Most major tech blogs have run some variation of the following headline in recent months: Is it worth paying for an antivirus solution anymore?
The insinuation, of course, is that built in antivirus solutions for Mac and Windows machines have progressed to such a point that it’s no longer worth reinforcing them with a paid solution.
While it’s sure to generate clicks, many of the answers from tech writers are either convoluted or hedged to the point of not really providing an answer. Let’s explore the question more here.
The state of built-in security
Even our own experts will join third-party voices in admitting that built-in solutions like Windows Defender Security Center (previously Windows Defender) have improved significantly in terms of effective malware protection.
“Windows Defender has come a long way since the days of Windows XP and Windows 7,” says Webroot security analyst Tyler Moffitt. “It’s better than we’ve ever seen. But it’s still not enough.”
PC Magazine lead analyst Neil Rubenking recently said much the same, writing “Windows Defender’s own developers seem to consider it a Plan B, rather than a main solution. If you install a third-party antivirus, Windows Defender goes dormant, so as not to interfere.”
While many built-in antivirus solutions do reasonably well at turning away well-known strains of malware, it’s the new, sophisticated variations that tend to have success outsmarting them.
“Top-tier campaigns like Bitpaymer and Ryuk ransomware, or Trickbot and dridex Trojans—these are all going to get past a lot of built-in antivirus software.”
Evasive scripts are another source of trouble for much built-in security software. This newly common type of attack relies on a user clicking on a link in a “malspam” email, which then downloads a malicious payload. Interfaces like Command Line and PowerShell are often used to launch these attacks. If those terms are unfamiliar, it’s simply important to remember that they are script-based and regularly evade built-in security.
“There is a growing trend that many people feel that they don’t need any security software on their computers and that out-of-the-box security is enough,” says Moffitt. “The reality is that it’s not enough and built-in software has proven time and time again that it will be beaten by malware.”
What you really need from your online security
First off, multi-layered security. Traditional malware isn’t the only type of threat to watch out for nowadays. In addition to the script-based attacks mentioned above, mal-vertising campaigns are frequently launched from legitimate sites using exploits in runtimes like Java, Silverlight and flash. Drive-by downloads and pop-up ads can secretly install crypto miners and malicious programs on a machine without a user knowing it, some miners don’t even need to download, but your browser will be hijacked and max out CPU to mine cryptocurrency. And phishing campaigns are becoming increasingly favored by cybercriminals based on their cost-effectiveness.
“While free solutions offer better security than most built-in solutions, you can’t beat premium solutions that utilize multiple layers of security and are backed by cutting-edge technologies like massive-scale machine learning and contextual analysis engines,” says Moffitt.
What else should you look for in an antivirus solution for the home? Here are a couple features:
- Something lightweight—By that, we mean something that doesn’t take up a lot of memory or resources on your machine. Gamers should especially insist on this quality from an antivirus, but it should appeal to a broader market as well. “This is especially useful if you’re using your own devices to work from home during the pandemic and are worried that security solutions would slow your machines down,” says Moffitt.
- Customer service—Something you’re unlikely to get from a built-in provider. It’s hard to underestimate the value of a dedicated team standing by to help you troubleshoot if something goes wrong. Especially if tech isn’t your sweet spot, you don’t want to commit to long periods of waiting for a response from a global tech giant, or worse, no support team at all.
- A VPN for privacy—This is especially important if working from home is your new normal. “Not only are VPNs a great way to add a layer of protection by filtering out malicious webpages like phishing, but they are also a must if you are handling customer information for work,” says Moffitt. Making sure that critical data is protected at rest and in transit could help shield your company from major data security compliance fines.
It’s no surprise that we advocate not relying on built-in antivirus protection to safeguard your data and devices. But our concerns aren’t unfounded. We’ve simply seen too many fails to protect at the level they promise. Expect more from your online security solutions and strengthen your digital fitness, today.