2:28 pm

    just disable auto run:
    run regedit …then
    enter 0 into the autorun line.

    done. I disable autorun on all the pcs still running xp @ work
    yeah xp is damn old, but it still works

  5. TRY said on November 13, 2011 at 10:06 pm

    Nah with right set of tools and knowledge, you can keep XP clean for years to come.The option of upgrading to a new OS should be left to the user, I will advise people to upgrade only when the updates are brought to complete halt.

  6. Robert Palmar said on November 11, 2011 at 10:18 pm

    Windows 7 and XP are not deployed in the same ratios in similar environments.
    Windows XP is still heavily used in enterprise settings on older hardware
    with greater exposure to USB and network infections than Windows 7.

  7. Jojo said on November 11, 2011 at 10:01 pm

    XP has been out a lot longer than Win7 and I think there are still more XP users than Win7 users at this time. So the numbers sound like they may be exaggerated by MS in order to spur some FUD and get a bump in holiday sales.

    1. Martin Brinkmann said on November 11, 2011 at 10:02 pm

      The infection rate is per thousand. XP at 10.9, Windows 7 64-bit at 1.1

  8. Robert Palmar said on November 11, 2011 at 8:15 pm

    I do have a Window 7 Ultimate system and do recommend it.
    And I have kept two XP systems which I still use for some things.

  9. Midnight said on November 11, 2011 at 7:52 pm

    XP is only as secure as the users make it, as Micorsoft, sort of gave up on it, to focus on other ventures.

    I agree that Microsoft, being partly a Marketing company, tends to stretch the truth often enough, in order to get it users to upgrade to their latest warez, in order to increase their profits!

    Keep in mind, Robert, that XP is Old technology, while Win7 is more current and has some Major improvements added to it.

    It’s kinda like driving a 90’s car, compared to a 2012 model!
    The performance, improvements, features, etc., can’t be compared!

  10. Robert Palmar said on November 11, 2011 at 7:44 pm

    At face value the infection rate variances are highly exaggerated.
    Microsoft has an agenda here which includes scaring users.
    To sophisticated computer users I have found from my
    own systems track record XP SP3 quite secure.

    For the everyday user Windows 7 out of the box is more
    secure than XP but not by the laughable multiple of ten.

    1. Martin Brinkmann said on November 11, 2011 at 8:21 pm

      Ten times the infection rate does not mean it is ten times more secure. All it takes is a few vulnerabilities that affect XP but not Windows 7.

      1. Robert Palmar said on November 11, 2011 at 8:31 pm

        I know but the average audience will think that is
        implied by the way Microsoft worded the results.

  11. Midnight said on November 11, 2011 at 5:52 pm

    While Microsoft tends to exaggerate a tad, in order to influence users to ditch Windows XP for 7, to include Not making IE9 available for XP users, I have also read about the increase in Security flaws between the two O/Ss!!
    Considering that XP is over 10 years old, times have changed and so has software!
    As Marvin indicated, it’s a very good reason to upgrade to Win7, which I did over 2 years ago.

    Microsoft went a bit overboard with Security features in Windows 7, but many of those features can be disabled, to include Windows Defender and it’s totally useless Firewall!

    Once people upgrade to Win7, they will notice many major improvements, not only Security wise, the the O/S, itself will make you wonder why Microsoft didn’t think of those improvements, sooner!

  12. Marvin said on November 11, 2011 at 3:27 pm

    These treats is one good treat to upgrade to Windows 7. That is one of my many reason of upgrading :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.