Antivirus software is an essential piece of protection on any Windows PC. On an internet where malware is only becoming more and more profitable for organized crime, you don’t want to be without a good antivirus program.
But there are a lot of myths floating around out there about antivirus software. Let’s bust them.
Myth: You need to install antivirus on Windows
You don’t have to install antivirus software on Windows because Windows already comes with antivirus software. In fact, Windows has had built-in antivirus software since Windows 8, and it’s still included on Windows 10 and Windows 11 today. The built-in Microsoft Defender antivirus is part of the Windows Security suite of tools. It’s as basic as it comes, but completely free and runs automatically in the background, even if you never think about or install antivirus software.
Now, you may prefer another antivirus — other antiviruses have extra tools, protection features, and options, and they use different detection engines. But the good news is that every Windows PC has a baseline antivirus package. We’re long past the days of Windows 7, Windows Vista, and Windows XP nagging you to install antivirus software when you set up a new PC.
Microsoft’s antivirus gets out of the way when it needs to, automatically disabling its automatic background scanning features if you choose to install a third-party antivirus. You just don’t have to think about it.
Myth: Only Windows is vulnerable to malware
Malware (including viruses, Trojans, worms, rootkits, ransomware, and all kinds of other appalling things) is a problem on all platforms.
Yes, even Linux is vulnerable to malware threats — just check out the recent XZ Utils backdoor saga that nearly saw a rootkit slipped into a critical piece of open-source software. Or, consider the Linux distribution Ubuntu labeling a malicious app that stole people’s cryptocurrency as “safe.” Linux malware often targets server software, as Linux is so much more popular in data centers than on the desktop.
I’m not trying to single out Linux here! The reality is that malicious software is a problem on all platforms — even Linux. No platform is above the fray.
People may say Macs don’t need antivirus, but Apple actually has an antivirus-style system built into macOS. It’s named XProtect. Various companies also make antivirus programs for Macs.
Further reading: Windows includes built-in ransomware protections. Here’s how to turn it on
Myth: Antivirus will slow down your PC dramatically
Antivirus software runs in the background, scanning files when you download them and before you open them. Before an application launches, your antivirus gives it a quick check and warns you if it appears to be malicious.
Now, obviously this will use some system resources. Your PC is doing a bit of extra work. But we’re not in the ‘90s or early ‘00s anymore. Back then, PCs were much slower. Antivirus software just felt so heavy to use, and you could feel it slowing down your PC at times. I remember it well! But that was long ago.
Modern antivirus applications shouldn’t slow your PC down in a noticeable way. If it takes 2 percent longer to launch an application, will you notice? Not really. Those shouldn’t be constant slowdowns, either — they should occur when you launch an application and the antivirus is checking it out, not all the time while you do things on your PC.
Plus, unless you’ve gone out of your way to disable its background scanning (I recommend against it!), Microsoft’s Defender antivirus is already running in the background on your PC, scanning for malware. When we benchmark PCs here at PCWorld, we leave the standard Defender antivirus running. So, even if you chose to swap out the built-in Defender antivirus for another antivirus, you’d just be trading one antivirus for another — not adding an extra performance cost on top.
In some cases, antivirus software may slow down a workload: If you’re compiling software, for example, and you have a folder where a large number of files are being created, you may want to simply “exclude” such a folder from your antivirus’s scanning. That’s the most you should need to do.
When antiviruses perform their heavy full-system scans, that will definitely slow things down further while they’re running. But those scans are usually scheduled to happen while you’re not using your PC. You shouldn’t notice them at all.
Myth: You have to run antivirus software manually
There’s no need to regularly open your antivirus program, click the “Scan” button, and wait for the results. Your antivirus is automatically scanning in the background to protect you, checking files when you download and launch them. It’s also performing this type of comprehensive system scan on a schedule — in the background — when you aren’t using your PC. Your antivirus will let you know if it finds as problem.
Chris Hoffman/IDG
Save yourself the trouble and avoid the time-consuming manual scans — unless you’re concerned your system might have malware and you want to check all the files on your PC’s storage right now. Scanning like this is just one of many outdated security practices you no longer need to follow.
Myth: Antivirus will protect you from all threats
Antivirus software isn’t completely perfect. Now, I know this is sort of an obvious statement. But I’ve seen many people act like antivirus will provide them perfect protection and run into trouble.
You should think of your antivirus software as a last line of defense. If all your normal security precautions fail or an application you use has a dangerous zero-day flaw that lets an attacker gain access to your PC, your antivirus program is there to pick up the slack and stop malware from running.
But it’s not perfect. Antivirus software catches malware in several ways. For example, it looks for known-dangerous application files — programs that have been seen before that the antivirus knows is bad — and uses heuristics to attempt to guess whether a newly seen file is dangerous or not. Neither method will catch everything. And Windows Security doesn’t even try to protect users from phishing email attacks or surfing potentially dangerous websites (though many premium AV suites off this).
While antivirus is an important layer of protection, it’s not a good idea to rely totally on it. In particular, it’s an extremely bad idea to pirate software and games — if you’re running pirated application files, cracks, key generators, and similar sketchy things, you’re exposing yourself to a lot of potentially dangerous things. Antivirus isn’t guaranteed to protect you from all of them.
Myth: You don’t need antivirus if you’re careful
On the other hand, some people think antivirus is only necessary for less-experienced computer users without ideal security practices. The idea is that, if you’re careful and smart, you can skip the antivirus and get back that little bit of performance.
But this isn’t really true. Malware isn’t just something you get infected with when you’re not careful. Attackers can exploit zero-days in applications you use, and you could be infected simply by viewing a compromised web page. All it would take is the right flaw in your web browser.
The Downfall mod for Slay the Spire was compromised and used to spread malware through Steam’s software update system.
Chris Hoffman/IDG
Also, take a look at Steam: Steam developer accounts have recently been compromised and used to serve malware through Steam game updates — and mod updates. Hopefully Steam’s update system won’t deliver malware to your PC, but it illustrates that it doesn’t just matter how careful you are. A solid antivirus could provide a good layer of protection against attacks like this.
Myth: Antivirus will completely protect you
Antivirus isn’t all you need to protect yourself — and your PC — online. It’s an important part of the puzzle, but you need more than that.
Scam websites and phishing emails are dangerous on every device — not just Windows PCs, but also smartphones. You still need to browse carefully, keep an eye out for scammy-seeming emails, avoid downloading dangerous junk, and not get tricked into giving passwords, payment info, and other personal details to bad websites. Antivirus programs and web browsers do have phishing protection — but, like antivirus scanners, it isn’t perfect.
A good password manager is particularly important. Using strong, unique passwords everywhere is critically important. But, unless you have a photographic memory, you’re probably not going to remember dozens (or hundreds) of strong unique passwords for all your accounts. A good password manager is the solution to keep your accounts secure.
By the way, even if you do install another antivirus on your Windows 11 or Windows 10 PC, you don’t have to pay for one. There are great free antivirus programs you can install if you’re not looking to pay for one of PCWorld’s favorite antivirus programs, though the premium versions tend to protect against more types of threats (such as malicious links, webcam hacks, and privacy monitoring) and offer additional features (like VPNs and parental controls).
Want more PC advice? Subscribe to my free Windows Intelligence newsletter to get all the latest tips, tricks, and news sent straight to your email inbox.