Still paying for antivirus software? Experts say you probably don’t need it

Josh Brunty had spent over a decade in the cybersecurity field – first as a digital forensics analyst for the West Virginia State Police, then as a teacher at Marshall University – when he discovered a shocking secret about his father, Butch.

Butch Brunty still paid money every year for third-party virus protection on his home computer, which his son said hadn’t been necessary for most people for years.

“He was talking about renewing his antivirus. I said, “Are you literally paying for antivirus? “, Said Brunty. “I don’t know how he ended up doing it, but he ended up logging into Norton, spending around $ 60 a year.”

Brunty’s father, like many others, did not get the message that has become intuitive to many people working in cybersecurity: There is no longer any reason for ordinary people to pay for a antivirus software for their personal devices.

It’s a change that highlights not only how IT security has evolved over the past decade, but also how many people misunderstand the biggest threats to their IT security.

Antivirus software remains focused on its original use: finding and mitigating software viruses. Since modern computer systems already do this, many programs now offer additional protections, such as monitoring the dark web to see if someone is posting personal customer information, which experts find unhelpful.

But the biggest threats most users face are no longer viruses, especially now that so much personal computing takes place on the internet.

Brunty said her father also paid for a virtual private network, which routes a computer’s internet traffic through a third party. They were once considered essential in preventing nearby hackers from spying on online activity, but security experts now say that with additional built-in security protections in most major browsers, VPNs won’t. are only useful in a handful of specific scenarios, like streaming video. which is restricted in some countries or bypass government censors like China’s “Great Firewall”.

“He had no understanding of those two technologies, really,” Brunty said. “I think he just felt like if he spent the money, the investment to pay it was going to protect him from everything.”

Some antivirus programs may offer certain benefits, such as tools that help users avoid email phishing campaigns that steal sensitive login credentials. Others can help prevent identity theft.

But the most Experts agree that the built-in antivirus protections on any major system – a fully updated Windows or Apple computer or an Android phone or iPhone – already protect against viruses just as well as the major programs for which people can pay. However, it is important that users protect their systems with automatic software updates offered by all major software vendors.


It hasn’t always been that way. For much of Microsoft’s history, computer experts feared Windows machines were susceptible to viruses, and there was no firm consensus on which third-party programs people needed to stay safe.

But Microsoft Defender, the free, automatic antivirus program now built into Windows, has become so effective that it’s as good as anything customers can pay for, said Simon Edwards, founder of SE Labs, a London-based company that compare and test antivirus. programs.

“We test it regularly and it’s one of the best products we’ve seen. It has improved a lot, ”said Edwards.

That doesn’t mean malware isn’t a threat. But the newer devices tend to solve most of the problems on their own. Hackers are constantly developing new ways to break into operating systems, and businesses must constantly update ways to stop them. Fortunately, the days of cybersecurity engineers writing patches for new, safer versions of software and just hoping people would update them are largely gone.

“It’s almost impossible these days not to have a fully patched Windows or Mac system because they pretty much require updates,” Edwards said.

While it’s a myth that Macs can’t catch viruses, the myth is well-founded: Macs have basically had antivirus protections built into their operating systems since their inception. The same goes for iPhones and Android smartphones. The UK government is even telling its residents not to bother buying anti-virus software for their phones, as long as they don’t put themselves at unnecessary risk by installing programs not approved by an app store.

Butch Brunty is not alone. A survey by, a cybersecurity advice website, estimated that nearly 45 million homes pay for antivirus software. He also found that people are more and more likely to pay for antivirus software the older they are, and most have been using it for years. The momentum was seen in other parts of the tech world, such as people who continued to pay AOL for internet service even though they had other internet providers.

McAfee, the once ubiquitous Windows antivirus program, still has more than 20 million paying customers, a spokesperson said. More than half of the revenue generated by antivirus company Malwarebytes last year came from personal users, a company spokesperson said. Other major antivirus companies, including Norton, ESET and Kaspersky, did not respond to email requests for information.

But trying to stay safe by relying on antivirus software misses how hackers evolved, said Bob Lord, who revamped the Democratic National Committee’s cybersecurity strategy for the 2018 and 2020 elections afterwards. that the party was hacked by Russian intelligence services in 2016.

“When I look at all of the personal account compromises I’ve seen over the past three years, I don’t think any of them were caused by malware,” Lord said. “They came because the victims had poor password hygiene and didn’t have two-factor authentication on their accounts. “

What to do instead

The good news is that almost any tool that everyone should count on to be more secure is free.

Today’s hackers are more likely to target ordinary people by trying to grab their personal accounts for email, social media, or financial websites. It’s easier to stop them when you know their goal is to “pretend to be you and take control of an account you want to keep private,” said Harlo Holmes, chief information officer. at the Freedom of the Press Foundation, where she advises journalists around the world on the best ways to protect themselves from hackers.

This means using unique passphrases – several words together, which are easier to remember than a string of random characters – because the longer a password, the harder it is for an automated program to guess. People should also protect every important account with two-factor authentication. This allows users to use their phone as a second way to prove their identity to websites, which is an additional obstacle for hackers if they attempt to access any of their accounts.

Experts recommend using an app like Google Authenticator or Authy when setting up two-factor authentication, rather than through a text message, which dedicated hackers can intercept.

Some antivirus products for purchase come with additional perks that address more modern concerns, such as monitoring whether customers’ passwords have been included in a giant dump of stolen credentials or telling them if criminals share their personal information on the dark web.

But most services do little or are available elsewhere for free, said Susan Grant, director of consumer protection and privacy at the Consumer Federation of America, a non-profit group that serves as an umbrella organization for the groups. consumer defense.

“There is a limit to what this type of service actually provides,” Grant said. “They don’t stop you from becoming a victim of identity theft. They can’t stop your information from ending up on the dark web, and they can’t delete it. They can just alert you.

The Have I Been Pwned website allows anyone to check which accounts and passwords have been stolen and exchanged. The Federal Trade Commission offers a free guide for people who have had their identities stolen, as does the nonprofit Identity Theft Resource Center.

“It can make people feel better about paying for such a service,” Grant said. But “the advice you get is available for free from other sources.”

Comments are closed.