In the previous Microsoft Security Intelligence Report, SIRv14, we introduced a new metric to measure the infection rate for computers protected with real-time antimalware software (protected computers) in comparison to computers that were not protected with up-to-date security software (unprotected computers). Using this new data, we wrote a feature story about the risks of running unprotected. Our customers told us that providing this data really helped measure the value of running real-time antimalware software. It clearly showed that security software can provide a significant contribution to a computer’s protection level.

With Windows 8, we’ve made further improvements to help keep customers protected.

For example, Windows Defender is automatically activated when the Windows 8 device is turned on for the first time, and will only deactivate if another antimalware program is running. If there is no other antimalware software installed, Windows Defender will be enabled. If another antivirus application is activated later, Windows Defender will automatically disable itself. Windows Action Center monitors Windows Defender, and if it is turned off, Action Center will show a notification and provide an option to turn it back on. We’ve done all of this to help ensure that all Windows customers are protected.

What happens when another antimalware product is installed, but then stops receiving updates or the license expires?
Read more at: New infection rate data for unprotected computers - Microsoft Malware Protection Center - Site Home - TechNet Blogs