“I won’t do it,” my husband said, seemingly out of the blue, while staring at his monitor. I looked at him quizzically.
“I won’t get antivirus software,” he said. “I have a Windows computer. Defender does a good enough job for me. I’m not going to bother paying for something I know I don’t need.”
Usually, I’d just nod in vague agreement at this software-related outburst and continue with my day. However, I decided to take my spouse’s declaration up with PCMag’s lead security analyst Neil J. Rubenking and get his opinion on the matter.
The Windows Defender of the past wasn’t very effective and managed to score below zero in some independent lab tests, according to Rubenking. That said, in recent years, Microsoft has made some improvements to Windows’ built-in security system. It’s now called Microsoft Defender Antivirus. The software has simple ransomware protection, malware protection, and its lab scores are more than acceptable. Defender is a capable antivirus solution, earning a 3.5 out of 5 score for efficacy from Neil, and it doesn’t require any additional installations or costs.
But what about Microsoft Defender Antivirus’ limitations? It received poor scores for phishing, a scam that boomed while people were at home during the early days of the COVID-19 pandemic. Plus, the software’s SmartScreen malware filter only works for Microsoft browsers. Most third-party antivirus products apply malicious download protection to all popular browsers, including Google Chrome and Firefox.
To me, the most telling aspect of Defender is its developers seem to consider it a fallback solution. When you install third-party antivirus software on your Windows machine, Windows Defender does not interfere with it. However, if you uninstall your third-party protection, Windows Defender activates again. There’s also the simple fact that the best antivirus tools, even the best free antivirus programs, perform better in testing and offer more features than Defender.
I presented all of the above information to my spouse, and he grumbled something about not messing with “dodgy websites” and wandered off. I couldn’t change his mind, but I know he practices diligent security habits such as avoiding malware-infested websites and refusing to open emailed links, so I can guess his computer remains secure.
Install the third-party antivirus on your Windows computer, and while you’re at it, consider antivirus for your Android devices too. iOS is tight as a drum, so you don’t need much help there, but macOS malware exists, and it’s a good idea to safeguard against it with antivirus protection for Macs.
Like what you're reading? You'll love it delivered to your inbox weekly. Sign up for the SecurityWatch newsletterSign up for the SecurityWatch newsletter.
We Test the Best Security Keys
We talk a lot about password health here at PCMag. Still, the fact is, password-protecting your online accounts effectively with unique and complex credentials is only part of the battle against attackers taking control of your online life. The rest comes down to smart browsing habits like avoiding suspicious email links and using multi-factor authentication (MFA).
Multi-factor authentication uses more than one authentication factor for account logins. One of these factors can be a password—for which you should use a password manager—but the other could be something you have with you, like a hardware security key. Since it’s unlikely outsiders will get their hands on both forms of authentication, MFA makes it harder for attackers to take over accounts.
As PCMag senior security analyst Max Eddy writes, hardware security keys can take many forms and are effective at solving most of the problems other MFA setups face. For example, a problem with one-time passcodes sent by SMS is that attackers can intercept them via SIM-jacking. In addition, authenticator apps require a working mobile device, and if something happens to your phone, whether through an attack or your own human error, you lose your authentication device.
Security keys are usually small devices you can keep close at hand—on a keyring for instance—and they plug into your USB slots on your computer, or they have USB-C or Lightning connectors for Android or iOS devices. Hardware security keys are challenging to break, have no batteries, and do not require a network connection. Keep in mind, if you lose the security key, you lose one of your methods of authentication, so keep it somewhere safe and secure.
When looking for a hardware security key, you should go for one with at least FIDO U2F certification so that it will work in nearly every basic security key situation. Budget and ease of use are also factors to consider when choosing the right security key for you.
The best security is useless if you don’t put it to work. Choose an MFA scheme that works for you, and stick to it.
What Else Is Happening in the Online Security World This Week?
- The United States is set to extradite a Ukrainian for REvil ransomware attack on Kaseya. There's a $10 million reward for info on the leaders of the REvil, too.
- From private to public to private again. McAfee could go private in a $10 billion-plus deal with Advent International, Pelmira, and Crosspoint Capital Partners just 13 months after it re-joined the public market.
- The US government is determined to track down and prosecute the individuals behind DarkSide. The State Department is offering a $15 million reward for DarkSide information.