Expiration dates aren't just for food. Antivirus programs can also go stale, and when they do, they're almost as useless as having no antivirus protection at all, according to the latest edition of a twice-yearly Microsoft study.
In its Security Intelligence Report 17, released today (November 18), Microsoft found that computers with expired antivirus protection were only slightly less likely to be infected with malware than computers with no antivirus protection at all, and almost four times as likely to be infected as computers that had up-to-date antivirus protection.
The study in SIR 17 (opens in new tab) was performed on "non-domain" computers, those that aren't controlled from large enterprise administrative servers. Non-domain computers include almost all consumer, and most small-business, PCs.
Microsoft found that PCs with frequently updated, real-time antivirus protection had only a 0.6 percent infection rate. By comparison, 2.2 percent of computers with expired antivirus protection were infected, as were 2.4 percent of computers that had no antivirus protection.
Those look like small numbers, but Microsoft also found that 10 percent of non-domain Windows 8 and Windows 8.1 computers were running expired antivirus protection.
How do PC owners end up with expired antivirus programs? Often, newly purchased machines come with a month or so of free antivirus protection, and owners let that protection expire without renewing or replacing it.
Supporting this thesis, Microsoft found that the month of January 2013 had the highest percentage of computers with active antivirus software, likely correlating to people buying new computers over the holidays. After January, the percentage of actively protected computers trails off as these trial antivirus programs expire.
"Computer users who run expired or out-of-date security software may believe that it continues to provide an adequate, if less than optimal, level of protection. ... This belief is misguided at best," according to SIR 17.
The report also found that expired trial antivirus programs may actually put people at even more risk. Microsoft found that computers with expired antivirus programs from a certain antivirus vendor (identified only as Vendor A) were even more likely to be infected than people with no antivirus protection at all.
"For these vendors, the existence of so many expired trial versions has a significant impact on their ability to offer protection," reads SIR 17.
- Best Free PC Antivirus Software 2014
- Best Android Security Apps 2014
- 12 Mobile Privacy and Security Apps
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.