Our friends over at Gizmodo today posted a story entitled, "You Don't Really Need an Anti-Virus App Anymore."
Sorry, but that headline is just dumb. If you're running Windows, macOS/OS X or Android, you absolutely do need antivirus software.
Credit: Denis Nata/Shutterstock
The Gizmodo piece (which is a bit more nuanced than its headline) correctly says that keeping your system and internet-facing software updated, following best security practices and using common sense will go a long way to protect you. But none of that will save your butt when a brand-new piece of malware comes along and blows right past your system's built-in defenses.
Good antivirus software will at least give you another chance to stop those new threats. There's no good reason not to have it: Many AV programs have little system-performance impact, and many good ones are free.
Windows 10 may be the most secure operating system I've ever used, and Microsoft Edge the most secure browser, but researchers and online criminals keep finding new ways to attack them.
The Gizmodo writer is right when he says that compared to a decade ago, "Windows has much more robust security options built in, browsers are smarter, and, hopefully, so are the users."
Windows 10 may be the most secure operating system I've ever used, and Microsoft Edge the most secure browser, but researchers and online criminals alike keep finding new ways to attack them.
But you know who else is smarter? People who look for security flaws. Windows 10 may be the most secure operating system I've ever used, and Microsoft Edge the most secure browser, but researchers and online criminals alike keep finding new ways to attack them.
Those vulnerabilities aren't always fixed right away, either. Google found a bad one last November, made it public three months later (after Microsoft hadn't patched it), and the problem wasn't resolved until this week.
If you haven't installed the latest Patch Tuesday updates, you're still at risk from that flaw, even with Windows 10 and Edge. If you have installed the patch, there will be another dangerous flaw disclosed soon enough.
Beefing up the browsers
It's also true that web browsers are a lot safer than they once were. Mozilla Firefox and Google Chrome both automatically update themselves on desktop operating systems, and both they and Microsoft's Edge and Internet Explorer 11 will automatically update Adobe Flash Player.
(If your browser still automatically plays Flash videos and ads, that's a big security risk. Here's how to make sure they'll run only upon your approval.)
But so much bad stuff still gets through browsers, especially via exploit kits that bombard browsers with one attack after another, or through malicious banner ads that secretly drop malware into your computer. Antivirus software does a good job at stopping such stuff.
Gizmodo implies that Windows Defender, which comes built into Windows 8.1 and Windows 10, may be the only antivirus solution you need on a PC. That's not true, at least not yet. Defender is slowly getting better, but it still lets much more malware get past it than do most third-party antivirus products, paid or free.
This bring us to another Gizmodo point of argument: AV software is a waste of money. The truth is that you can get perfectly good AV software, such as that made by Avast, Avira, Bitdefender or Sophos, absolutely free. It may not have all the bells and whistles of paid antivirus software, but it's just as good at protecting your PC, and miles better than Windows Defender.
Gizmodo is ignoring the elephant in the room -- the fact that most Android users either can't keep their phones up to date, can't install apps only from the official Google Play store, or both.
Those other operating systems
What about Macs and Android devices? Those present very different cases. Macs rarely get attacked, but that's because few people try to attack it. Macs live in a nice neighborhood while Windows machines live in a war zone. Still, half a dozen new examples of Mac malware were found last year, and experts expect that number to grow in 2017. (We've seen four new ones already this year.)
As for Android security, Gizmodo dodges the question by stating that, "Smartphones are locked down much more tightly than your laptops and desktops, and if you’re keeping your Apple or Google OS up to date, and only installing apps through the official app stores, then you’re most likely going to be fine."
This is totally disingenuous, and is really only true for Apple devices and the few phones that Google itself sells and provisions. Gizmodo is ignoring the elephant in the room -- the fact that most Android users either can't keep their phones up to date, can't install apps only from the official Google Play store, or both.
That's because smartphone makers and wireless carriers have to dissect and approve every new Android update before they push it out to their customers, and because those same entities often stop updating a phone when it's as young as 18 months old. Even fully supported phones may wait months for a new security update from Google.
Meanwhile, hundreds of millions of Android users in China can't buy apps through Google Play, due to the Chinese government and Google butting heads. Tens of millions of Android phones in other countries don't use Google Play at all.
Here's a page showing the current distribution of Android versions among devices visiting the Google Play store. (This excludes those Chinese phones and many others around the world.) As of this writing, two-thirds of phones with Google Play installed are running Android 5.1 Lollipop or earlier, which are no longer officially supported by Google.
Phones running Lollipop or Android 4.4 KitKat can still get some security updates, if their makers or carriers let them. Phones running Android 4.3 Ice Cream Sandwich will get none at all. All those phones are ripe for attack in ways that fully patched Android phones aren't.
It's as if two-thirds of Windows users were running Windows Vista (partly supported) or Windows XP (not supported at all), and then wise guys like Gizmodo argued that those PCs didn't really need antivirus software.
You know who does dumb things with their computers or smartphones? Everyone.
We are all morons
Finally, one last point. The Gizmodo argument is that smart people won't get infected.
You know who does dumb things with their computers or smartphones? Everyone. We all click on shortened links in Twitter or Facebook, even when we don't know where those links go. We all install free software we find online, even when we know that's risky. We all open email attachments from the boss, or from people who say we owe them money (or vice versa).
Antivirus software will not solve all your security problems. It's not a silver bullet. Something bad may still get through. But your chances of that bad thing making it to the heart of your computer or smartphone are greatly reduced if you add antivirus software to your rings of defenses.