Why do people let their anti-malware subscriptions expire?

: @orinthomas

It’s pretty difficult to get figures on is the number of computers out there that don’t have any form of anti-malware software deployed. For example, Microsoft’s data showed that approximately a year after Windows 7 was released, approximately 25% of computers running the operating system did not have current anti-malware protection. Getting data on computers running Windows XP (roughly 50% of all computers running Windows in the world) is difficult, but it is not unreasonable to suspect that the number that are not running up-to-date anti-malware protection is much higher than 25%.

So even though Microsoft Security Essentials (MSE) and other free anti-malware solutions have been available for free for the entire period that Windows 7 has been available, 25% of people (as of October 2010, the numbers are likely much worse now source: http://blogs.msdn.com/b/b8/archive/2011/09/15/protecting-you-from-malware.aspx ) running Windows 7 either don’t have anti-malware software or don’t keep it up to date. MSE is pretty fire and forget – once it’s installed it pretty-much looks after itself. So why do at least a quarter of people running Windows 7 (and even more running previous versions of Windows) – either not install anti-malware software or let it get out of date?

The reasons for this are complex. I updated my aunt’s Windows 7 computer at Christmas time and installed MSE because no anti-malware program was installed. It took her a while to understand that she didn’t have to pay Microsoft for the installation of MSE as in the past “she’d always had to pay for anti-virus software”.  Her computer was unprotected because she thought she had to pay for that protection and hadn’t got around to it.

Most people are introduced to anti-malware software through the included subscription that comes with their computer from the OEM. They let that subscription expire because they aren’t aware of the alternatives. Enough people renew their subscriptions that it is worthwhile for anti-malware vendors pay OEMs to include the trial software.

So how is this fixed? What steps can be taken to improve the numbers of computers running Windows with up-to-date anti-malware software? Windows 7 already bugs you with notifications if you don’t have up-to-date anti-malware protection. MSE is already available as an optional update. (The trick is that you have to know that it’s there. Configuring Windows Update so that it will retrieve MSE as an optional update requires some faffing about that most people don’t bother with).

The other issue is that even though MSE has the largest market share (17%) in North America and is only a few percentage points of being number 1 in the rest of the world (Avast! currently holds the title) – Microsoft has to tread carefully lest it be accused of abusing its position. When MSE was released there were threats of litigation and I can’t imagine that anti-trust lawyers won’t be involved at some point when Windows 8 ships with Windows defender. In theory Microsoft could launch an advertising campaign to get people to update their anti-malware in the same way that there is a push to get people to update from IE6. Whether it would be effective is another matter.

In the long run it seems that unless you offer free updates in perpetuity from the get- go, a certain percentage of people are always going to be running computers without malware protection. Although Windows 8 will include anti-malware software at release, it will be a long time until the last computer running Windows XP, Vista, or 7 without anti-malware protection is put out to pasture.

--

My new book: Windows Server 2008 R2 Secrets. It is a book for experienced Windows administrators who are new to Windows Server 2008 R2 and don't need a lot of basic introductory level material: