In the previous Microsoft Security Intelligence Report, SIRv14, we introduced a new metric to measure the infection rate for computers protected with real-time antimalware software (protected computers) in comparison to computers that were not protected with up-to-date security software (unprotected computers). Using this new data, we wrote a feature story about the risks of running unprotected. Our customers told us that providing this data really helped measure the value of running real-time antimalware software. It clearly showed that security software can provide a significant contribution to a computer’s protection level.
With Windows 8, we’ve made further improvements to help keep customers protected.
For example, Windows Defender is automatically activated when the Windows 8 device is turned on for the first time, and will only deactivate if another antimalware program is running. If there is no other antimalware software installed, Windows Defender will be enabled. If another antivirus application is activated later, Windows Defender will automatically disable itself. Windows Action Center monitors Windows Defender, and if it is turned off, Action Center will show a notification and provide an option to turn it back on. We’ve done all of this to help ensure that all Windows customers are protected.
What happens when another antimalware product is installed, but then stops receiving updates or the license expires?
Like a computer without antimalware protection, this computer is also considered as being in an unprotected state.
At the MMPC, we closely monitor why people fall into an unprotected state. Joe Blackbird and Bill Pfeifer presented on this topic at Virus Bulletin this year with The global impact of anti-malware protection state on infection rates. They found that more than half of the Windows 8 customers listed as unprotected are in that state because their antivirus has expired.
After assessing the telemetry on why customers were staying unprotected, a few updates were made in Windows 8.1 to help customers make a safe choice to stay protected. Now, after prompting a customer about their unprotected state and giving the choice to renew or see other options at the Windows Store, a final prompt helps the customer get back into a protected state even if they do not choose to renew. If you really don’t want to have protection enabled, you can still disable it– it’s your choice. The feature simply makes the safe choice really easy, and the less safe choice a bit more work.
During the past year I’ve talked to a lot of people who are just as passionate about keeping our customers protected as we are. So, I’m happy to report that we now measure protected/unprotected data on a quarter-by-quarter basis as a standard part of the Microsoft Security Intelligence Report.
As shown in the following chart, our research reveals that every quarter, about 25 percent of computers are not completely protected. This includes computers that are both unprotected and intermittently protected. We count a computer as intermittently protected for the quarter if it reports being unprotected for one month. We’d like to move the number of computers in both categories closer to zero.
We also found that computers that never had protection were 7.1 times more likely to be infected with malware than computers that always had protection.
Figure 1: Percentage of computers worldwide protected by real-time security software, 3Q12–2Q13
For more data and analysis on protected and unprotected computers, including how we calculate this data, see SIRv15.
Stay protected folks!