Microsoft defends Windows 10 antivirus practices after Kaspersky complaint

Microsoft has detailed how it handles antivirus in Windows 10 after claims by Kaspersky Lab that it disadvantages third-party antivirus. 

Antivirus vendors previously didn't regard Microsoft’s own anti-malware as competition, but that’s changed as Microsoft has doubled down on security in Windows 10, by hardening the operating system against attacks and improving its anti-malware Windows Defender.

Kaspersky Lab founder Eugene Kaspersky has accused Microsoft of using “underhanded tactics” to remove its product and enable the built-in Windows Defender program as the prime anti-malware product on Windows 10 PCs. 

The chief problem, as Kaspersky has outlined, occurs when Windows 10 is updated. This happens with greater frequency than in previous versions, and it results in Kaspersky antivirus becoming incompatible. Kaspersky claimed Windows removes its product's drivers without the user’s concept, rendering the product useless. 

Although Microsoft enables Windows Defender to protect the end-user until the third-party app is updated, Kaspersky Lab believed the process is an abuse of power worthy of an investigation by the European Commission in June and Russia’s competition regulator. 

In a lengthy blogpost today, which doesn’t mention Kaspersky’s complaint directly, Rob Lefferts, Microsoft’s partner director of Windows & Devices Group, Security & Enterprise, detailed how it approaches third-party antivirus in Windows 10, the support it offers them and exactly when Windows Defender steps in. 

According to Lefferts, Microsoft has “doubled down” on helping AV vendors keep up with its own faster-pace updates in Windows 10. Kaspersky said it used to have months to adapt but now just has weeks. 

Lefferts said that when the Windows 10 Creators Update was released on April 11, “nearly all” third-party antivirus apps were compatible. Also, 95 percent of Windows 10 PCs had an antivirus app installed that was already compatible with this update by then. 

Microsoft does however have a feature that temporarily disabled portions of an AV product if it wasn’t compatible with the Creators Update. 

“For the small number of applications that still needed updating, we built a feature just for AV apps that would prompt the customer to install a new version of their AV app right after the update completed,” explained Lefferts. 

“To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating.”

Regarding complaints Microsoft doesn't give AV vendors enough time to make compatibility changes, Leferts points out Microsoft works with 80 independent software vendors through the Microsoft Virus Initiative program. AV vendors also have access to early builds of Windows 10 through the Insider Program. 

“This cadence of regular updates, along with the Windows Insider Program, affords our partners and customers much greater transparency and insight into the Windows development process than ever before,” said Lefferts. “Months before a semi-annual update is delivered to customers, interested parties can get easy access to fully running and deployable versions of the release, stay current with updates as the release progresses and becomes feature complete, and provide timely feedback on issues and bugs.”  

He also added that the only time Windows Defender will run scans without explicit customer action is when the chosen third-party antivirus has expired. 

“Once a customer has installed an active and up to date antivirus program, it will run without notifications or interference from Windows. Microsoft’s own free, built-in Windows Defender Antivirus does not run periodic scans without explicit customer action or provide protection until the chosen third-party AV solution is no longer protecting the Windows 10 device due to expiration.”