Analyzing data to find the root cause of infections has been a long-standing focus of the MMPC. One area we’ve been investigating is the correlation between endpoint protection and infection rates. Back in version 14 of the Security Intelligence Report (SIRv14), we first published data on infection rates for PCs protected with fully up-to-date antimalware software in comparison to those that either had no antimalware software or software that was not on or fully current. We discovered that PCs are 5.5 times more likely to be infected if they aren’t protected with a fully up-to-date antimalware product.
This data drove the MMPC to a new tenet – get everyone protected – and led to some changes in Windows 8 to help ensure that as many people as possible are running real-time, up-to-date, antimalware software. Alas, we know that customers, even on Windows 8, are in an unprotected state, leaving their computers prone to infection. So, over the past six months we’ve been digging deeper in the data to learn more about unprotected PCs. We published our findings in version 17 of the Security Intelligence Report released today (SIRv17).
Here’s what we found. On Windows 8, it appears that the number one reason why people are unprotected is because their antimalware has gone into an expired state. Stated another way, more than one half of all unprotected Windows 8 PCs are in an unprotected state because they are running expired security software. An expired state happens when a trial version of an antimalware product has reached the end of the trial. The product may continue to inform you that you need to pay for the software to continue receiving updates, but it stops downloading updates that protect your PC. This often happens when you buy a PC from an online or local store and that PC is preloaded with lots of software.
People may believe that an antimalware product is still protecting them even if it hasn’t downloaded updates in a while. The data says otherwise. When we compared the infection rates on PCs with expired antimalware, we found that infection rates were nearly the same as PCs with no protection. The following chart shows the infection rate of PCs with expired antimalware products and other unprotected states, in comparison to a protected PC.
A PC with expired antimalware protection was nearly four times more likely to be infected with malware in comparison to a fully protected PC.
So we have more work ahead of us. First, we’ve been working with security software vendors in our MVI program to help them understand their impact on people that are left in an expired state. Since March, we have been providing monthly reports that show their percentage of unprotected customers, their infection rates and other information to help them keep their customers safer. We also made some updates in Windows 8.1 to help close the time gap on how long a person will be left in an expired state.
Lastly, we hope that the data in SIRv17 will demonstrate that people running expired software should not be lulled into thinking that an outdated security product will provide adequate protection. We urge people to upgrade to the paid version of their antimalware product, or download a free antimalware product, such as Microsoft Security Essentials or Windows Defender (which comes pre-installed on Windows 8.1 and Windows 8).