Expired antimalware software is nearly as unsafe as having no protection at all

Analyzing data to find the root cause of infections has been a long-standing focus of the MMPC. One area we’ve been investigating is the correlation between endpoint protection and infection rates. Back in version 14 of the Security Intelligence Report (SIRv14), we first published data on infection rates for PCs protected with fully up-to-date antimalware software in comparison to those that either had no antimalware software or software that was not on or fully current. We discovered that PCs are 5.5 times more likely to be infected if they aren’t protected with a fully up-to-date antimalware product.

This data drove the MMPC to a new tenet – get everyone protected – and led to some changes in Windows 8 to help ensure that as many people as possible are running real-time, up-to-date, antimalware software. Alas, we know that customers, even on Windows 8, are in an unprotected state, leaving their computers prone to infection. So, over the past six months we’ve been digging deeper in the data to learn more about unprotected PCs. We published our findings in version 17 of the Security Intelligence Report released today (SIRv17).

Here’s what we found. On Windows 8, it appears that the number one reason why people are unprotected is because their antimalware has gone into an expired state. Stated another way, more than one half of all unprotected Windows 8 PCs are in an unprotected state because they are running expired security software. An expired state happens when a trial version of an antimalware product has reached the end of the trial. The product may continue to inform you that you need to pay for the software to continue receiving updates, but it stops downloading updates that protect your PC. This often happens when you buy a PC from an online or local store and that PC is preloaded with lots of software.

People may believe that an antimalware product is still protecting them even if it hasn’t downloaded updates in a while. The data says otherwise. When we compared the infection rates on PCs with expired antimalware, we found that infection rates were nearly the same as PCs with no protection. The following chart shows the infection rate of  PCs with expired antimalware products and other unprotected states, in comparison to a protected  PC.


Expired antimalware 

A  PC with expired antimalware protection was nearly four times more likely to be infected with malware in comparison to a fully protected  PC.

So we have more work ahead of us. First, we’ve been working with security software vendors in our MVI program to help them understand their impact on people that are left in an expired state. Since March, we have been providing monthly reports that show their percentage of unprotected customers, their infection rates and other information to help them keep their customers safer. We also made some updates in Windows 8.1 to help close the time gap on how long a person will be left in an expired state.

Lastly, we hope that the data in SIRv17 will demonstrate that people running expired software should not be lulled into thinking that an outdated security product will provide adequate protection. We urge people to upgrade to the paid version of their antimalware product, or download a free antimalware product, such as Microsoft Security Essentials or Windows Defender (which comes pre-installed on Windows 8.1 and Windows 8).

Holly Stewart

Comments (7)

  1. Win2KJosh says:

    Hey MMPC, I work as a master PC tech and I submit malware several times a year whenever I discover unknown malware on a customer's machine that MSE doesn't detect. I used to always get Received, then Investigation, then the results when Analysis was Complete.

    For the past year or so I don't know if I've had any that were investigated and completed. Did you guys discontinue this service? Or what's going on? Am I wasting my time sending you my samples?

  2. Mario [msft] says:

    With the number for free antimalware offerings available nobody should be left in this state. Why don't these products uninstall themselves rather than leaving the user in this limbo state?! The list of free for consumer products is long…

  3. brett says:

    I find this to be the case when i take over a new companies network infrastructure. Many if not all of the computers have outdated and or expired anti-malware and virus protection.

  4. adwbust says:

    How hypocritical of MMPC. You offer MSE 4.5 in a misleading state/manner on XP. MSE's system tray icon appears as if MSE has expired when in truth only XP support has expired. Remove that startup nagware and return the system icon to green until July 2015
    comes. You're bound to support MSE until July 2015 and that should include program fixes. I found instances where a usb worm escaped detection by MSE's guard and it was only caught after a restart or when I scanned My Documents! I guess it happened when MSE's
    guard didn't start correctly on startup – at that time, Security Center balloon popped up in system tray saying MSE is turned off and MSE UI's Home tab says guard is off even if it's checked in Settings. You have to disable and then enable guard for it to
    start! Tested with 4.4 and 4.5. MSE also sometimes causes XP to stall on desktop during startup. Might as well just ask user to remove MSE and open IE 8 on a site listing 3rd party free antivirus rather than having them continue using a poorly to half maintained
    antivirus that is MSE. Do you really think there's any difference between a system with no antivitus/expired antivirus and a system with MSE installed? There's none. Having MSE is like having no antivirus at all. Well maybe let's just put it this way: with
    MSE you have a door with no lock to your house whereas with no antivirus, youve got no door at all. You're screwed either way. 😀

  5. adwbust says:

    If a 3rd party antivirus has expired, then Security/Action center should disable that antivirus and enable Defender that was previously disabled by expired antivirus. After a reboot, on startup, Action center should pop-up a window giving user option to
    renew 3rd party antivirus through Windows store (hint hint) or uninstall (run uninstaller) it and continue using Defender. 🙂 It's time Windows on desktop/laptop get it's Windows store (and wallet) where users can get (install, buy, renew) their antivirus
    and other certified clean/safe applications. MMPC and Windows 10 devs are you listening?! Do it.

  6. Ed says:

    Most of the "free" products out there tend to be of the free anti-virus software and not anti-malware. But the people who create this crap have shifted away from virus software and switched to malware where it can be lucrative.
    As for actual anti-malware, some do not have a continuous protection but require you to do a scan O(unless you purchase it such as Malwarebytes Anti-Malware). So if you do install anti-malware software, verify it has continuous protection.

  7. Dimitrios K says:

    Most of the blame goes towards Microsoft and the sad, sad state of Security Essentials/Windows Defender. Simply put, Microsoft left said software to rot, letting it fall further and further behind in AV tests.

    And since most people secretly hate Avast, AVG and BitDefender Free, with their constant sales pitch (Avast, AVG) or minimal interface (Bitdefender), they just keep the solution that came pre-installed with the PC, and postpone the subscription reneweal since
    forever (because they are people).

    I fondly remember the days I could recommend MSE to anyone. Now I can't really, and can't really recommend the three other third-party AVs that are free.

    PS: Microsoft sells the technology that powers MSE/Defender to businesses? Who's buying?