No, Microsoft is not forcing you to use Windows Defender [updated]
It's forcing you to use some kind of antivirus program, though
I'm seeing some stories online stating that Microsoft is forcing you to use Windows Defender, its built-in antivirus program, and that because of this, your PC will slow down if you install a second antivirus program because the two will conflict with each other.
Neither statement is true. You don't have to use Windows Defender, and Windows Defender will not conflict with another antivirus program.
- Should you still pay for antivirus software?
- The best antivirus software to keep your system clean
- New: Microsoft issues emergency Windows patch — install this now
What is true is that Microsoft is making it much harder for you to disable all antivirus programs on your PC entirely, which some people who think they're too smart to get infected by malware like to do. This is a good move on Microsoft's part.
Here's how this works: Windows Defender is installed on all versions of Windows 10. By default, it always runs in the background to stop malware infections and other threats.
But if you install another antivirus program, such as one of those on our best antivirus page (and Windows Defender is one of the best), then Windows Defender will disable itself and let the other program take the reins.
If you remove the third-party antivirus program, then Windows Defender will kick back on. In this way, you've always got some measure of antivirus protection.
Disabling the disabling
Until this month, however, you could go into the Windows Registry and enable an option called "DisableAntiSpyware."
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
That would disable Windows Defender whether or not you had a third-party antivirus solution installed. It would leave you naked to the big bad world of Things that Try to Infect Your Computer, but I guess some people prefer it that way.
But with this month's update to Windows Defender, that Registry option to permanently disable Defender has itself been disabled, unless you're running a server instead of a PC. (Hat tip to Windows Latest for spotting this first.)
You can still temporarily disable Defender by going into Windows Security --> Virus & Threat Protection --> Virus & Threat Protection Settings --> Manage Settings, and then toggling off Real-Time Protection.
That's a good option to have if you're testing system performance, for example. But Defender will turn itself back on after a while if there's no other AV software installed — which, again, is a good thing.
UPDATE: Microsoft tries to clarify the situation
After this story was initially posted Aug. 20, Microsoft changed the language on the DisableAntiSpyware documentation page to further clarify what's happening here.
"DisableAntiSpyware is intended to be used by OEMs [original equipment manufacturers such as PC makers] and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment," the page now states.
"This is a legacy setting that is no longer necessary as Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program. This setting is not intended for consumer devices, and we’ve decided to remove this registry key."
It added, "This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected."
Meanwhile, Bleeping Computer's Lawrence Abrams pointed out that there's another very good reason to deactivate the DisableAntiSpyware option. Several strains of malware have used the option to go into the Registry and turn off antivirus protection on infected machines.
Now, Abrams wrote, "Windows 10 users have far greater protection from threats that tried to disable security software using this technique."
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.