Microsoft has published its sixteenth 6th Security Intelligence Report covering the period July through December 2013. The bi-annual report shows that there has been a general increase in security problems across the technology industry, with the number of vulnerabilities jumping by 12.6 percent compared to the same period last year.
This can be attributed at least in part to an increase in transparency, meaning that more application vulnerabilities are now being reported — it is difficult to guage what the increase is in real terms (or even if there has been one). Things start to get interesting when looking at “exploits”, which Microsoft defines as “malicious code that takes advantage of software vulnerabilities to infect, disrupt, or take control of a computer without the user’s consent and typically without their knowledge”.
Java, HTML, Javascript, and Flash exploits have all decreased from Q3 to Q4 — although in the case of Flash this actually represents an increase from the start of the year. The report points out that a computer selected at random would stand “about a 1 percent chance of encountering a Java exploit attempt in 4Q13”.
Malware appears to be on the increase. In the third quarter of 2013, an average of 0.58 percent of Windows were infected with malware, but by Q4 this increased threefold to 1.7 percent. The increase is being partly attributed to the prevalence of the Rotbrow malware, and Microsoft expects infection rates to drop again in 2014.
Every version of Windows saw a marked increase in infection rates between Q3 and Q4. XP from 9.5 to 24.2 percent, Vista from 5.3 to 32.3 percent, Windows 7 from 4.9 to 25.9 percent, Windows 8 from 2.1 to 17.3 percent, and Windows 8.1 made its first appearance with 0.8 percent.