In 1993, Microsoft released a program called Anti-Virus, or MSAV, for its DOS operating system. It was basic—it could only detect about 1,200 specific viruses, and its users had to manually install updates. Suffice it to say, it left security holes.
Today, Windows 10 comes equipped with Windows Defender, a full antivirus, anti-malware program, and a far cry from its DOS-era predecessor. Sure, there’s far more malware than in 1993, but current software is also more sophisticated. Today, the four major operating systems—Windows, macOS, Android, and iOS—include some form of built-in malware protection, some more robust than others. But for complete endpoint protection, Windows, macOS, and Android devices need third-party antivirus software.
What is antivirus software?
Antivirus is a type of software designed to prevent, scan for, detect, and remove malware from a device as quickly as possible. Once installed, most antivirus software runs automatically in the background, searching for known threats and flagging programs that behave suspiciously.
The word ‘antivirus’ is commonly used to describe security software generally—not just software that detects “viruses.” Despite its outdated label, antivirus software fends off many forms of malware, including viruses.
Malware—or malicious software—is an umbrella term for software designed to harm or exploit a programmable device, server, or network. Malware invades, damages and disables computer systems, often by taking partial control of its operations. Common types of malware include ransomware, trojans, worms, spyware, and adware.
New malware threats emerge constantly. The AV-TEST Institute, an independent organization that evaluates antivirus software, registers over 450,000 new malicious programs and potentially unwanted programs (PUPs) on a daily basis.
Antivirus protects against known threats. Companies are constantly updating their detection systems to outwit new malicious code, and they’re becoming increasingly efficient. However, there’s a potentially infinite number of malware variations. This means you shouldn’t expect antivirus to provide universal protection against all malware. Instead, consider it part of a comprehensive online security regimen—a vital part security experts refer to as endpoint protection.
How antivirus protects your devices
Antivirus scans your device for different types of malware and threats, including network hacks, identity or financial theft, phishing websites, and viruses. Some apps offer additional features to keep your devices secure.
Scanning is the main function of antivirus. Pieces of malware hide in seemingly innocent files, such as program files, music or movie files, and images. You can’t tell whether these contain malware by looking at them. But by running a scan, your antivirus can. Most software allows you to run on-demand and on-access scans that can be scheduled, run constantly in the background, or whenever you see fit. Scanners identifies malware using a variety of methods:
- Malware database. Scanners most commonly identify from a database. A process called signature-based detection uses a library of digital footprints to identify malware. These databases are frequently updated to identify threats that don’t match other malware signatures, known as zero-day threats.
- Heuristics. Malware databases are never exhaustive; there are constantly new and unknown threats, and malware can be encrypted or altered to deceive database tools. Through logical assumptions and loosely defined rules, heuristics-based scanners analyse seemingly safe files to uncover malware.
- Sandboxing. In computing, a sandbox is a testing environment in which new or untested software can be run securely. That is, files running in a sandbox can’t affect those outside of it. Antivirus can run suspect files in a sandbox to test its threat level. Culprit files are restrained within the sandbox and eventually removed.
- Artificial intelligence. To detect new threats, some antivirus companies are incorporating predictive analysis and machine learning into their tools, allowing them to detect threats based on what the malware does, sometimes called behavior-based detection.
Quarantine and removal. Once malware is detected, antivirus either deletes the problem file or holds it in a quarantined area where it can’t infect your system, and from which you can then restore or remove the program yourself.
Browsing protection. You’re vulnerable to malware whenever you’re online. And your vulnerability has a lot to do with the sites you browse, the passwords you use, the information you share, and the files you download—although you can still get infected when taking the right precautions. Antivirus often includes additional internet security features, including:
- Firewalls. On its own, antivirus is device-specific. For added security, firewalls protect against malware and cyber attacks by shielding your network from unnecessary and unwanted traffic.
- Parental controls. To keep kids safe online, parental controls can block adult content, limit usage, and track location of devices.
- Secure browsers. Antivirus might include a secure web browser, which encrypts web activity, analyzes sites for threats, and blocks known phishing sites.
- Password managers. Strong passwords can help protect you and your system from malware. Antivirus may include a password manager, providing an easy way to keep track of your login credentials.
- Identity theft protection. Some antivirus solutions include services that monitor your personally identifiable information (PII), searching for signs of identity theft and providing real-time alerts if your data is at risk.
- VPN. A virtual private network (VPN) allows you to access the public internet through a secure connection. This way, your communication is cryptographically protected, and your browsing history is obfuscated through a third-party server, making it nearly impossible to trace it back to you.
Cleanup tools. These scan your system’s harddrive for files you no longer need, like junk files, temporary files, bloatware, cached web pages, and PUPs.
Encrypted data. To help keep your data secure, some antivirus includes data encryption, both in transit and on storage media.
Not all antivirus is created equally. In fact, some can leave gaping holes in your cyber defense while giving you the false impression that you’re protected. The effectiveness of antivirus depends on:
- Detection engine. The malware detection engine guards against attacks by controlling file, email, and internet communication. It blocks objects classified as malware, then either cleans, deletes, or quarantines the problem file. Your detection engine depends on the quality of your program. For the best results, obtain your software from an established, reputable provider.
- Access privileges. Antivirus requires high access privileges to your system to effectively operate. Verify with you antivirus proder that your software is properly configured to your system. A program with limited access can only perform a fraction of its tasks, leaving you with critical vulnerabilities.
- Update frequency. New variations of malware emerge every day. Regularly updating your antivirus software allows it to keep up to new threats. Consider scheduling daily updates.
What you pay for your antivirus isn’t as important as you might think. Most antivirus companies use the same malware-detection engine regardless if the app is free or paid. However, here’s where free antivirus programs may lack:
- Device compatibility. Free antivirus may not be available on your operating system, and some free versions only cover a single device.
- No firewalls. Most of the free antivirus apps don’t include firewall protection, leaving your network vulnerable to security threats.
- Privacy. As the adage goes, if it’s free, you’re the product. This unfortunately applies to antivirus. Free apps are more likely to collect data about your habits and your device, which is in turn sold to third-party brokers.
Use of system resources
Antivirus is infamous for slowing down computers. According to AV-TEST, “the ‘subjective’ slowing down of a PC frequently reported by users is actually a proven objective fact.” Critics also maintain that antivirus apps sometimes block other apps’ security features, cause pop ups, and install potentially insecure add-ons, like browser extensions, without asking for permission.
AV-TEST examined the trade-off between performance and protection, and concluded that “products from Kaspersky, Bitdefender and Qihoo 360 exhibited the lowest load on the systems, although they provide good protection,” whereas products from Norman, Quickheal and Threat Track proved the most burdensome.
Do you still need antivirus software?
Short answer: Yes. Every major operating system includes built-in security, but complete endpoint protection requires antivirus software. (iOS devices are the only exception thanks to strict developer protocols around the App Store.) The extent of your antivirus needs depends on factors such as your browsing habits and your operating system (OS).
Windows computers are most vulnerable. Data from the AV-TEST shows that in 2020 Windows was targeted by 87 percent of ransomware and saw 91.9 million new malware, whereas Android and macOS saw 3.2 million and 674,496 new malware, respectively.
Windows 10 comes with a free antivirus app called Windows Defender, installed and enabled by default. It offers real-time protection against malware across apps, cloud storage, email, and the web, and manages other security features like Windows Firewall.
Defender fares relatively well in AV-TEST’s independent testing. And because it’s developed by the same company that makes the operating system, you aren’t bothered with subscriptions, certificates, or browser extensions.
But Defender has a lot of drawbacks—one being its ubiquity. Defender is the first malware detection app attackers attempt to work around. Defender isn’t updated often enough to keep up to new threats, nor does it use heuristics or machine learning to detect them. It doesn’t have endpoint protection and response or automated investigation and remediation, and its phishing protection and defense against malware-hosting sites only work in Microsoft browsers, i.e. Edge.
It’s best to go beyond Defender. The top antivirus programs—even the free versions—offer more features and perform significantly better in testing. Note that Defender goes dormant when you install a third-party app.
Android is the world's most popular mobile operating system, making Android devices popular targets for malware attacks. Unfortunately, Google Play Protect, Android’s built-in antivirus scanner, doesn’t protect against ransomware, spyware, or phishing. AV-TEST ranks Play Protect well below the industry average for its protection and usability.
Malware commonly infect mobile devices through unauthorized apps. Although Google removes malware from the Google Play Store, there’s no stringent vetting process for new apps. In other words, it’s still possible to download malware before Google gets to it. In 2020, ransomware called MalLocker, which masqueraded as popular apps, cracked games and video players, held millions of Android devices for ransom.
Google Play Protect is mostly ineffective compared to the top third-party antivirus apps for Android. These provide ransomware protection, safe browsing features, and powerful anti-theft protections. They’re worth installing on your device.
While Macs are immune to most viruses, and while Apple regularly issues updates to patch security holes, there’s more and more Mac-specific malware to be wary of. In fact, the average number of threats per Mac device is about twice that of the average for Windows, and, in 2020, Malwarebytes reported Mac threats increased by more than 400 percent, year-over-year.
Macs running macOS Big Sur come with XProtect, built-in antivirus software that runs in the background. But XProtect relies on signature-based detection, and doesn’t block adware, nor certain malware bundled with fraudulent apps. (Apple itself warns that, “One common way malware is distributed is by embedding it in a harmless-looking app.”) Mac’s built-in scanner can also fail to recognize some forms of malware, like the Shlayer Trojan, which, in 2020, affected 10 percent of the Macs Kaspersky monitors, and accounted for almost a third of detections overall.
Macs are generally less susceptible to malware than Windows and Android devices—but they aren’t as safe as they used to be. Times have changed. Mac users need stronger antivirus protection too.
iOS is the only major operating system that does not require third-party antivirus protection. That’s good news if you only use iOS devices: You don’t need antivirus.
Thanks to strict developer protocols around the App Store as well as native sandboxing, iOS is mostly impervious to malware. And it gets more secure with every update—so secure it’s said to be nearly impossible to write an antivirus program that runs on iOS.
However, iOS users are still vulnerable to phishing sites, malicious wi-fi networks, and—increasingly—spyware. In September 2021, Apple issued emergency software updates for a “critical vulnerability” after researchers at Citizen Lab discovered a Saudi activist’s iPhone had been infected with spyware called Pegasus. “This spyware can do everything an iPhone user can do on their device and more,” a senior researcher at Citizen Lab told The New York Times. Apple plans to introduce new security defenses for iMessage in the next iOS 15 software update, expected in fall or winter of 2021.
Point is, iOS may no longer be the exception to the rule. Stay prudent online and install iOS 14.8 for the latest fixes to take effect.
If I have a VPN, do I still need antivirus?
Yes. These tools have entirely different functions. Although some antivirus apps come bundled with a VPN, there’s no overlap in what they do.
A VPN reroutes your internet activity to a dedicated VPN server before connecting you to the internet, and masks your public IP address with one not tied to your internet service provider. VPNs are one of many tools used to protect personal data online, and work in conjunction with other protective measures, like antivirus, which scans for and eliminates malware.
If you want to encrypt your IP address and protect your device against malware, you need both a VPN and antivirus.
Malware is costly and harmful. Improve your protection by installing reputable, tested antivirus software.
While most devices offer some form of built-in malware protection—and while no one app, built-in or third-party, free or paid, is universally effective against all threats—antivirus software is usually necessary. Consider it an added layer of security.
Neeva is the world’s first private, ad-free search engine, committed to showing you the best result for every search. We will never sell or share your data with anyone, especially advertisers. Sign up today and try Neeva for yourself: neeva.com/signup.