The latest Microsoft Security Intelligence Report reveals that PC users who lack up-to-date antivirus protection are 5.5 times more likely to get hit with a malware infection than those who correctly install and update such protection. Looked at from a different angle, though, the figures reveal a surprising conclusion: one in 500 PCs that do have up-to-date protection will get hit by malware regardless. It's a sobering thought.

Patch Tuesday Protection

Every month on Patch Tuesday, Microsoft releases patches for any new security vulnerabilities via Windows Update. For quite some time now, each Windows Update session has also launched the latest Microsoft Malicious Software Removal Tool (MSRT). The MSRT notifies Microsoft about any malware it removed, and about the security status of your computer—anonymously, of course, and only with your permission.

"Many computers are not protected by real-time antimalware software," notes the report, "either because no such software has been installed, because it has expired, or because it has been disabled intentionally by the user or secretly by malware." MSRT reports both on whether the PC has antivirus protection and whether the antivirus is active and up-to-date.

Microsoft uses a metric they call "computers cleaned per mille," or CCM. This is the average number of computers that required cleaning per 1,000 computers scanned. A score of 12 CCM would mean that 12 of every 1,000 computers scanned needed cleaning. So, if the sample set were a million PCs, 12,000 would be infected.

The report details infection rates over the last six months of 2012. Unprotected computers ranged between about 12 and 14 CCM over those months. Computers with up-to-date protection stayed close to two CCM, with a spike to four in October. As Microsoft notes, the average rate for unprotected computers is about 5.5 times that of protected computers. Of those tested, about 24 percent lacked protection or lacked up-to-date protection.

Antivirus Failures

That 2 CCM rate for protected computers mean that about one in every 500 protected computers got infected by malware despite having up-to-date antivirus software installed. Just how many would that be? Microsoft's 2012 Shareholder Letter refers to "1.3 billion Windows users around the world." Eliminating the 24 percent that don't have active, up-to-date protection takes the number a bit below one billion. To be conservative, we'll say almost half of those either don't have Windows Update enabled or didn't agree to let the MSRT share with Microsoft. That leaves a half-billion PCs for which MSRT reported both up-to-date antivirus and a malware infestation.

A 2 CCM infection rate on a half-billion PCs would mean that MSRT detected a million PCs that got infected by malware despite up-to-date antivirus protection. And of course, that only includes the ones that MSRT was able to detect. MSRT specifically aims to remove "prevalent malware families," and Microsoft's own track record in malware detection isn't the best, which suggests the actual figure could be higher. That's a lot of infected PCs!

Get the Latest

The report goes into great detail, slicing and dicing the recorded data along many different axes. For example, for most of the six-month period Pakistan and Georgia had higher infection rates than any other countries, but Korea spiked above them in October.

Surprisingly, the Windows version with the highest number of unprotected PCs was not Windows XP—it was the RTM edition of Windows 7. Windows 8 has Windows Defender antivirus protection built in and turned on by default. Even so, apparently eight percent of users turned it off. That's still by far the lowest rate of unprotected PCs for any Windows version.

Buried right in the middle of the document, after several other sections on other topics, there's a very revealing chart that shows the CCM rate for different versions of Windows. Topping the list is Windows XP, with 11.3 infections per 1,000 Windows XP systems. Windows Vista SP2, Windows 7 RTM, and Windows 7 SP1, both 32-bit and 64-bit versions, are all fairly close, centering on about 4 CCM.

Windows 8? Well, as noted it has the lowest number of unprotected computers, and also the lowest infection rate over all. Only 0.8 of 1,000 computers running 32-bit Windows 8 were infected, and 0.2 percent of those running 64-bit Windows 8. The lesson is clear. Don't just keep your existing Windows version updated; upgrade to the latest version, or the latest version your PC can handle.

Details Galore

The 100-page full report includes data from Microsoft on many other security topics. It breaks down disclosed vulnerabilities, exploits that take advantage of those vulnerabilities, and global malware trends, among other things. Reading through it is a tough slog, but there's a ton of useful information for security professionals.

For all users, not just security professionals, the report advises that, "using real-time security software from a reputable vendor and keeping it up to date are two of the most important steps individuals and organizations can take to reduce the risk they face from malware." And if you're worried that malware may have disabled your antivirus protection, it suggests a quick check with Microsoft Safety Scanner or Windows Defender Offline.

My own advice would be a bit different. If you suspect that your antivirus has let something slip past, I'd suggest trying one of the free, popular cleanup-only antivirus tools. Malwarebytes Anti-Malware is our Editors' Choice in this category; Comodo Cleaning Essentials is also good. And to avoid getting into that situation in the first place, keep your antivirus up-to-date and upgrade to the latest version of Windows your system can handle.

Further Reading

Security Reviews