Antivirus vendor Kasperksy Labs recently accused Microsoft of not only discouraging users from investing in security software by bundling Defender with Windows 10, but actively making it difficult for them to install and use said applications. Microsoft’s Rob Lefferts penned a blog post in response that admits the OS does disable “some parts of … AV software”, but does so temporarily to help vendors, not hinder them.
Lefferts, partner director for the company’s Windows & Devices Group, Security & Enterprise, made the post early last week to explain in greater detail Microsoft’s relationship with third-party AV vendors.
Essentially, AV software is usually “deeply entwined within the operating system”, which means it can’t be treated the same way as regular applications when the operating system receives updates.
Sometimes, a hotfix or patch could compromise one’s antivirus software and Microsoft believes it’s better to do something about this immediately, rather than depend on the vendor to respond promptly:
For the small number of [AV] applications that still needed updating, we built a feature just for AV apps that would prompt the customer to install a new version of their AV app right after the update completed. To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating.
Taken at face value, this makes sense. While it’d be great if AV makers could apply updates alongside Microsoft’s own patches, it’s not always possible. The post does state that in most cases, updates are applied in concert with partners, but when it can’t, this precaution is better than doing nothing at all.
There’s also mention of how Windows Defender will take over if a user allows their paid AV subscription to expire, but again, Lefferts justifies this by saying some AV is better than no AV:
In the case of paid AV solutions, we worked with our AV partners to build a consistent set of notifications to inform customers if their license is about to expire and to present options to renew the license. Only when an AV subscription expires, and the AV application decides to stop providing protection to the customer, will Windows Defender Antivirus begin providing protection.
Depending on your point of view, this could be good or bad. In the case of Kasperksy, it believes it to be anti-competitive. It remains to be seen if Lefferts’ post will do anything to cool Kasperksy’s legal jets.