If you are new to computing, you may wonder if having anti-virus software is really necessary if you keep your system updated. Are updates alone enough to keep a system secure? Today’s SuperUser Q&A post discusses the situation to help a new computer user make the right decision.
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
SuperUser reader John Sonderson wants to know if keeping Windows 7 updated is enough to stay secure or if he should also have anti-virus software installed:
I was thinking, given that I keep Windows 7 regularly updated through Windows Update, does this make having anti-virus software installed a useless gesture? I may well be a naive user, but it seems to me that if security concerns are found, then any patches to the operating system to close those security holes should solve the problem.
So, if my Windows 7 system is up to date via Windows Update, and I do not use an administrator account (but a restricted account instead), do I still need anti-virus software?
Is keeping his Windows 7 system updated via Windows Update enough to keep his system secure, or should he install anti-virus software as well?
SuperUser contributors Scott Chamberlain and Frank Thomas have the answer for us. First up, Scott Chamberlain:
Updates to Windows will not protect you from software that you yourself have run. If you are tricked into running a malicious program, it can unleash its payload.
You also state, “…if I keep myself logged in as a regular user without administrative privileges” but get a UAC prompt from a program and type in the administrator credentials, it does not matter that you are a regular user.
Windows Update does not protect you from bugs in other software like your web browser (unless you are using Internet Explorer), so a virus could get in that way (which anti-virus software would have blocked).
Lastly, even if the program never gets administrative privileges and does not use any exploits in Windows, there are still plenty of bad things it can do within the bounds of a restricted user account. A non-elevated program can read almost all the files on your hard-drive and send that information anywhere it wants. If you have any valuable information on your hard-drive, the malware author now has a copy of that information as well.
Followed by the answer from Frank Thomas:
No. Windows Update often patches vulnerabilities used by worms and viruses, but rarely affects a trojan’s ability to mess you over. Additionally, lots of bad software can affect you and your user profile without administrative privileges. Back in 2010, we were removing fake anti-virus apps from systems where no admin had ever logged in.
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.