Microsoft Sheds Light on Third-Party Antivirus Support Rationale
Amid customer confusion, Microsoft is providing some insight on how it works with its antivirus software vendor partners.
In an announcement, Rob Lefferts, Microsoft's partner director for the Windows and Devices Group for security and enterprise, outlined Microsoft's approach with Windows 10. The company works with "over 80 independent software vendors through the Microsoft Virus Initiative (MVI) program" to coordinate Windows 10 releases.
The announcement did not refer to a legal spat with Kaspersky Lab, a maker of antimalware software and a Microsoft partner. Kaspersky Lab recently filed antitrust complaints against Microsoft, alleging that Microsoft favors its Windows Defender solution over other antimalware software products.
While Lefferts' comments were general, they had some elements that seemed like a response to the Kaspersky Lab complaint. In particular, Lefferts suggested that Microsoft gives its security solution partners "months" to fix software before Windows 10 releases.
"Months before a semi-annual update is delivered to customers, interested parties can get easy access to fully running and deployable versions of the release, stay current with updates as the release progresses and becomes feature complete, and provide timely feedback on issues and bugs," Lefferts wrote.
One of the Kaspersky Lab complaints was that Microsoft gave its software partners just two weeks of testing time before a Windows 10 RTM (release to manufacturing) version was released. Lefferts, though, seemed to be suggesting that partners should be testing Windows Insider beta releases. In older pre-Windows 10 Microsoft lingo, an RTM was considered to be feature complete and just undergoing bug fixes. However, the RTM term is seldom heard these days, given Microsoft's new "agile" release approach with Windows 10.
The Windows 10 "creators update," released as a "current branch" in April for testing by organizations, was compatible with "roughly 95% of Windows 10 PCs," Lefferts indicated. He added that Microsoft had built a prompt into Windows 10 for those antimalware solutions that weren't compatible. It directed users to download the latest antimalware version.
As part of this process, Windows 10 will disable the installed partner-built antimalware software.
"To do this, we first temporarily disabled some parts of the AV software when the update began," Lefferts explained. "We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating."
The disabling of antimalware solutions was one of Kaspersky Lab's specific complaints about Microsoft's practices.
Lefferts denied that Windows Defender runs scans without user permission. Windows Defender turns on when installed antimalware solutions have expired, he added.
Kaspersky Lab had complained about its ability to notify users when an antimalware subscription was expiring, but Lefferts contended that Microsoft has taken a consistent approach.
"In the case of paid AV solutions, we worked with our AV partners to build a consistent set of notifications to inform customers if their license is about to expire and to present options to renew the license," Lefferts said.
He admitted that Microsoft Support does advise Windows 10 customers to uninstall antimalware solutions and reinstall them to resolve some issues -- a practice that Kaspersky Lab had complained about.
In short, Microsoft apparently will argue that it must keep Windows 10 customers protected when antimalware software isn't compatible with recent Windows 10 releases, and that it's acting with customer security in mind when it turns on Windows Defender. Kaspersky Lab likely will offer the familiar argument at the European Commission that Microsoft is using its Windows monopoly to compete unfairly in the software security market.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.