According to the latest Security Intelligence Report (SIR) from Microsoft, Windows XP, which has lately been the focus of security concerns following the cessation of support for the OS, is actually more secure than some newer versions of Redmond's desktop operating system.
The SIR analyses the whole threat landscape of exploits and malware taking data from some 600 million computers across the globe, drawn from the second half of last year (when admittedly Windows XP was still supported by Microsoft).
And the most vulnerable operating system? In Q4 of 2013, that was Windows Vista (SP2) which hit an infection rate of 32.4 per thousand computers (or 3.24 per cent). Windows 7 (SP1) was in second place on 25.9, and Windows XP was actually behind Windows 7, on 24.2. Windows 8 proved much more secure on a figure of 17.3 (with Windows 8.1 on 0.8).
Microsoft stated that broadly speaking, the most recent OS versions are more secure, but in this case, this typical pattern (which was seen in Q3) was broken in Q4 due to "elevated infection rates caused by Rotbrow".
Rotbrow, which is a malicious program that purports to protect the user from browser add-ons, but in reality actually installs more of the things, caused overall infection rates to rise massively in the fourth quarter. Microsoft expects infection rates to return to norms in 2014, though.
Infection rates were far lower on servers, of course, with the most vulnerable OS there being Windows Server 2008 (SP2) on 3.9 infections per thousand in Q4. Windows Server 2012 was the most secure on a figure of 0.9.
The SIR also revealed that the most common threat was still the "miscellaneous Trojan" followed closely by Trojan downloaders and droppers, which both hovered around 10 per cent in Q4, the former just above, and the later a smidge below. Worms were the third most encountered threat on 4.9 per cent.
Microsoft also offered advice on how to dodge threats, but nothing beyond the usual patter – use the latest version of Windows, IE and Office, install security updates the minute they're available, and use the Enhanced Mitigation Experience Toolkit (EMET) to help defend your machine.