Report: Windows 7 almost five times more secure than XP

Infection rates for Windows 7 is about four to five times less than for Windows XP, according to Microsoft's latest Security Intelligence Report.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
2 min read

Windows 7 is four to five times less vulnerable to malware infections than is Windows XP.

Those are the findings of Microsoft's latest Security Intelligence Report (PDF), which detailed in depth the state of software vulnerabilities, exploits, security breaches, and malware in 2010.

Overall, the study found that infection rates for newer Microsoft operating systems with the latest service packs are consistently lower than those for older OSes, giving Windows 7 and Windows Server 2008 R2 the highest marks for security.


Looking at the number of reported infections per 1,000 computers, Microsoft found that Windows 7 64-bit had the lowest number at 2.5, while the 32-bit version had 3.8.

Windows XP with SP3 came in with 15.9 infections per 1,000, while XP with SP2 had the highest number at 19.3. Breaking down the numbers, Microsoft's stats mean that Windows 7 is around four to five times more secure than XP.

Windows Vista's infection rate was considerably lower than that for XP but still turned out to be double that for Windows 7.

Drilling down further, the 64-bit versions of Windows 7 and Windows Vista are less infection-prone than are their 32-bit counterparts, which Microsoft attributes to a couple of factors.

First, the 64-bit versions of both systems may appeal to more tech-savvy users, presumably ones that would better know how to secure their computers. But second, Windows 64-bit offers a feature called Kernel Patch Protection, which protects the Windows kernel from unauthorized changes.

Analyzing server-based operating systems, Windows Server 2003, which offers both 32-bit and 64-bit editions, had 5.8 infections per 1,000. Windows Server 2008 R2, which comes only in a 64-bit flavor, had 3.6 infections.

Security holes in applications versus those in operating systems or Web browsers accounted for most of the vulnerabilities last year, according to Microsoft. However, the total number of holes found in applications fell 22.2 percent from 2009. But exploits that take advantage of Java vulnerabilities rose dramatically in last year's third quarter, surpassing every other category, the report noted.