http://www.dennistechnologylabs.com/reports/s/a-m/microsoft/DTL_2014_Updates_MS.1.1a.pdf The test was sponsored by Microsoft.
There's an extraneous character in the above URL. Correct is hxxp://www.dennistechnologylabs.com/reports/s/a-m/microsoft/DTL_2014_Updates_MS.1.1a.pdf . Thanks for posting .
Interesting but not surprising. Common exploits make use of vulns that have been patched. Just by keeping your OS updated, you would have a decent level of protection (93% based on sample set according to the report). Unfortunately, this thread may not be getting much response as people would rather see tests comparing AVs.
Actually I was surprised. I expected a bigger difference with the Adobe and Java patches, which appear to offer little benefit.
I was surprised at this also. It would be interesting to see tests of other browsers than Internet Explorer.
Some data: Report: Half of all exploits target Java Java, Reader and Flash are most-exploited Windows programs H1 2014 Endpoint Exploitation Trends Note that there's a difference between exploits and zero-day exploits.
The thing this test doesn't account for is the recalled updates they have released for the last 3 months in a row. I guess my job moving forward will be to determine which is worse, the security threat of not updating or the BSODs of installing the updates.
Also Firmware updates. Many state sponsored exploits rely on the fact that people are 'afraid' of Firmware updates. I tend to keep Firmware up to date on all of my hardware, it does tend to help avoid some exploits/malware.