Microsoft Admits to One Kaspersky Allegation

Posted on June 21, 2017 by Paul Thurrott in Windows 10 with 25 Comments

Microsoft Admits to One Kaspersky Allegation

Microsoft has posted a public response, of sorts, to recent allegations by Kaspersky Lab. And in a surprising development, the software giant has actually admitted to one of the charges.

“Microsoft’s thousands of security engineers work day in and day out to provide ever-increasing levels of security, hardening the operating system at every layer of the stack and reducing the attack surface with new security features that help protect against and respond to a range of threats our customers face,” Microsoft Partner Director Rob Lefferts explains. “Our approach to security with Windows 10 includes both the end-to-end protections we build in natively, as well as support for the larger ecosystem of ISV and OEM partners to do their best work, providing added hardware and software security protections and services our mutual customers may choose.”

Lefferts’s post is quite lengthy, and it never directly mentions Kaspersky Lab. But that security firm has complained to antitrust officials in Europe and Russia that Microsoft is operating in an anti-competitive manner. And among the charges is that Windows 10 actually disables third party AV, like Kaspersky Lab’s, without cause.

“Windows 10 actually removes third-party AV during an upgrade,” I wrote back in early June. “After removing the third-party AV, Windows 10 tricks the user into thinking it’s still installed and working.”

Amazingly, Microsoft basically admits to this practice.

“We believe staying current is the most important thing in keeping customers safe and secure,” Lefferts says. “An important part of keeping customers current is ensuring the update process is a seamless, positive experience … because AV software can be deeply entwined within the operating system, we doubled down on our efforts to help AV vendors be compatible with the latest updates … For the small number of applications that still needed updating, we built a feature just for AV apps that would prompt the customer to install a new version of their AV app right after the update completed. To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating.”

The claim here, I believe, is that Kaspersky Lab’s AV solution is among the “small number” of AV apps that wasn’t able to get certified for the newest Windows 10 version. That is, it’s their fault this happened, not Microsoft’s.

And to be fair, Lefferts does, in fact, refute a number of Kaspersky Lab complaints. He notes that, “if AV software is protecting our customers, Windows Defender Antivirus will stay off,” for example. “If a customer does allow an antivirus application to expire, Windows Defender Antivirus is automatically turned on so that they are not left unprotected.”

More to the point, Microsoft believes that the work its done on security in Windows 10 is about ensuring that customers are safe, and that no design decisions were made to harm competitors.

“Windows will help customers make informed choices and respect user choice for security protection,” he says. “We will also continue to push the bar for customer protection.”

 

Tagged with

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (25)

25 responses to “Microsoft Admits to One Kaspersky Allegation”

  1. Avatar

    Tony Barrett

    Recipie for dissecting Microsoft responses;


    First, before anything else, wait silenty until issue has been circulating for days, and press/public etc are at Microsoft's throats

    Next, claim MS have 'thousands' of engineers working on this, round the clock

    Then, always say we're doing it for the benefit of our 'customers' - add 'based on feedback' as necessary

    Always state their products are the most secure on the market, and they work 'closely' with their OEM's, who they value deeply

    Add a sprinkling of bull and marketing claptrap

    Ensure any 'official' comments are approved by MS PR department and lawyers

    Publish

    Don't post anything else, and wait for issue to go away

    Proceed with monopolistic tactics as normal


    Works every time!

  2. Avatar

    red.radar

    Ah safety.... the new grounds for which companies could tread to enable suspect and aggressive business practices.


    Apple, wont let you repair your phone because .... safety, battery might explode.


    John Deere, wont let you repair your tractor because.... safety, if you do it wrong you may "injure someone"


    Interesting times. there may be something to it. Microsoft could claim liability concerns that if they don't do everything in their power they are opened up to law suits. Which would be in line with why they released critical patch on windows xp. Maybe there is not conspiracy, but this liability protection is bumping into consumer protection areas..


    Interesting times..



    • Avatar

      chrisrut

      In reply to red.radar: You are right, "safety" can be used as an excuse for suspect and aggressive business practices. However, it can also be used to actually help people stay safe, as a business practice.
      Be careful not to throw out the baby with the bathwater in your rush to cynicism. Otherwise you are just more evidence of these "interesting times."
  3. Avatar

    Luka Pribanić

    There is one part of the story missing in this talk of W10 vs AV vendors...


    We use Trend Micro on office PCs, and it's both AV and firewall. Windows firewall is disabled through GPO. And when W10 disables AV, you DON'T always get a warning, and even if you do, admin has to actively monitor the status as user(s) will usually skip reporting that to support.


    So you end up in situation where Windows could update OS, disable AV *AND FIREWALL*, and not notify anyone, and enable Defender but *NOT FIREWALL*. Throwing aside the fact that business environment will dislike this fact a lot, as it gives a lot of extra work to admins and introduces certain level of uncertainty in security, it will also leave your PC open to huge amounts of attacks due to FW missing on that PC.


    So it's not all roses in this MS + W10 decision.


    Ok, so we have WSUS so updates are more under controll, likewise we have central AV management console, so again we can see if certain PCs lack protection, but still, it can be days before this is noticed and rectified, and AV+FW reinstalled, as you don't see if this PC is "offline" in AV console because the person is on vacation or if AV is simply uninstalled by OS. Console simply states that the AV agent isn't responding. And having hundreds of devices in network makes it unpractical to know exactly at each moment who is where and what the reasons of the "offline" agents could be. You'd need a team of several people to just go actively around or phone people to keep checking if their device is really offline or turned off, or if AV is diaabled. And even if you had that, you'd still have a PC without FW protection for hours, specially outside working hours, or on weekends and such.


    I can agree with MS thinking, but then they should have a built-in system of actively alerting admins that this is being done. And also should have a sense of other uses of AV, like FW, URL filtering, email filtering (spam, content checks, etc), checking for the document leakage, credit card information leakage, etc, etc. There's a lot that today's security suites do in addition to pure AV. And MS disables it all. And enables Defender that does only AV. And leaves rest of checks off, and well... Unchecked. And doesn't notify Administrators at all. And sometimes misses alerting the users either (proven on my own experience).


    I don't know, maybe System Center or some other MS management suite can handle these on its own, but that would just be upselling their other services on base of them disabling something that users already payed. AND THIS is part where MS failed, and where Kaspersky might get regulatory bodies to actually react.

  4. Avatar

    rameshthanikodi

    Actually, from what I can tell, Microsoft is disabling only incompatible versions of the AV software. Compatible versions remain. That is a good thing! Microsoft also disables other incompatible drivers when upgrading, and if the driver vendor distributes an upgrade via WU, it’ll actually get upgraded. All these AV software providers need to work with Microsoft to provide updates to older versions for compatibility instead of leaving their users behind just because they paid for an older subscription. What Kaspersky really should do is to also move to a rapid release development model and simple git gud

    • Avatar

      Luka Pribanić

      In reply to rameshthanikodi:

      Kind of true, but keep in mind that you've got a completely compatible and sanctioned AV running fine, then automatic OS update arrives, and suddenly you've got AV uninstalled. And it's not just AV, it's all the things that AV software does today in addition to "just" AV checks.


      So between that moment and until you realize it and go download and install new version - your device is open to those other threats.

      • Avatar

        MikeGalos

        In reply to Luka Pribanić:

        No, Between that moment and until you realize it, you're running Windows Defender and are protected. That's part of Kaspersky's complaint. They want the user left unprotected. It helps sales when they flash a big "YOUR COMPUTER IS AT RISK" message (which they also insist Microsoft should allow just for them rather than using Windows built-in notification system)

  5. Avatar

    Narg

    Don't Antivirus programs normally recommend they be disabled during the install or upgrade of software? So is Kaspersky being a hypocrite? Seems so. I guess you can't expect much more from a Russian company... I'll never use them.

  6. Avatar

    DixonLeung

    The EU would hate this, but if Microsoft were to buy (or an acquire-hire in Silicon Valley terms) Kaspersky Lab, Kaspersky can't say Microsoft intends to harm consumers.

  7. Avatar

    Rob_Wade

    Companies like Kaspersky can kiss my butt. I left using 3rd party AV software some time ago. I have yet to run into one that isn't expensive, painful and every single one I've ever used ultimately slowed my machines to a crawl. In the end, I find the latest iterations of Defender to be more than adequate since I maintain safe email and browsing practices.

  8. Avatar

    wshwe

    The basic problem with 3rd party security software is that it doesn't protect people from that many threats. It also causes problems .

  9. Avatar

    Ed Woodrick

    Admit to the Allegation? Come'on Paul, get real. I'm pretty sure that you published articles on how Microsoft was handling Anti-virus vendors with Windows 10 way back in the preview period. They were having problems with the upgrade working, so they decided to disable the AV products during upgrade, and then, if compatible, I think that they would re-enable them. This isn't news.

    And you should be lambasting Kaspersky for saying they didn't have enough time to update their product. It sounds as if they thought waiting until the RTM build was made BEFORE they decided to upgrade their product. I remember Win10 being in preview for about a year before release.


    This is so absolute and total BS. It's only a Kaspersky move for advertising and sympathy from the "don't like Microsoft" crowd. This really should be thrown out and non of my taxpayer money used to adjudicate the case.

    • Avatar

      MikeGalos

      In reply to Ed Woodrick:

      "It sounds as if they thought waiting until the RTM build was made BEFORE they decided to upgrade their product."

      Not just that, Kaspersky wants Microsoft to hold the RTM build and not make ANY changes to it for literally MONTHS after the build is RTM before actually releasing it. So, in the ideal Kaspersky world, not only would the build be released months late but it couldn't even have fixes installed for any zero-day threats that showed up in that time.

  10. Avatar

    MachineGunJohn

    Really not MS fault if Kaspersky didn't use the months of dev builds they had access to to prepare a release the was compatible and used to post update hook to install it.

    Bravo for enabling Defender as a fallback to protect the consumer in the event their 3rd party AV vendor has dropped the ball and let them down. As a consumer that's exactly what I want and I'd be pissed off if they didn't do that. I didn't see anything from Kaspersky or MS that led me to believe that "Windows 10 tricks the user into thinking it’s still installed and working" but if that's the case I do think MS should make it very clear that the consumers AV vendor has not yet updated their product to work with the currently installed OS version and that Defender was enabled until they can install a compatible AV update.

    • Avatar

      Waethorn

      In reply to MachineGunJohn:

      I think Microsoft did this already on Windows 10 (and maybe even Windows 8 too - I forget). The only change is that now they're notifying users that their AV is expired and/or incompatible with newer builds with an additional popup, separate from what the third-party AV software is supposed to do.

  11. Avatar

    jboman32768

    AV software in my experience causes more problems than they solve. A parasite on the PC market feeding on people's fears. Just keep Windows Update jammed in the fully on position, dont install dodgy stuff - and live a happy life.

    • Avatar

      ChristopherCollins

      In reply to jboman32768:


      Totally agree with you jboman. So many people get that complimentary subscription when they buy a PC and never renew it.


      So many viruses have been spread by those 'Click here to update your computer' viruses that even non technical people are starting to be scared of them.


      Virus & Malware are such a problem that this should be a part of the OS.


      I honestly like what Microsoft is doing here. It seems a simple prompt during setup would help.


      Windows has detected that you have an out of date or noncompliant antivirus solution on your computer. Would you like to use the always free, always updated Windows Defender instead. Yes/No prompt. If they click No, a reminder that their AV solution needs to be renewed to stay protected, then move on.

      • Avatar

        Waethorn

        In reply to ChristopherCollins:

        Fake ads were what started the #fakenews trend because Facebook and other ad companies like Taboola and Outbrain posted celebrity trash tabloid headlines in the clickbait ad-grids and pass them off as actual news. Media took the #fakenews meme and ran with it to push a political counter-agenda. The rest is history.

    • Avatar

      Waethorn

      In reply to jboman32768:

      It's easy for anyone with a trained eye to say "don't install dodgy stuff". The reality is that average consumers don't have one and it's up to the software vendors to protect them from themselves. Sadly, it's the same reality where security software vendors don't have competent coding skills. This is why I'm moving many customers to non-Windows platforms so they just don't have to deal with this stuff. I'm not impressed by Windows 10. It adds additional complications because of the Microsoft's poor reliability with updates, and other platforms are just plain better at it.

  12. Avatar

    ncn

    Microsoft seems to have a rational engineering solution to incompatible AV software. As to why that software is incompatible, be it by design or just foot-dragging on either party's part ... that's yet to be determined.

  13. Avatar

    sharpsone

    In the end securing customers and internet is more important than Kaspersky trying to make money off AV renewals.

Leave a Reply