Most major tech blogs have run some variation of the
following headline in recent months: Is it worth paying for an antivirus
The insinuation, of course, is that built in antivirus
solutions for Mac and Windows machines have progressed to such a point that
it’s no longer worth reinforcing them with a paid solution.
While it’s sure to generate clicks, many of the answers from
tech writers are either convoluted or hedged
to the point of not really providing an answer. Let’s explore the question more
The state of built-in security
Even our own experts will join third-party voices in
admitting that built-in solutions like Windows Defender Security Center
(previously Windows Defender) have improved significantly in terms of effective
“Windows Defender has come a long way since the days of
Windows XP and Windows 7,” says Webroot security analyst Tyler Moffitt. “It’s
better than we’ve ever seen. But it’s still not enough.”
PC Magazine lead analyst Neil Rubenking recently said
much the same, writing “Windows Defender’s own developers seem to
consider it a Plan B, rather than a main solution. If you install a third-party
antivirus, Windows Defender goes dormant, so as not to interfere.”
While many built-in antivirus solutions do reasonably well
at turning away well-known strains of malware, it’s the new, sophisticated
variations that tend to have success outsmarting them.
“Top-tier campaigns like Bitpaymer and Ryuk ransomware, or
Trickbot and dridex Trojans—these are all going to get past a lot of built-in
Evasive scripts are another source of trouble for much
built-in security software. This newly common type of attack relies on a user
clicking on a link in a “malspam” email, which then downloads a malicious
payload. Interfaces like Command Line and PowerShell are often used to launch
these attacks. If those terms are unfamiliar, it’s simply important to remember
that they are script-based and regularly evade built-in security.
“There is a growing trend that many people feel that they
don’t need any security software on their computers and that out-of-the-box
security is enough,” says Moffitt. “The reality is that it’s not enough and
built-in software has proven time and time again that it will be beaten by
What you really need from your online security
First off, multi-layered security. Traditional malware isn’t
the only type of threat to watch out for nowadays. In addition to the
script-based attacks mentioned above, mal-vertising campaigns are frequently
launched from legitimate sites using
exploits in runtimes like Java, Silverlight and flash. Drive-by
downloads and pop-up ads can secretly install crypto miners and malicious
programs on a machine without a user knowing it, some miners don’t even need to
download, but your browser will be hijacked and max out CPU to mine cryptocurrency.
And phishing campaigns are becoming increasingly
favored by cybercriminals based on their cost-effectiveness.
“While free solutions offer better security than most
built-in solutions, you can’t beat premium solutions that utilize multiple
layers of security and are backed by cutting-edge technologies like
massive-scale machine learning and contextual analysis engines,” says Moffitt.
What else should you look for in an antivirus solution for
the home? Here are a couple features:
- Something lightweight—By that, we mean
something that doesn’t take up a lot of memory or resources on your machine.
Gamers should especially insist on this quality from an antivirus, but it
should appeal to a broader market as well. “This is especially useful if
you’re using your own devices to work from home during the pandemic and are
worried that security solutions would slow your machines down,” says
- Customer service—Something you’re
unlikely to get from a built-in provider. It’s hard to underestimate the value
of a dedicated team standing by to help you troubleshoot if something goes
wrong. Especially if tech isn’t your sweet spot, you don’t want to commit to
long periods of waiting for a response from a global tech giant, or worse, no
support team at all.
- A VPN for privacy—This is especially
important if working from home is your new normal. “Not only are VPNs a great
way to add a layer of protection by filtering out malicious webpages like
phishing, but they are also a must if you are handling customer information for
work,” says Moffitt. Making sure that critical data is protected at rest and in
transit could help shield your company from major data security compliance
It’s no surprise that we advocate not relying on built-in
antivirus protection to safeguard your data and devices. But our concerns
aren’t unfounded. We’ve simply seen too many fails to protect at the level they
promise. Expect more from your online security solutions and strengthen your
digital fitness, today.