Saturday’s Microsoft Security Intelligence Report points out that malware has been decreasing of late. There are fewer reports of malware in the wild across the entire industry. Microsoft sees this as an indication that security methods are getting smarter, but there is still the issue of undisclosed vulnerabilities

The current report, more well-considered in comparison with previous ones released by Microsoft, says that the worldwide malware distribution trend is a continuing decline, and that Microsoft is itself contributing to that decline through massive reduction of windows-targeted malware, more than one third.

Redmond’s statistics are based on disclosures of vulnerabilities, which are often compared to statistics for the rest of the industry. Disclosures for non-Windows systems have been on the rise, due most likely to increased vigilance from Linux and Mac OS users and supporters. Things get a bit more hairy when you take into account the nigh immeasurable effect of the non-disclosed vulnerabilities.

The authors of the report on Saturday showed that the total number of reported vulnerabilities in all software, not just Microsoft, has decreased during the first half of 2008 by about 4% from the previous period, the second half of 2007. It is down 19% from the first half of 2007. The number of high severity reports has risen though, by about 5%.

"While a 19 percent general decrease in disclosures from a year ago is generally considered good news, it can't really be considered 'good' for the industry when more than 15 new software vulnerabilities, on average, continue to be disclosed each day," warns Microsoft’s report. "At these levels, the need for software risk management programs continues to be high."

Microsoft’s impact on the total of vulnerability reports is continuously decreasing, by the SIR data, from a portion of 10% of all cases during the second half of 2003 to fewer than 3% in the past six months.

Yet, some of these security issues may have had a wider impact on normal users than others. Even though the very serious DNS flaw patched last July had been known for years, the formal report of the flaw itself had most likely been counted as just another vulnerability among many in the first half of the year. This particular flaw’s impact was minimal though, as it has not been widely exploited to any degree before it was resolved thanks to joint efforts by several companies including Microsoft, as well as security researcher Daniel Kaminski.

An interesting find, one that has been ignored thus far, is that the emphasis has shifted from attacking applications rather than OSes themselves. Third party software is being attacked more and more, as Microsoft points out in the report. In the first half of the year 42.3% of browser-based exploit reports targeted Windows XP specifically, while the rest targeted third party software (such as Adobe Flash). Conversely, only 5.7% of reports on systems with Windows Vista targeted Vista itself.

This does not mean that less malware targets Vista, but rather that the fewer reports of such incidents point to the fact that attacks aren’t as successful.