Infection Rates for Windows XP after EoS

[Ink]

MMPC ~ Infection rates and end of support for Windows XP

The following chart shows the encounter rate in comparison to the infection rate by operating system and service pack. While Windows XP SP3 computers encountered almost as much malware as other platforms, computers running Windows XP as a whole experienced a much higher infection rate. For example, although Windows 8 computers may encounter a similar amount of malware as Windows XP, people who use Windows XP are six times more likely get infected.

Figure 1: Malware Infection and encounter rates for Windows operating systems during 2Q13
A few possible reasons for the higher infection rate on Windows XP are:

• Antimalware protection may not be active or up to date (more on this hypothesis in the last section).
• Older technology lacks the protective measures built into more recently introduced operating systems, and therefore is challenged to defend against some attacks.

Windows XP was built more than 12 years ago and was architected to include security technologies that were innovative at the time. For example, Windows XP SP2 was released in 2004 and introduced Data Execution Prevention. However, the threat landscape has changed quite a bit since then and technologies that were built a decade ago, like DEP, are now commonly bypassed.

 

[aztony]

Antimalware protection may not be active or up to date (more on this hypothesis in the last section). Older technology lacks the protective measures built into more recently introduced operating systems, and therefore is challenged to defend against some attacks.

The newer OSs are inherently better protected. The result is that lax/reckless/inexperienced users with a newer OS has better odds on their side than users of the same type with XP or older. But I believe savvy/security conscious XP users utilizing DEP, EMET, SRP rules, LUA, along with a properly layered defense, will be just as protected.