Nearly a fifth of Windows PCs in the U.S. lack any active security protection, an antivirus vendor said today, citing numbers from a year-long project.
"The scale of this is unprecedented," argued Gary Davis, the director of global consumer product marketing for McAfee, talking about the scope of his company's sampling of PC security.
McAfee took measurements from scans of more than 280 million PCs over the last 12 months, and found that 19.3% of all U.S. Windows computers browsed the Web sans security software. Owners of those systems downloaded and used McAfee's free Security Scan Plus, a tool that checks for antivirus programs and enabled firewalls.
Globally, the average rate was 17%, putting the U.S. in the top 5 most-unprotected countries of the 24 represented in the scans.
Of the unprotected PCs in the U.S., 63% had no security software at all, while the remaining 37% had an AV program that was no longer active. The latter were likely trial versions of commercial antivirus software that had expired.
Antivirus trials are a fact of life in the Windows world. Most new machines come with security software that runs for a limited time. Some new Dell PCs, for example, come with a 30-day trial of McAfee's Security Center program.
"All security companies use pretty assertive means to get users to continue when their subscription expires," acknowledged Davis. "We all try to keep you in the fold."
The fact that more than a third of the Windows systems surfing the Internet without antivirus defenses do so because trials have expired is a problem for not just the security business but for users as well, Davis contended. Hijacked computers affect the entire Windows ecosystem by sending spam, conducting denial-of-service attacks or spreading malware.
Some countries fared better, others much worse, than the U.S.
Finland, for instance, sported a no-defense rate of just 9.7%, or about half that of the U.S. But Singapore's was even higher at 21.8%, with Mexico not far behind at 21.6%.
Counter-intuitively, Windows computers in places like China, India and Russia were more likely to be protected than those in the U.S., Davis said. "They're more in the middle of the pack," he said.
China's and India's unprotected PC rates were more than a percentage point lower than the U.S.'s.
Davis said he was "shocked" at the 17% global number and the 19.3% in the U.S., in part because it was nearly triple the 6% often cited by surveys that ask users if they're running AV software.
He attributed the difference to a number of factors, including users who thought they were protected when actually their security software trial had lapsed, and some skewing in McAfee's data due to the self-selecting nature of the pool of PCs it scans. "Some probably do suspect that their antivirus is turned off, and so take advantage of our free scan," admitted Davis.
But McAfee's number is lower than Microsoft's.
Last year, Microsoft said its telemetry showed an increasing number of unprotected Windows 7 machines, and like McAfee, attributed part of that increase to aging PCs with expired AV trials. According to Microsoft, 24% of Windows 7 systems lacked protection.
"What will be interesting is if Windows 8 gets critical mass, because AV is now part of Windows 8," said Davis, referring to Microsoft's decision to blend Security Essentials with Windows Defender, then bundle the protection -- to be known by the latter label -- with the OS.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.