Microsoft won't turn on Windows Defender for unprotected PCs

A Microsoft executive misspoke when she said that Windows would turn on the built-in Windows Defender technology.

Microsoft representatives said Wednesday that the company will not turn on Windows Defender for unprotected PCs, contrary to what executives said earlier in the week.

Holly Stewart, the senior program manager from the Microsoft Malware Protection Center, misspoke, according to representatives, when she said that Microsoft would turn on Windows Defender if a user's anti-malware subscription lapsed.

"During an interview when discussing the results of the Microsoft Security Intelligence Report, Microsoft misspoke in response to a question, which resulted in an inaccuracy in the resulting article," a Microsoft representative said in a statement Wednesday.

However, Windows Defender will be turned on, automatically, if there is no other anti-malware on the system the first time the PC is activated, Microsoft said. If a third-party anti-malware system is activated, Windows Defender will automatically turn off in favor of the third-party solution, Microsoft said. Two other technologies, Smart Screen and App Rep, also are present to help determine if a file or app should be considered as potential malware, based on a reputation system Microsoft developed.

Microsoft security officials spoke on the eve of its latest Security Intelligence Report, (direct download link) which was released Tuesday. As it has been for the past few months, Microsoft's goal is to move as many of its customers off of the older Windows XP operating system onto something more modern and protected--Windows 8.1, if at all possible.

The idea is to minimize security risks to the PC community at large by essentially shutting down the unintentional security holes discovered within Windows XP. Microsoft will discontinue support for Windows XP in April 2014, allowing those holes to exist, unpatched, forever.

But if the goal is to minimize security risks, then it makes sense for Microsoft to close any holes left open by an unprotected operating system. In some cases, Microsoft executives said, consumers who try out a firewall or anti-malware package aren't aware of when the trial period expires, so that the PC slips from a protected to an unprotected state. In the case of Check Point Software's Zone Alarm program, for example, the software simply stopped working after users upgraded to Windows 8.1.

Microsoft's first priority, however, is to maintain the relationship that a user has struck with the third-party anti-malware provider, said Holly Stewart, the senior program manager from the Microsoft Malware Protection Center. "We have to work collaboratvely across the industry," she said.

"As a customer goes into an unprotected state, we want those antivirus vendors to be installed as the first upgrade source," Stewart said. If the license has expired, the first thing Microsoft asks them to do is to go upgrade, she said.

The active protection within Windows 8 and 8.1 are monitored by the Action Center, which notifies users if their antivirus definitions are out of date, for example, or if no anti-malware solution is present. Instead of automatically loading Windows Defender, Microsoft will simply issue reminders that third-party anti-malware is not present or expired, and will offer to load Windows Defender instead. The goal is not to nag the user, Stewart said, but at the same time to notify them that they're not protected, and to move them back into a protected state with a minimum of fuss.

Microsoft also presented new data as additional justification for moving away from Windows XP. The data, compiled from more than a billion PCs, whose users have allowed Microsoft to use their data to improve Windows, was added to 400 million accounts and billions of Web page scanned by Bing.

The data showed that Windows XP makes up 22 percent of the worldwide user base; in some regions, such as Africa, the penetration can be as high as 32 percent, according to StatCounter. With an operating system more than a decade old, features that were advanced at the time of Windows XP's release, such as Data Execution Prevention technology, have been bypassed by malware writers.

Stewart said that the the number of pieces of malware that a Windows XP or Windows 7 or Windows 8 machine encounters is relatively constant, indicative of the habits of Internet users at large. But the number of computers that Microsoft reported as infected was far higher for those running Windows XP than for the other operating systems, Microsoft found.

Join the CSO newsletter!

Error: Please check your email address.

Tags MicrosoftsecurityWindowssoftwareoperating systemsintelWindows 8.1antivirus

More about Check Point Software TechnologiesCheck Point Software TechnologiesMicrosoftSmartZone Alarm

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Hachman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts