For years, I’ve assumed that most people don’t need third-party antivirus tools and have cheerily passed this suggestion along to others.
After all, Microsoft’s Windows Security suite (also known as Windows Defender or Microsoft Defender) provides built-in virus protection for your PC, and it doesn’t cost a dime. I’ve been using it for years, and the last time I can recall having virus problems on my PC was well over a decade ago.
And yet, looking around for confirmation of this long-held belief quickly turns up an alternate universe, full of experts who insist that everyone should be paying for antivirus software. This advice comes not just from the companies that sell antivirus suites, but from reputable sites that perform antivirus software reviews (PCWorld included).
On top of that, nearly every laptop I’ve reviewed for PCWorld has come with some form of antivirus trialware from companies like McAfee and Norton. Those companies pay PC makers for placement, which wouldn’t make sense if no one bought the products, right?
At this point, I’ve heard enough questions from readers—and family members—that I decided to dig a little deeper. What I’ve learned is that my initial assumptions were mostly correct: Most people can indeed skate by without extra antivirus software. But that doesn’t mean everyone should, or that you shouldn’t take any extra precautions to stay safe.
As an initial sanity check on my antivirus assumptions, I did the most obvious thing possible and put out the question on Twitter: Does Microsoft’s built-in Windows Security software provide enough protection for typical PC users?
The consensus answer was yes, with caveats.
Jared Newman / Foundry
Justin Duino of How-To Geek pointed to his site’s helpful article on the subject, which recommended Windows Security in conjunction with Malwarebytes’ free malware scanner. My fellow freelance journalist Rob Pegoraro also called out a Wirecutter article that came to the same conclusion. Another writer chimed in with a similar recommendation.
The reasoning is simple: Windows Security rivals other programs at sniffing out viruses. While this wasn’t always the case, Microsoft’s detection has improved considerably in recent years, to the point that the independent AV-TEST Institute regularly awards it a perfect 6 out 6 in protection, usability, and performance, beating industry averages.
Perhaps more importantly, security is decentralized now, so a single virus scanner is no longer your only line of protection. Some examples:
Major web browsers can detect and block malicious websites on their own, thanks to tools like Google Safe Browsing.
Those browsers may also warn you if you’re about to download an unrecognized program.
Major email providers, such as Gmail and Yahoo, scan attachments for viruses before you can even download them.
Those same email providers’ spam filters do a great job at keeping malicious emails out of your inbox and warning you of potential phishing schemes.
The SmartScreen filter built into Windows will warn you if you’re attempting to install unrecognized software.
Antivirus, in the end, is just another line of defense. For most people, Microsoft’s built-in defenses should be strong enough.
Getting a second opinion
Jared Newman / Foundry
So why to do some folks recommend Malwarebytes as an additional layer of protection? Mainly because it’s nice to have another set of eyes on your computer.
Last year, for instance, I ran a scan in Malwarebytes, and picked up a set of potentially unwanted programs tied to my installation of Chrome. While my Chrome installation seemed to be working fine—with no sketchy toolbars or search redirects that I could see—this did convince me to delete my sync data from Chrome, reset its settings, and perform a fresh Chrome install. (I suspect it was a browser extension behaving badly.)
But Malwarebytes has its downsides as well. If you’re not careful during installation, it will automatically install its own extension in all your browsers, and the free version routinely nags you with upgrade prompts. Also, unless you disable its real-time protections (which are only available as a 14-day trial for free users), they’ll override Microsoft’s own virus scanner.
I may still occasionally install Malwarebytes to get a second opinion on my computer’s health, but for now, I’m leaving it off my PC as well.
Ian Paul / Foundry
To be clear, third-party antivirus software isn’t a grift with no actual utility behind it. While most people don’t need to pay for antivirus software, there are still some reasons to consider doing so:
You need more help with security: Some antivirus programs offer extra security features beyond the realm of traditional virus scanning. Avast, for instance, can monitor webcam use and let you block untrusted apps from capturing video, and it can also alert you if any of your online passwords are involved in a security breach.
You’re looking to bundle: In addition to extra security features, some antivirus programs offer tools that you might otherwise purchase separately. Norton 360 Deluxe, for instance, includes its own password manager and cloud storage service. Avast One has a built-in VPN and a temporary file cleaner.
You want more kinds of protection: Some third-party tools offer additional methods of protection that aren’t built into Windows. AVG’s “Behavior Shield,” for instance, can look for patterns of malicious behavior even when it hasn’t detected a virus, while Avast One has ransomware protection that prevents apps from encrypting your files without permission. (Windows offers this as well, but not by default.) Antivirus suites also typically provide protection for mobile devices as well as personal computers.
All of these extra features, however, can bloat up your computer, affecting performance and getting in your way, and they might not even be the best tools for the job. I’d much rather use a dedicated password manager than one that’s bundled with antivirus software, and if I needed a VPN, I’d want to choose the provider myself.
While extra antivirus software was essential in the early days of personal computing, these days it’s just one potential tool in the broader security arsenal, which should also include strong passwords, two-factor authentication, robust data backups, and a healthy dose of common sense. On that, at least, the experts seem to be in total harmony.
Want more tech advice like this? Sign up for my Advisorator newsletter, where a version of this column originally appeared.