Whenever antivirus software is mentioned, someone always seems to chime up and say they don’t need an antivirus because they’re “careful”, and “common sense is all you need”. This isn’t true. No matter how smart think you are, you can still benefit from an antivirus on Windows.
The idea that antivirus software is only necessary for irresponsible Windows users is a myth, and a dangerous one to spread. In an age where zero-day vulnerabilities are found and sold to organized crime with alarming frequency, even the most careful of users are vulnerable.
Many people think that you can only get malware by downloading suspicious files, running unpatched software, visiting sketchy websites, and doing other irresponsible things like having the Java plug-in enabled in your web browser. But while this is certainly the most common way to pick up malware, it is not the only way malware can spread.
We have previously written about “zero-day” exploits—vulnerabilities that the bad guys find first. Ones we don’t know about, which we can’t protect ourselves from. At events like Pwn2Own and Pwnium, contestants are challenged to compromise fully patched software like Chrome, Firefox, Internet Explorer, Adobe Flash, and more for a financial reward. These browsers and plug-ins inevitably fall as the contestants use unpatched security flaws to crack their security.
These flaws are corrected as soon as they’re found, but new ones inevitably pop up.
In other words, your computer could be infected just from you visiting a website. Even legitimate websites you trust can be compromised—through advertisers or some other vulnarability—and this happens with alarming frequency these days.
An antivirus is your final layer of protection. If a website uses a security flaw in your browser or a plug-in like Flash to compromise your computer, it will often attempt to install malware—keyloggers, Trojans, rootkits, and all sorts of other bad things. These days, malware is the domain of organized crime looking to gather financial information and harness your computer for botnets.
If a zero-day in a piece of software you use does give the bad guys an opportunity to get malware onto your system, an antivirus is your last layer of defense. It may not protect you against the zero-day flaw, but it will likely catch and quarantine that malware before it can do any damage. It shouldn’t be your only layer of protection (browsing carefully is still important), but it absolutely needs to be one of your layers of protection. And there’s no good reason not to run an antivirus on Windows.
Some people believe that antivirus software is heavy and slows down your computer. This is certainly true for some antivirus programs. Older Norton and McAfee antivirus software suites were infamous for slowing down your computer more than actual viruses would. Even some modern antivirus programs are full of notifications and inducements to keep paying for a subscription and buy more expensive security suites, just as adware annoys you with requests to buy products.
However, things have gotten a lot better. Computers have become so fast that antivirus software doesn’t weigh them down like it used to. Furthermore, the antivirus we recommend on Windows—Microsoft’s built-in Windows Defender—is far lighter on resources, and doesn’t contain any of the extra junkware, ads, or paid upgrades other antivirus suites do. It doesn’t try to sell you anything at all—it just does its job. We also recommend installing Malwarebytes alongside Windows Defender for extra protection when browsing—it’s lightweight and hassle-free just like Defender is.
(Windows Defender is not included on Windows 7—but you can download it as Microsoft Security Essentials.)
Most importantly, since Windows Defender doesn’t need hack-y workarounds to hook itself into your system (since it’s made by Microsoft as part of the system), it’s actually safer than other antivirus programs on the market. Win-win.
As such, there’s no reason not to use Windows Defender—unless you just want to brag online that you’re too smart for an antivirus.
An antivirus is only a single layer of security. No antivirus program is perfect, as all the antivirus tests show nothing catches all malware all of the time. if you don’t exercise caution, you may become infected by malware even if you’re using an antivirus (Of course, performing scans with other antivirus programs may help find malware your antivirus suite can’t find.)
Be careful about the files you download and run, keep your software updated, uninstall vulnerable software like Java, and more—but don’t drop your antivirus defenses completely just because you’re being careful. A zero-day in your browser, a plugin like Flash, or Windows itself could open the door to infection, and an antivirus is your last layer of protection.
Malware isn’t what it used to be—much of it is created by organized crime to capture financial information and other sensitive data. Antivirus software helps you stay ahead of the bad guys by a little bit more, and it’s worth using.
Of course, this advice only applies to Windows. Linux computers don’t need antivirus software, and the reported threat of Android malware has been overblown as long as you play it safe. Windows is still the wild west in many ways, and even Macs have recently been brought to their knees — by Java security flaws, of course.