June 6, 2017

Antitrust: Pursue It in Europe We Must.

News Security

Hi folks!

Herewith, the next chapter in our thriller-detective (antimonopoly) series…

As you’ll probably be aware, late last year we turned to Russia’s Federal Antimonopoly Service (FAS) with a complaint against Microsoft. And just recently, we did the same thing in Europe – filing complaints with both the European Commission and German Federal Cartel Office.

So, why are we doing this? Here’s why: we have users – hundreds of millions thereof all around the world. These folks trust us and depend on us to protect their data. They expect only the highest level of protection – that’s why they chose us (and even if they chose different independent antivirus software, they’re still affected by all this). And it’s namely the right of these folks to choose exactly what they want that we’re trying to protect.

We see clearly – and are ready to prove – that Microsoft uses its dominant position in the computer operating system (OS) market to fiercely promote its own – inferior – security software (Windows Defender) at the expense of users’ previously self-chosen security solution. Such promotion is conducted using questionable methods, and we want to bring these methods to the attention of the anti-competition authorities.

Antitrust: Pursue It in Europe We Must.

Btw, our filing with Russia’s FAS has already borne some fruit: Microsoft has fixed some of the issues that we highlighted – and did so without waiting for FAS to issue an official statement (as I explained in a blogpost in early May). So, what can I say? Here’s a sincere thank you to Microsoft for that! Those steps are in the right direction and most encouraging.

But that still leaves today the other approaches and practices we pointed out in our claims that it hasn’t yet put straight. Accordingly, we’re not planning on settling for what we’ve already achieved, and will be carrying on our fight to protect the interests of both the users and the AV industry.

Now, let’s examine those ‘other approaches and practices’ I’ve just mentioned that haven’t been addressed yet by Microsoft.

I Will Confuse You.

Let’s start with the fact that Microsoft’s antivirus is hardwired into all versions of Windows 10 for home users: it’s impossible to turn it off completely, impossible to delete. Until recently no one asked you if you needed it or not. There was a time when, even if you used a different security solution, Microsoft’s own AV all the same periodically ran scans.

Here’s another example: upon attempts to perform any actions with an independent security solution, users are asked at every step: ‘Do you want to run this program?’, adding: ‘You should only run programs that come from publishers you trust’. It’s as if users are about to commit a wrongful action that violates the default settings from Microsoft.

One more example: for three days after the expiry of a license for our security solution and the turning off of protection, we are forbidden – through our own notification system – from informing the user that it might be a good idea to extend the license so that protection could get back up and running. Instead of that, we’re obliged to use Microsoft’s own notification system – now called ‘Action Center’ – to which many users pay little attention.

The weird thing is… such restriction is applied only to antiviruses – with which Microsoft has been trying to compete (and not doing very well at) for years. But in previous (pre-10) versions of Windows there were no such special measures. Thus, it looks like, after years with no success (in competing with other antiviruses), Microsoft has resorted to the use of alternative, OS-empowered (in our view – underhand) tactics.

Notification about expiry of security solution license in Windows 7 (top) and in Windows 10 (bottom)

Notification about expiry of security solution license in Windows 7 (top) and in Windows 10 (bottom)

Disappearing Act.

Another unpleasant problem our users have come up against is the mysterious disappearance of our security software when upgrading to Windows 10. It goes like this:

You’re updating your OS, and while doing so are informed assuredly that all your data and programs will remain intact and safe, there are no incompatible programs, and all is fine and dandy, so you just take it easy while your OS gets updated.

But then, in many cases, while the update is still ongoing – perhaps due to those same underhand tactics again – Windows decides that your existing security solution is, after all, incompatible with Windows 10, deletes its drivers (leaving a bunch of useless files (the solution won’t work without the drivers)), and in its place switches on its own solution.

Windows does this without the explicit consent of users, and also with barely any warning: the notification displays on the screen literally for just a few seconds. Moreover, while this notification states in bold ‘We turned on Windows Defender’, the fact that your existing security solution was removed is in small, non-bold print:

Btw, compare the modest message with the alarming window of Microsoft's own solution

Btw, compare the modest message with the alarming window of Microsoft’s own solution

What’s even more… interesting, is how after the independent protection is deleted, it stays in the list of installed programs! So, if users miss the fleeting ‘notification’ about Microsoft’s protection being turned on, and/or didn’t have time to work out that this means their existing self-chosen security solution has been deleted, they might not understand straight away what’s actually happened. That is, users think their chosen security solution is working (why wouldn’t they? It’s there in the list of installed programs; even the icon on the desktop’s still there) when in fact it’s been deleted.

All in all, the Disappearing Act was designed so that users don’t return to their independent AV, and stay in blissful ignorance as to what’s actually happened.

Re-do Everything; Deadline – Yesterday.

So, how do security solutions wind up on the list of incompatible programs in the first place? Of course, Microsoft has its own criteria of compatibility – and they’re identical for all antivirus products; all’s fair and square there.

The catch comes elsewhere: developers need to ensure compatibility of their antivirus with the final version (the so-called RTM – Release to Manufacturing) of each new update of Windows. And this final version can differ significantly from earlier versions.

Ideally, independent developers need two months after receiving the RTM to carry out all their fine-tuning before the release of the Windows update to the public. Earlier, Microsoft would give us the RTM version in good time, but of late this has been reduced to a couple of weeks before releasing to the public.

Accordingly, we and all other developers need to rush to ensure compatibility before the public launch of the OS. And software development should really never be rushed – especially when it’s antivirus and users’ security is at stake: the potential for difficulties and risks goes up – but it could easily be avoided if the final version of the OS were simply delivered with sufficient time for ensuring compatibility. We’re only asking for a few more weeks to make necessary tweaks, which isn’t a lot to ask when customers’ security is on the line.

Actually, a period much shorter than the customary one given to developers for ensuring compatibility also affects Microsoft itself negatively, plus its users – and not only those who use our products, but literally everyone. While studying new versions of the OS, our experts often find vulnerabilities and mistakes in them and inform Microsoft. And normally there’s time left for Microsoft’s own developers to deal with the discovered bugs before the release of the OS to the public. But if everyone’s in such a hurry, there’s no time for such a luxury.

Microsoft defends these new, shortened testing periods for independent developers by stating something like: ‘these aren’t the days of Windows XP, 7, 9… releases any more. No one has RTM versions these days; Apple hasn’t – either for macOS or iOS; and Google hasn’t for Android. We’ve simply got to keep up with the competition’. However, that’s not true: we still get finalized versions of operating systems that are ready for corresponding program development from both Apple and Google with plenty of time for adjustments. Moreover, their OSs aren’t as complex or multi-component as Windows.

Throw All Antivirus Out the Windows!

But what if all the above-listed actions of Microsoft are simply a coincidence and unintentional? Sorry; it’s difficult to believe that. Can you believe it?! It’s plain as day for us that all the measures are taken deliberately to push its own solution, and by doing so impeding users from being able to make their own informed decisions regarding AV.

Here’s a Microsoft video published on the official Microsoft YouTube channel and also on the Microsoft website:

Fast-forward to 58:30: ‘I want you to think about kicking out the independent antivirus because we’ve got a great solution right now and it’s going to be even better in the months to come’.

More enlightening is seeing how this principle has trickled down to Microsoft’s technical support staff in their everyday work. In many cases they follow a simple rule: in any unclear situation – advise users to delete any independent antivirus solutions!

In many cases they follow a simple rule: in any unclear situation – advise users to delete any independent antivirus solutions!

One of our users in France recently told us about a very strange thing that happened to him. When he called Microsoft with a problem that turned out to be in no way connected with his security solution, the Microsoft tech-support representative announced that: ‘Windows 10 is incompatible with third-party antivirus. It’s a shame that you’ve spent money on a Kaspersky Lab product, but you can’t reinstall it without running the risk of the appearance of new bugs.’

It’s unlikely that such a speech was this tech-support rep’s own invention. Need convincing? Here you go: A slightly softer wording of the very same argument was officially used by Microsoft during its Windows 8 promotion campaign:

What Independent Experts Say.

Maybe Microsoft is acting in the interests of users? Maybe its own solution isn’t only free but also an excellent antivirus so, like, why would anyone need another?

Well, independent testing labs have found zero evidence of that. Let’s have a look at the level of detection of Microsoft’s own solution and compare it with ours. The differences in the results vary from test to test, but… in each and every test Microsoft’s AV detects fewer real threats than our products.

Here’s what AV-Test thinks about it


And here’s what MRG Effitas thinks on the same thing, Q4 2016 and Q1 2017, respectively

Btw, it’s important to be able to get a proper ‘feel’ of the results of the tests. At first glance the difference between, for example, 90% and 98% detection doesn’t seem much. But in actual fact, from the practical standpoint it’s more useful to look at how many threats the protection lets through: 10% and 2%, in our example here means that with the former the likelihood of infection is five times greater than the latter.

It’s also useful to understand that there are two methods of improving the level of detection of threats:

First method: ceaselessly inventing and improving technologies, increasing the size of the antivirus database, hiring the best antivirus experts, instructing smart algorithms… It’s a long and difficult process requiring very serious technological competences.

Second method: not able to use the first method, it’s possible to make a security solution more sensitive = more detections. However, many of those detections will be false positives; i.e., an ok file is mistakenly deemed malicious. This is bad because it will put users on edge for no reason, and can mean the system won’t work with safe files and applications which have been wrongly diagnosed as threats.


Another important parameter for an antivirus is how much computer power it uses up – its ‘performance’. Our security solutions are among the best in terms of performance, and independent tests find us much more effective on resource usage than Microsoft’s antivirus.


Who’s the slow-coach, then?

To summarize:

Microsoft’s own protection solution loses against our products on threat detection, on the number of false positives, and on performance. So why does it recommend/push users to switch to its own protection? Is it really in the best interests of users?

And what about the recently announced ‘streamlined’ Windows 10 S – ‘streamlined’ meaning that users have no choice at all which browser, search engine, antivirus and so on they can use – and have to use Microsoft’s own applications?

Btw, in the corporate version of Windows, Microsoft’s own solution can be switched off; on server versions it can be deleted.

So, What Is It We Want from Microsoft?

We want Microsoft to stop misleading and misinforming our – and not only our – users. We want to see all security solutions being able to work on the Windows platform on a level playing field. And we want to see users being able to decide for themselves what they want and consider important to them.

Besides, we want fair and healthy competition, which has always given excellent results everywhere – no matter in which industry or market. And btw, we invite all our competitors/colleagues to join us: as we’ve already shown, turning to antitrust bodies does bring positive change.

And remember: the only folks who gain unequivocally if there is a monopoly in the security products market are cybercriminals. They’d love nothing more than to be able to concentrate on trying to out-smart the single security solution of a monopolist.