Malware virus

Microsoft won't turn on Windows Defender for unprotected PCs

Microsoft representatives said Wednesday that the company will not turn on Windows Defender for unprotected PCs, contrary to what executives said earlier in the week.

Holly Stewart, the senior program manager from the Microsoft Malware Protection Center, misspoke, according to representatives, when she said that Microsoft would turn on Windows Defender if a user’s anti-malware subscription lapsed.

“During an interview when discussing the results of the Microsoft Security Intelligence Report, Microsoft misspoke in response to a question, which resulted in an inaccuracy in the resulting article,” a Microsoft representative said in a statement Wednesday.

However, Windows Defender will be turned on, automatically, if there is no other anti-malware on the system the first time the PC is activated, Microsoft said. If a third-party anti-malware system is activated, Windows Defender will automatically turn off in favor of the third-party solution, Microsoft said. Two other technologies, Smart Screen and App Rep, also are present to help determine if a file or app should be considered as potential malware, based on a reputation system Microsoft developed.

Microsoft security officials spoke on the eve of its latest Security Intelligence Report, (direct download link) which was released Tuesday. As it has been for the past few months, Microsoft’s goal is to move as many of its customers off of the older Windows XP operating system onto something more modern and protected—Windows 8.1, if at all possible.

The idea is to minimize security risks to the PC community at large by essentially shutting down the unintentional security holes discovered within Windows XP. Microsoft will discontinue support for Windows XP in April 2014, allowing those holes to exist, unpatched, forever.

Infection Rate Windows XPMicrosoft
The blue dotted line represents the number of malware “infections” that occurred after Microsoft stopped supporting Windows XP Service Pack 2.

But if the goal is to minimize security risks, then it makes sense for Microsoft to close any holes left open by an unprotected operating system. In some cases, Microsoft executives said, consumers who try out a firewall or anti-malware package aren’t aware of when the trial period expires, so that the PC slips from a protected to an unprotected state. In the case of Check Point Software’s Zone Alarm program, for example, the software simply stopped working after users upgraded to Windows 8.1.

Microsoft’s first priority, however, is to maintain the relationship that a user has struck with the third-party anti-malware provider, said Holly Stewart, the senior program manager from the Microsoft Malware Protection Center. “We have to work collaboratvely across the industry,” she said.

”As a customer goes into an unprotected state, we want those antivirus vendors to be installed as the first upgrade source,” Stewart said. If the license has expired, the first thing Microsoft asks them to do is to go upgrade, she said.

Windows infection versus encounter rateMicrosoft
Infection rates versus encounter rates for various Microsoft operating systems

The active protection within Windows 8 and 8.1 are monitored by the Action Center, which notifies users if their antivirus definitions are out of date, for example, or if no anti-malware solution is present. Instead of automatically loading Windows Defender, Microsoft will simply issue reminders that third-party anti-malware is not present or expired, and will offer to load Windows Defender instead. The goal is not to nag the user, Stewart said, but at the same time to notify them that they’re not protected, and to move them back into a protected state with a minimum of fuss.

Microsoft also presented new data as additional justification for moving away from Windows XP. The data, compiled from more than a billion PCs, whose users have allowed Microsoft to use their data to improve Windows, was added to 400 million Outlook.com accounts and billions of Web page scanned by Bing.

The data showed that Windows XP makes up 22 percent of the worldwide user base; in some regions, such as Africa, the penetration can be as high as 32 percent, according to StatCounter. With an operating system more than a decade old, features that were advanced at the time of Windows XP’s release, such as Data Execution Prevention technology, have been bypassed by malware writers.

Stewart said that the the number of pieces of malware that a Windows XP or Windows 7 or Windows 8 machine encounters is relatively constant, indicative of the habits of Internet users at large. But the number of computers that Microsoft reported as infected was far higher for those running Windows XP than for the other operating systems, Microsoft found.

Subscribe to the Security Watch Newsletter

Comments