If you’re short on disposable income, you don’t want to waste any of your money on unnecessary stuff. If you’re sitting atop a pile of simoleons, well, you don’t reach that enviable position by spending a lot. Can you justify purchasing antivirus protection for your devices, or should you just rely on built-ins and come-withs? In most cases, you should cough up the cash. Depending on your device’s operating system, adding antivirus protection beyond what’s built in ranges from a good idea to an absolute necessity.
Windows, macOS, Android, and iOS all include protection against malware, in one way or another. For some, protection takes the form of a full-on antivirus. For others, security is baked into the OS thoroughly enough that malware has a really hard time doing anything. Either way, you can improve your protection by installing a third-party antivirus.
Plan B: The Microsoft Defender Story
Microsoft has offered built-in antivirus protection of one kind or another since the release of Microsoft Anti-Virus for DOS in 1993. The core of that product was purchased by Symantec and became the OG Norton Antivirus. And wow, was it ever simple-minded. At release, it could detect around 1,200 specific viruses, and users had to install any updates manually.
Fast-forward to today, and you get Microsoft Defender, a rather more impressive product. Oh, it went through some rough stages developmentally. When the independent testing labs started including Microsoft Defender, it managed to score below zero in some tests. But that was years ago, and this tool has been steadily improving its scores.
After going through various names, it’s now called Microsoft Defender Antivirus. In addition to providing antivirus protection, it also manages other security features such as Windows Firewall. In our testing, however, we discovered some significant limitations. For example, it scored poorly in our hands-on phishing protection test, which uses real-world fraudulent sites scraped from the web. In any case, its phishing protection and its defense against malware-hosting sites both only work in Microsoft browsers. Do you prefer Chrome? Firefox? Sorry, you get no protection.
Microsoft Defender includes a kind of ransomware protection, in the form of a component that prevents unauthorized changes to files in important folders. Early on, Desktop was included, which proved annoying, as protection kicked in every time an installer wanted to place an icon on the desktop. At present, in Windows 10 and Windows 11, this feature protects the Documents, Pictures, Videos, Music, and Favorites folders. It’s still turned off by default.
Here’s the thing. Microsoft Defender’s own developers seem to consider it a Plan B, rather than a main solution. If you install a third-party antivirus, Microsoft Defender goes dormant, so as not to interfere. If you remove third-party protection, Defender revives and takes up the job of defense again. The best antivirus programs, even free antivirus tools, perform significantly better in testing and offer more features.
Google Play Protect Doesn’t
Google immediately removes any malware that it finds in the Google Play Store, but the key word here is removes. First, the malware shows up in the store, second, however long this takes, Google removes it. The Play Store doesn’t have the same stringent vetting process that comes with Apple’s App Store. Malware does get into the store, and you may well download it before Google cleans up. In addition, it’s easy enough to set your Android to allow sideloading programs independently of the Play Store.
Google Play Protect, the antivirus built into Android, aims to protect your devices from malware. As far as the independent testing labs have found, it does a terrible job.
Experts at AV-Comparatives tested Google Play Protect along with nine third-party android antivirus tools. They collected thousands of unique Android malware samples and tested each antivirus against that collection. They first let the antivirus scan and eliminate samples it recognized, and then launched any that remained, to give behavior-based detection a chance. They also installed 500 popular (and legitimate) apps to check that the antivirus doesn’t wrongly tag them as malicious.
Avira, Bitdefender, G Data, Kaspersky, and Trend Micro Maximum Security caught 100 percent of the samples. Several others managed better than 98%. Play Protect came in last with 81.7% protection. Google’s entry also exhibited the most false positive results, a total of 12, where most of the rest showed no more than one. All the tested antivirus products received the lab’s seal of approval. All, that is, except Play Protect.
In their reports on Windows, macOS, and Android antivirus products, researchers at AV-Test Institute assign a product up to six points each for Protection, Performance, and Usability. That last one means the product doesn’t freak out the user by falsely accusing valid apps. More than 60% of the products tested earned a perfect 18 points, and almost 80% earned the full six points in the essential protection category. As for Google, it took just two of six possible points for protection. That’s actually an improvement—in most previous tests, Google scored a big fat zero for protection.
The verdict is clear: Play Protect won’t protect you. You need a third-party antivirus on your Android devices. We’ve rounded up some favorite Android antivirus tools, looking specifically at solutions that support multiple platforms.
Security Is Baked Into macOS
Sideloading—installing apps from outside the operating system’s store—is common in Android. We’ve even seen security tools that must be installed this way (though we don’t approve). Apple is much more insistent that only App Store apps can be trusted. By default, if it’s not from the App Store you just can’t install it. Yes, you can override that setting, but you really shouldn’t.
For another level of protection, a component called Gatekeeper checks every app you install for malware. Starting in macOS Catalina, Gatekeeper checks apps on every launch, not just at install time, and examines non-malicious apps for security issues. Catalina also makes apps get permission before they can access critical areas. And with Catalina, the operating system resides on a read-only drive partition, separate from all other programs.
To infect another program, a virus needs to modify that program, something that’s not allowed in macOS. To steal private data, a banking Trojan must read memory belonging to your browser, which is likewise not allowed. In the macOS environment, apps are isolated, limited to accessing their own resources. And even if an app managed to break through this barrier and access another program’s memory, features like ASLR (Address Space Layout Randomization) would keep it from finding any treasures stored in memory.
Many manufacturers make PCs, but only Apple makes Macs. The company has full control over the hardware, including the T2 chip present in newer Macs. This chip creates what’s called a Secure Enclave, an area of memory that’s completely unavailable to any process not part of macOS. It also manages Touch ID, encrypted storage, and more.
Despite all these safeguards, macOS malware most definitely exists. At the moment, a sophisticated example dubbed Gimmick (or Storm Cloud) is wreaking havoc in Asia. A few years ago, the Crescent Core attack inveigled its way past Gatekeeper by coopting a certificate that Apple assigned to another developer. And just last year the Silver Sparrow malware downloader made its way onto 30,000 Macs before it was caught.
While Macs aren’t as vulnerable as Windows boxes or Android devices, the old saw that Macs don’t get malware is demonstrably untrue. And unlike Windows, macOS doesn’t include an antivirus utility as such. If you don’t have antivirus protection on your Macs, get it now.
Recommended by Our Editors
What’s Tighter Than macOS? iOS!
“Only a fool learns from his own mistakes. The wise man learns from the mistakes of others”, said Prussian statesman Otto von Bismarck. Apple has had teams developing operating systems since the 80s, plenty of time to make a lot of mistakes. When the iOS team came along, mistakes from previous groups provided plenty of input about what makes for a secure operating system. Release after release, iOS gets still more secure.
So secure, in fact, that it’s not really possible to create an antivirus to run on iOS. A Malwarebytes report from a couple of years ago reports a strong rise in macOS malware, but notes, “On the iOS side, malware exists, but there’s no way to scan for it.” It goes on to point out that this iOS malware consists mostly of nation-state efforts, not the kind of thing your average user needs to worry about.
Even when malware coders (or researchers) do manage to create iOS malware, it tends to have serious limitations. For example, the checkm8 technique allows a partial jailbreak of many older iPhones, from the iPhone 4s to the iPhone X. However, putting checkm8 in place requires that you have physical access to the phone, which must be connected to a desktop computer. A newer technique dubbed NoReboot lets malware persist through an iPhone reboot, but it works by fooling the user into thinking the phone rebooted when it didn’t.
Don’t look for a roundup of iOS antivirus products—we don’t have one. If all you ever use are iOS (and iPadOS) devices, you really don’t need antivirus. You’ll still want to use an iPhone VPN in some situations, however. Speaking of VPNs…
What About My Phone’s Built-In VPN?
We’ve had readers ask why they can’t just use the free VPN built into their iPhones. Indeed, there’s a VPN configuration page in Settings, but you can’t use it without going through the complex process of manually setting up a VPN profile. The most important element of that profile is the VPN server you want to connect with. And to gain access to that server, you’ll need to pay for a subscription. Which comes with an app. So just use ProtonVPN, or whatever app suits you best! The same is true on Android devices.
If you dig into Settings, you’ll find a spot to control your VPN, but it’s a dead end. On an iPhone, you’re free to tap the switch that seems like it would turn on a VPN connection…but it just turns off again. On Android (at least on the Android device I use for testing) the VPN settings slot simply reports “None.” Sorry, your phone just doesn’t have a VPN client built in.
Protect Your Devices
If you’re using a Windows computer or an Android device, you should most definitely install a third-party antivirus utility. Microsoft Defender is getting better, but it’s not up to the best competitors, even the best free ones. And Google Play Protect is ineffective.
Tight security aside, Mac users need protection too. One recent study showed Macs getting infected at a higher rate than PCs. That could well be due to Mac’s long-standing reputation for resisting malware. As for iOS, Apple got it right, right from the start. This platform has so much security built in that it’s nearly impossible for an attack to succeed (nearly, but not completely). That protection also means it’s nearly impossible to write an iOS antivirus. Use the time and money you saved not installing iOS protection to triple-check all your other devices.
For advice on getting started securing your devices, please read How to Check Your Security Software, Settings, and Status.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.