When you buy a new computer, often times it will come pre-installed with software provided by the manufacturer. This is commonly done by software providers as way to entice people to try their products before they buy. One of the most common types of software that comes pre-installed on computers is antivirus or antimalware protection (also known as security software). Typically this protection is provided for free during a 30, 60, or 90 day trial period. Once expired, the customer has the option to purchase a subscription that will keep the security software up-to-date. Should they decline to purchase, the security software will continue to operate; however, it will not receive updates for new threats that are discovered. So what’s the problem with this approach? Our latest Security Intelligence Report explains.

It might be tempting to think that running expired software might continue to provide an adequate level of protection. If only this were true. The reality is that systems that run expired security software are generally only slightly more protected against infections than those that don’t run any security software at all.

The chart below, from the latest Microsoft Security Intelligence Report, helps illustrate this point. From the chart, we can see that systems that run expired security software are four times more likely to be infected with malware than those running up-to-date security software. Furthermore, there was only a .2 percent different in the number of systems Microsoft cleaned of malware when comparing those that were not running security software to those that had expired security software.

2014-11-12_6-08-21

Infection rates for non-domain computers running Windows 8 and Windows 8.1 with and without adequate up- and the first half of 2014

A little over a year ago, I published a blog entitled “Antivirus Software is Dead…Really?” I published this blog because time and time again, I would attend security conferences and hear experts make claims that antivirus is not effective at helping protect systems. This data was intended to cut through the noise and help demystify that myth.

The data shows us that the vast majority of cases where computers were reporting expired antivirus software were on non-domain joined systems, a configuration that consumer systems typically have. Of the non-domain systems analyzed, 9.3% were running expired antivirus software.

Addressing the problem
In light of this information, we encourage people to verify that they are running up-to-date security software on their system. If they aren’t, there are many different free or paid options available. Microsoft also provides free security software to consumers called Microsoft Security Essentials. If you are running Windows 8 or Windows 8.1, then security software, called Windows Defender, is installed by default.  It will run automatically, unless your system was pre-loaded with another vendor’s trial security software. For more information on additional security software providers, I encourage you to check out Microsoft’s security partner webpage.

The purpose of the Microsoft Security Intelligence Report is to provide our customers with the most comprehensive view into the threat landscape so that they can better manage risk. For more information on the latest threat trends, I encourage you to download the latest report at www.microsoft.com/sir.