You Don't Need to Buy Antivirus Software.

You Don’t Need to Buy Antivirus Software.

You Don’t Need to Buy Antivirus Software.

We set out to create a standard Wirecutter guide to the best antivirus app, so we spent months researching software, reviewing reports from independent testing laboratories and organizations, and visiting security experts. After all of that, we discovered that most individuals should neither pay for a typical antivirus suite like McAfee, Norton, or Kaspersky nor use free applications like Avira, Avast, or AVG. It turns out that the “best antivirus” for most people to buy is nothing. For the most part, Microsoft’s built-in program, Windows Defender, is sufficient.

We read white papers and releases from institutions and groups like Usenix and Google’s Project Zero and results from independent labs like AV-Test and AV-Comparatives, feature articles from many publications like Ars Technica and PCMag, and white papers and releases from Usenix and Google’s Project Zero. We also researched current viruses, ransomware, spyware, and other malware to see what dangers are attempting to infiltrate most people’s PCs now.

We’ve also spoken with security experts, IT professionals, and The New York Times (Wirecutter’s parent company) information security team over the years to filter out the noise of the typical antivirus table-tennis headlines: Antivirus is increasingly useless, no, it’s still pretty useful, no, antivirus is unnecessary, wait, no, it isn’t, and so on.

Although we usually evaluate all products we’re assessing in any category, we couldn’t test antivirus suites’ performance any better than independent test laboratories can, so we relied on their expertise.

But, in the end, relying on a single software to secure your system, data, and privacy is a terrible idea, primarily because practically every antivirus app is susceptible at some point. No antivirus program, whether commercial or free, can detect every harmful piece of software that enters your computer. Secure passwords, two-factor authentication, data encryption, system-wide backups, automated software upgrades, and intelligent privacy features in your browser are also required. You should be cautious about what you download and, if at all feasible, get software from legitimate sites such as the Microsoft App Store and Apple Mac App Store. Unless you know what you’re doing, you should avoid downloading and reading email attachments. Check out our complete guide on implementing these security levels for more information.

You Don't Need to Buy Antivirus Software.

Why we don’t recommend a traditional antivirus suite

A security program that only protects against a single group of known “viruses” is inadequate. An almost unlimited number of malware variants have been created—that is, encoded to seem like legitimate, trustworthy programs—and that, once opened, deliver their system-breaking contents. Antivirus companies are continuously updating their detection algorithms to stay up with crypting services, but they’ll never be able to keep up with malware creators who are determined to breakthrough.

  • A simple glossary of terms: Malware means “bad software,” It refers to anything that runs on your computer and has unwanted and often severe repercussions. Viruses, Trojan horses, and worms, on the other hand, were enormous, attention-getting concerns in the 1990s and early 2000s; thus, antivirus is an out-of-date phrase that software developers still use. Although all viruses are classified as malware, not all malware is classified as a virus.

So, why not install a comprehensive antivirus suite from a reputable manufacturer to be cautious? For a variety of reasons:

  • Vulnerabilities: There is an issue with the way antivirus programs give protection. “Security software must have high access rights to perform successfully,” according to TechRepublic, “but when it is unsafe or otherwise misbehaving, it becomes a considerably bigger liability owing to the level to which it influences the system.” Critical vulnerabilities have afflicted Symantec and Norton, Kaspersky, and most other major antivirus companies in the past.
  • Performance: Antivirus software is notorious for slowing down computers, blocking other apps’ best security features (such as in the Firefox and Chrome browsers), popping up with distracting reminders and upsells for subscriptions or updates, and installing potentially insecure add-ons like browser extensions without explicitly asking for permission.
  • Privacy: Free antivirus software suffers from all of the issues above and privacy concerns. free-to-download apps are more likely to collect data about your computer and how you use it, sell your private browsing data, and install browser extensions that hijack your search, compromise your security, and add an advertisement to your email signature, as well as install browser extensions that hijack your search, compromise your safety, and add an ad to your email signature.

As a result, we don’t advocate that most individuals take the time or spend the money to install standard antivirus software on their computers.

Two caveats to our recommendation:

  • Do not uninstall any antivirus or other security software if your job, school, or another entity provides you with a laptop. Organizations have different security demands and threat models than individuals, and they must account for differing degrees of technical competence and safe practices among their employees. Make your IT department’s already challenging work even more difficult.
  • People who have important data to safeguard (medical, financial, or otherwise) or have surfing patterns that lead them to riskier portions of the Internet face specific hazards. Our security and habit guidelines are still an excellent place to start, but some situations may necessitate more drastic steps than we discuss here.


Windows Defender is primarily good enough.

“Your device is being protected,” says the Windows Defender Security Center display.

Windows Defender, a powerful antivirus and anti-malware program, is already installed and active by default if you use Windows 10. In December 2019, the AV-Test Institute’s independent testing granted Windows Defender a recommendation and a virtually flawless performance grade.

Because Windows Defender is a built-in tool for Windows 10, it doesn’t need to upsell you or badger you about subscriptions, and it doesn’t require the same kind of certificate trickery to provide deep security for your machine. It does not automatically install browser extensions or plug-ins for other programs. Windows Defender is the default detection tool is a problem that malware authors try to get around. However, having many layers of protection and good habits—mainly sticking to approved app stores and avoiding downloading dubious free versions of things you should pay for, as we discuss in another blog post—should keep you safe from the most dangerous Defender-defeating malware.

In September 2019, AV-Test gave Windows Defender a failing grade for failing to detect several zero-day malware assaults. In AV-December Test’s tests, Windows Defender bounced back, correcting those real-world testing concerns and capturing 100% of the threats. In any event, Windows Defender consistently outperforms any paid third-party antivirus software in lab testing. When a severe vulnerability in Windows Defender was revealed in May 2017, Microsoft responded quickly with a fix—from a Friday-night disclosure to a Monday-evening patch.

No antivirus software obtains flawless results from every test lab, every month, in every test. Still, Windows Defender usually performs as well as (or better than) the competition, is free and is turned on by default.


Why Macs don’t need traditional antivirus

Macs have typically been less prone to infection than Windows machines due to a mix of demographics, historical precedence, and stricter controls:

  • Macs are significantly less common than Windows computers: MacOS was used by 17 percent of Web-browsing desktop computers last year, compared to 78 percent for all Windows versions combined, making it a less profitable target for malware authors.
  • By default, Macs come with a more extensive selection of useful first-party software, and both macOS and downloaded apps are updated through Apple’s own App Store. Users of Windows PCs are more used to downloading software and device drivers from the Internet and granting rights to third-party programs, which are more likely to be dangerous.
  • Newer versions of Windows must compromise software created for previous versions of Windows to operate, resulting in a complex collection of legacy systems to safeguard. However, since OS X’s release, macOS has undergone more minor changes, and Apple has been less reticent to make software for previous versions outdated. Indeed, with the release of macOS Catalina in 2019, Apple effectively declared previous 32-bit software obsolete.
  • Catalina also has security measures that make it more challenging to execute harmful software, such as forcing apps to seek various rights as they are installed, such as access to files, microphones, cameras, and other services. This makes it challenging to install anything unintentionally.

This isn’t to argue that Macs aren’t vulnerable. Macs who install a malicious browser extension are just as susceptible as those who use Windows or Linux. In 2012, the Flashback virus used a Java vulnerability to fool over 500,000 Mac users, accounting for around 2% of all Macs. We’ve also heard that Mac malware is on the rise. Still, because of macOS’s built-in security features, it’s usually more of an annoyance, similar to annoying advertising, than a severe threat.

It would be best to use caution and only install software from the official Mac App Store on a Mac. Browser extensions may sometimes be harmful, so only install extensions you genuinely require.

Most people don’t need added protection

Most people don’t need added protection.

We’ve found that Malwarebytes is mostly unintrusive and can identify malware that Windows Defender may have missed or malware that has made its way onto a Mac if you spend a lot of time in sketchier corners of the Internet or suspect you may have already downloaded malicious software that Windows Defender didn’t catch. For the most part, though, the premium version is not required.

Malwarebytes can identify zero-day exploits that Windows Defender may miss. Therefore the two products can operate effectively together when used in tandem (provided you set it up correctly). The premium version adds active download scanning, which is beneficial if you download a lot of software or email attachments. Still, it’s an expensive proposition at $40 per year for protection against something most people don’t do very often. For the rest of us, you may download Malwarebytes’ free version and use it to manually check your machine when you suspect you’ve downloaded malware.

The best protection is layers and good habits.

It’s absurd to believe that a single software could be universally aware of and guard against all hazards. According to security blogger Brian Krebs, “is certainly the most overstated item in any security toolkit.” Antivirus may indeed detect and defend your system from malicious software, but it is insufficient on its own. We’ve prepared a guide to the best layers of protection and good practices for everybody who uses a computer.

Leave a Comment

Your email address will not be published. Required fields are marked *