As you might imagine, I get questions like this all the time. As a result, I do have recommendations for security software and techniques to stay safe in various articles all over Ask Leo!
To make your life a little easier, here’s a short version that sums it all up.
The short-short version
Most home and small-business users who don’t want to think about it too much should simply:
Good basic protection in four steps with only one download.
Basic security software: Windows Defender
Windows Defender comes pre-installed in recent versions of Windows. It does a fine job of detecting malware, does so without adversely impacting system performance, and does so without nagging you for renewals, upgrades, or up-sells. It just does its job quietly in the background …
… exactly what you want from your anti-malware tool.
The ratings game
Every so often, Windows Defender comes under fire for rating lower than other security packages in tests published online. As a result, every so often I get push-back – often angry push-back – that Windows Defender remains my primary recommendation.
There are several reasons I stick to that position.
- No anti-malware tool will stop all malware. Malware can and does slip by even today’s highest rated packages.
- “Highest rated” changes, depending on the date, the test, and who’s doing the testing. There is no single, clear, consistent winner.
- Regardless of how the data is presented, the differences among detection rates across most current anti-malware tools is relatively small compared to other factors.
There are also some very practical reasons I continue to prefer Windows Defender.
- It’s free.
- It’s already installed in Windows 8 and later – there’s nothing you have to do.
- In practice, it rarely impacts system performance.
- It integrates with Windows Update to keep itself up-to-date.
- It has no additional agenda: it’s not going to pester you with renewals, upgrades to more powerful versions, or up-sells to tools you just don’t need.
It’s not perfect, but no security tool is.
Thus my recommendation stands. Windows Defender remains a solid, free anti-virus and anti-spyware package with minimal system impact, and should be appropriate for almost anyone.
Alternatives and additions
On the other hand, I fully recognize that Windows Defender might not be the right solution for everyone. No single product is.
This is where I run into some difficulty trying to make recommendations. The landscape keeps changing. Tools that were once clearly free, have on more than one occasion, moved to promoting their paid product so heavily that the free version virtually disappears. People download and install programs thinking they are truly free only to discover, instead, a free trial, or a free download (if you want to keep it past a certain length of time you’re required to hand over money).
Some programs have become as much self-promotion tools as they are anti-malware tools, bombarding you with sales pitches and upgrade offers to the point of getting in the way of your work.
Things keep changing. So to the extent that I mention specific tools below, caveat emptor – “let the buyer beware”. I can’t honestly predict that the tools will remain recommendation-worthy.
Malwarebytes Anti-Malware has evolved over the years from a tool that defied categorization – not really anti-virus, not really anti-spyware, but still catching things that other tools did not – to a full-featured anti-malware package. What’s important is that it continues to have a very good track record of removing troublesome malware that other packages sometimes miss.
Spybot Search and Destroy is one of the longest running and highly regarded anti-spyware tools out there. Like Malwarebytes, it has also expanded to be a more fully-featured anti-malware tool. I used it for many years myself back in its anti-spyware days.
Caveats with all
I need to reiterate some important points.
- I’m referring to the FREE version of each of these tools, not the “Free Trial”. In several cases they are two completely different downloads. A “free trial” is just that – a trial, typically of a more fully-featured product. Unless you know otherwise, the truly FREE version of these tools would be my recommendation.
- Regardless of which you download, you are still likely to be faced with upgrade and up-sell offers to a more fully featured version, or even an ongoing subscription. Unless or until you know you want this, always decline.
- Speaking of declining: when installing any of these products, always choose custom installation – never the default. You may well get toolbars and other unrelated software you simply don’t need or want. Consider using Ninite to install these tools – all are available there.
If your machine becomes infected with malware of some sort, there’s a good chance that you won’t be able to actually download anything, because the malware will prevent it. That means you won’t be able to download the latest update of your anti-malware tools, or perhaps be able to run them at all. When that happens, you need an offline malware scanner.
An offline scanner is simply a complete anti-virus and anti-spyware scanning tool that you download and burn to CD or DVD, or place on a USB memory stick, using another computer. You then boot the infected machine from the media you created and run the scanner. The infected Windows doesn’t run at all and the scanner can check, change, or repair more than the a normal scanner could.
I recommend Windows Defender Offline for this purpose. Unfortunately, it’s not something you download and keep ready to use. In order to make sure you’re running the most recent update of the tool and its database of malware, it’s important to download it when you need it.
For home and business use, I recommend the use of any good NAT router as a firewall. They don’t have to be expensive, and are one of the simplest approaches to keeping your computer safe from network-based threats. If all the computers on the local network side of the router can be trusted, there’s no need for an additional software firewall.
When traveling, or if you don’t trust the kids’ computer connected to the same network as your own, I recommend turning on the built-in Windows Firewall. In recent versions of Windows, it’s likely already on by default. There’s often no harm in leaving it on, but it can occasionally get in the way of some local machine-to-machine activities like sharing files and folders.
I strongly recommend you back up regularly.
In fact, I can’t stress this enough. 99% of the disasters I hear about could be completely avoided simply by having up-to-date backups.
Keep your computer – Windows as well as all the applications you run – as up-to-date as possible. That means being sure that Windows Update is running. More on that in this article: How do I Make Sure that Windows is Up-To-Date?
The vast majority of computer infections we hear about are due to individuals who have not kept their operating system or applications up-to-date with the latest available patches.
And finally, Internet Safety: 8 Steps to Keeping Your Computer Safe on the Internet has even more tips for keeping your computer safe.