Microsoft Blocks All Windows 7 Security Updates Unless You Have Antivirus

Microsoft Blocks All Windows 7 Security Updates Unless You Have Antivirus

Microsoft is now withholding security updates from Windows 7 users who don’t have an antivirus installed. There’s a way around this limitation, but you have to manually set a registry key.

Blame Meltdown and Spectre

This is all thanks to the patch for Meltdown and Spectre that rolled out via Windows Update. Microsoft noticed that many antivirus applications were incompatible with the update and caused blue screen errors.

To prevent Windows systems from becoming unstable, Microsoft decided to withhold this security patch from all Windows systems by default. Microsoft told antivirus companies that they had to set a registry key that flags their antivirus as compatible with the update. If the key is present, the patch will install. If the key isn’t, the patch won’t install—that gives antivirus companies time to update and test their software.

But Microsoft actually went further than this. Windows PCs without the registry key won’t get any future Windows security patches, either. Having the registry key present is mandatory for updates. That’s supposed to motivate antivirus companies to update their software and make life easier for Microsoft in the future.

On March 13, 2018, Microsoft lifted this limitation for Windows 10 users. All Windows 10 users will get security updates, whether or not they have the registry key set. But Windows 7 SP1 and Windows 8.1 users still need the registry key.

Microsoft’s support site explains everything, but most Windows users probably haven’t heard about this policy.

Why Windows 7 Users Are In Trouble

If you have an antivirus installed, it’s probably set the registry key for you so you can receive updates. Even on Windows 10 or Windows 8.1, the built-in Windows Defender antivirus sets the key for you. So far, so good.

If you’re using an older, incompatible antivirus app that refuses to set the key, Microsoft will withhold these security updates from you to protect your system stability until you install a compatible antivirus. That all makes sense, although Microsoft should better inform Windows users about this.

But here’s the problem: If you don’t have an antivirus installed at all, like on standard Windows 7 systems, there’s no antivirus to set the registry key. And, since the key isn’t set, Windows won’t install any security updates. Of course, this is crazy, because the only reason you need the key is to prevent errors caused by buggy antivirus software, and these errors won’t occur if you don’t have any antivirus software installed.

Really, Microsoft is just being lazy here. Windows 7 could check to see if you don’t have an antivirus installed—Windows 7 tracks this via the Security Center, for example—and offer you updates anyway. But they aren’t. Windows 7 will continue receiving security updates until 2020—but only if you set this registry key.

How to Set the Registry Key on Windows 7

Microsoft recommends you install an antivirus if you’re on Windows 7. For example, you could just install the free Microsoft Security Essentials antivirus, which is basically the same product as Windows Defender on Windows 10. Install a compatible antivirus and it will create the registry key for you.

But, while we do strongly recommend using an antivirus, it’s especially important to receive security updates if you aren’t using one. To do so, you have to set the same registry key that an antivirus would set, if it were present.

Microsoft’s support site provides the key you need to set. You need to open the Registry Editor, and head to the following location (note that if the QualityCompat key isn’t already present, you’ll need to create it inside the CurrentVersion key):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat

Right-click the QualityCompat key, choose New > DWORD (32-Bit) Value, and then give that new value the following name:

cadca5fe-87d3-4b96-b7fb-a231484277cc

Leave the value set to “0x00000000”—its default. You can now close Registry Editor.

Microsoft should rethink this approach for the sake of Windows 7 users. And, if Microsoft is going to prevent these Windows 7 machines from updating, they need to ensure Windows 7 users are better informed about this policy.

Thanks to Bleeping Computer for noticing this in Microsoft’s support documents

Leave a Reply

Your email address will not be published. Required fields are marked *