News

In Wake of Kaspersky Suit, Microsoft Explains Windows 10 Security Approach

• By Kurt Mackie
• June 20, 2017

In an apparent response to recent allegations made by security software vendor Kaspersky Lab, Microsoft on Tuesday detailed its approach to third-party anti-virus software, particularly in Windows 10.

According to a post by Rob Lefferts, Microsoft's partner director for the Windows and Devices Group for security and enterprise, the company works with "over 80 independent software vendors through the Microsoft Virus Initiative (MVI) program" to coordinate Windows 10 releases.

The announcement did not refer outright to Microsoft's legal spat with Kaspersky Lab, a maker of anti-malware software and a Microsoft partner. Kaspersky Lab recently filed antitrust complaints against Microsoft, alleging that Microsoft favors its Windows Defender solution over other anti-malware software products.

However, Lefferts' comment had some elements that seemed like a response to the Kaspersky Lab complaint. In particular, Lefferts suggested that Microsoft gives its security solution partners "months" to fix software before Windows 10 releases.

"Months before a semi-annual update is delivered to customers, interested parties can get easy access to fully running and deployable versions of the release, stay current with updates as the release progresses and becomes feature complete, and provide timely feedback on issues and bugs," Lefferts wrote.

One of the Kaspersky Lab complaints was that Microsoft gave its software partners just two weeks of testing time before a Windows 10 RTM (release to manufacturing) version was released. Lefferts, though, seemed to be suggesting that partners should be testing Windows Insider beta releases. In older pre-Windows 10 Microsoft lingo, an RTM was considered to be feature complete and just undergoing bug fixes. However, the RTM term is seldom heard these days, given Microsoft's new "agile" release approach with Windows 10.

The Windows 10 "Creators Update," released as a "current branch" in April for testing by organizations, was compatible with "roughly 95% of Windows 10 PCs," Lefferts indicated. He added that Microsoft had built a prompt into Windows 10 for those anti-malware solutions that weren't compatible. It directed users to download the latest anti-malware version.

As part of this process, Windows 10 will disable the installed partner-built anti-malware software.

"To do this, we first temporarily disabled some parts of the AV software when the update began," Lefferts explained. "We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating."

The disabling of anti-malware solutions was one of Kaspersky Lab's specific complaints about Microsoft's practices.

Lefferts denied that Windows Defender runs scans without user permission. Windows Defender turns on when installed anti-malware solutions have expired, he added.

Kaspersky Lab had complained about its ability to notify users when an anti-malware subscription was expiring, but Lefferts contended that Microsoft has taken a consistent approach.

"In the case of paid AV solutions, we worked with our AV partners to build a consistent set of notifications to inform customers if their license is about to expire and to present options to renew the license," Lefferts said.

He admitted that Microsoft Support does advise Windows 10 customers to uninstall anti-malware solutions and reinstall them to resolve some issues -- a practice that Kaspersky Lab had complained about.

In short, Microsoft apparently will argue that it must keep Windows 10 customers protected when anti-malware software isn't compatible with recent Windows 10 releases, and that it's acting with customer security in mind when it turns on Windows Defender. Kaspersky Lab likely will offer the familiar argument at the European Commission that Microsoft is using its Windows monopoly to compete unfairly in the software security market.