Partnering with the AV ecosystem to protect our Windows 10 customers


On Friday May 12th, and for several days afterwards, more than a quarter-million computers around the world fell victim to the ransomware known as WannaCrypt or WannaCry. As that recent event has shown, malicious actors bring nearly boundless time and skill to commit cybercrime that can cause harm to millions of people. That is why our drive to make Windows 10 the safest and most secure version of Windows ever is so important and why we must remain vigilant in bringing our best efforts forward in protecting our customers.

Before and since the launch of Windows 10, Microsoft’s thousands of security engineers have worked day in and day out to provide ever-increasing levels of security, hardening the operating system at every layer of the stack and reducing the attack surface with new security features that help protect against and respond to a range of threats our customers face. Our approach to security with Windows 10 includes both the end-to-end protections we build in natively, as well as support for the larger ecosystem of ISV and OEM partners to do their best work, providing added hardware and software security protections and services our mutual customers may choose.

Malware and ransomware continue to be some of the most prevalent and harmful security threats our customers face today with more than 300,000 new malware samples being created and spread every day. This continuous threat is why we in Windows have a principled approach to protecting our customers against malware and ransomware in partnership with security experts both in and outside of Microsoft. Today, I want to share more about our approach to customer safety and security and how we work with the security ecosystem.

Supporting a rich ecosystem of AV protection for customers

An important part of our security approach is delivering next-generation antivirus protection with Windows Defender Antivirus, an enterprise-grade antivirus built in to Windows 10 leveraging the cloud, machine learning, behavior analysis and vast optics from the Microsoft Intelligent Security Graph to provide faster, smarter malware defenses in real time.

We built Windows Defender Antivirus to make a promise to our customers that every Windows 10 device ALWAYS has protection from viruses and malware. Through our continued investments, our test results are among the top of security industry leaders, including recent real-world testing where Windows Defender Antivirus scored over 99 percent detection rates.

We also know that Window customers value choice and that is why we actively engage with and support a community of over 80 independent software vendors through the Microsoft Virus Initiative (MVI) program. This engineering program enables us to share key technical details of Microsoft technologies with our AV partners to collaborate on future directions and problem solve on existing security challenges to protect our shared customers from malicious software.

Today, many Windows 10 customers choose to use antimalware software from one of our MVI partners. Our close collaboration with these partners enables us to ensure our customer promise of “always on” malware protection no matter which solution they choose. We think this provides customers an easy way to choose the software vendors, features, and price points that work for them without worrying if their device will ever be unprotected.

Here are a few of our beliefs in how we protect our customers from malware.

We believe staying current is the most important thing in keeping customers safe and secure.

With twice annual feature updates, Windows 10 continues to deliver new security enhancements to protect against new evolving threats. An important part of keeping customers current is ensuring the update process is a seamless, positive experience. We’ve made considerable progress in both customer convenience, delivery and quality of the Windows Update experience, as well as ensuring compatibility of thousands of ISV applications from day one of an available update.

We’ve worked closely with AV partners to identify changes, provide early builds through the Windows Insider Program and other testing environments, and provide technical guidance through our MVI program. This cadence of regular updates, along with the Windows Insider Program, affords our partners and customers much greater transparency and insight into the Windows development process than ever before. Months before a semi-annual update is delivered to customers, interested parties can get easy access to fully running and deployable versions of the release, stay current with updates as the release progresses and becomes feature complete, and provide timely feedback on issues and bugs.

Also, because AV software can be deeply entwined within the operating system, we doubled down on our efforts to help AV vendors be compatible with the latest updates. By the time the most recent Windows 10 Creators Update released on April 11, for example, nearly all of the antivirus applications that Microsoft tested were fully compatible. In fact, Microsoft’s application compatibility teams found that roughly 95% of Windows 10 PCs had an antivirus application installed that was already compatible with Windows 10 Creators Update.

For the small number of applications that still needed updating, we built a feature just for AV apps that would prompt the customer to install a new version of their AV app right after the update completed. To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating.

We believe in honoring customer choice and supporting a rich security ecosystem.

Microsoft supports a rich ecosystem of security partners, each attacking malware and ransomware with diverse perspectives, and continues to work with security partners to support that. As the security landscape, PC industry, and customer needs continue to evolve, Microsoft will continue to work with security partners to ensure that the broad security industry does everything possible to keep customers safe.

Once a customer has installed an active and up to date antivirus program, it will run without notifications or interference from Windows. Microsoft’s own free, built-in Windows Defender Antivirus does not run periodic scans without explicit customer action or provide protection until the chosen third-party AV solution is no longer protecting the Windows 10 device due to expiration.

Additionally, when customers experience support issues, our Microsoft Support teams work closely with them to honor the AV choices they’ve made. In some cases, uninstalling and then reinstalling the software, including third-party AV solutions, is a necessary step in resolving a customer issue.

We believe in “always on” customer protection.

If AV software is protecting our customers, Windows Defender Antivirus will stay off. If a customer does allow an antivirus application to expire, Windows Defender Antivirus is automatically turned on so that they are not left unprotected.

In the case of paid AV solutions, we worked with our AV partners to build a consistent set of notifications to inform customers if their license is about to expire and to present options to renew the license. Only when an AV subscription expires, and the AV application decides to stop providing protection to the customer, will Windows Defender Antivirus begin providing protection.

Screenshot of security subscription notification

We believe in earning customer trust every day.

We remain ever vigilant in our conviction to make Windows 10 the safest and most secure OS platform ever and earn our customers’ trust every day. To do that we will support a vibrant ecosystem of security solutions. Wherever possible, Windows will help customers make informed choices and respect user choice for security protection.

We will also continue to push the bar for customer protection. We regularly propose and test new ideas to improve customer protection and choice and work directly with our AV partners to validate these new ideas for the benefit of our mutual customers. This rich feedback loop and open exchange of ideas on what we bring to market results in a safer Windows for everyone.

Microsoft has actively engaged for more than 20 years with our antivirus ecosystem partners around the world to protect Windows users in the face of evolving cyber threats. We look forward to continued collaboration with these partners toward our mutual goal of protecting customers.

 

Rob Lefferts

Partner Director, Windows & Devices Group, Security & Enterprise

Comments (4)

  1. Jack Yan says:

    Interesting to read, Rob. I know I’ve had massive issues with Windows updates and there’s a theory that existing antivirus affected it (in my case, Avira). But my experience is that antivirus programs happily disable others’ antivirus programs. Take the Facebook malware detector, which it offers with various “partners”, including Kaspersky. This disables others’ antivirus programs, from what I can tell. Since being tricked to run it—no, it’s not third-party malware, it’s something both Facebook and Kaspersky brag about on their blogs—I found McAfee regularly disabled, so much so I had no choice but to switch to Avira. (This has been documented on my own blog.) Neither Facebook nor Kaspersky will respond to comments, the latter deleting them off their own blog because they refuse to answer. Both firms also clam up when confronted with this on Twitter. So if Microsoft is being attacked from some quarters over this by certain other firms, then I say those others are hypocrites.

  2. Ismail Hassani says:

    It’s a kind of lame of K to claim to have just 7 days to make their product compatible with Windows 10.
    This is why MS has an insider/beta program. To test the **** out of you programs well before the release of the final product.
    As an small ISV I did this too with every version of Windows the last 10 years. K should done this too.

  3. Fausto says:

    This guy need to stop complaining and focus his attention on actually making a good antivirus that people want to renew. It’s not Microsoft’s fault that you are incompetent, Mr Kaspersky.

    Besides, these same AV companies wouldn’t exist if Windows didn’t had flaws. If MS fixes almost all the flaws and it’s own security is enough then what? Is MS responsible if the whole AV and security software industry collapses? I think not. MS can do whatever they want security wise with their software. It’s not their job to be slack hoping that someone else will do the job for them.

    Is Kaspersky complaining that MS won’t allow a computer to be left unprotected?

    And yeah during the insider program I had a number of Anti Virus programs end up blocking or deleting key Windows files and components which screwed my system up a number of times after a new build, so yeah, MS removing those AV’s to prevent this from happening again was a good idea.

    As noted, AV companies had plenty of time in the insider program to keep their programs compatible.

    Kaspersky is just complaining because users are no longer left to suffer as much for not using their programs.

  4. MS says:

    Why can’t defender be just a native program of windows that just runs like an always on service.

Skip to main content