Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content

Refresh your driving skills with the Smart Driver online course and save 25%!

Content starts here
CLOSE ×
Search
Popular Searches

Games

Car rental

AARP daily Crossword Puzzle

Hotels with AARP discounts

Life Insurance

AARP Dental Insurance Plans

Travel

Suggested Links
Help Show me my account info Change my Address How do I contact AARP? Where is my membership card? How do I get a digital card?
Red Membership Card

AARP MEMBERSHIP

AARP Membership — $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products, hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. 

 

120x30-AARP-logo-red
Join
Renew
Enroll
Rejoin

AARP en Español

Join
Renew
Enroll
Rejoin
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Continue Cancel

Should You Pay for Antivirus Software? These Experts Say No

A device’s built-in security is often enough, but stay on top of updates, passwords

a laptop with anti virus protection
GETTY IMAGES
By

Rob Pegoraro,

 
AARP
Published February 27, 2023

The $20-plus annual antivirus subscription can seem like a cost of digital living as unavoidable as a broadband connection’s monthly fee.

But several security experts and computing veterans say otherwise: No, you don’t have to pay for “AV” software if you follow basic security practices.

Device and app makers have become a lot more vigilant. In some respects, malware outbreaks affect their own reputations. 

• Rich Mogull: “I just use the AV built into the platforms now,” says the chief executive of the Phoenix security-research firm Securosis.

• Jeremy Epstein: “I don't use any antivirus,” the chair of the New York-based Association of Computing Machinery’s U.S. technology policy committee and a longtime voting-machine security researcher says about his own computers. “And I don’t recommend to family members that they use antivirus.”

• Kyle Tobener: “Should people pay for antivirus software? No,” says the head of security at Copado Solutions. The software development support firm is based in Chicago. “For most users, paying for antivirus does not increase their safety by enough to justify the additional effort and expense.”

• Adam Engst: “I have never paid for commercial anti-malware software for my Mac, and it’s not something I recommend to most people,” says the publisher and CEO of TidBITS in Ithaca, New York. The Apple newsletter has been online since 1990.

Device manufacturers step up to the plate

These people aren’t saying commercial antivirus software adds no protection. They are saying that in practice its cost, added complexity and risk of leaving you unprotected if a subscription lapses outweigh its benefit.

“We want people to have to do as little as possible to stay safe,” Tobener says.

An internet survey of more than 1,000 people, released Feb. 22 from product-review site Security.org, showed 85 percent of respondents using antivirus software, including three-quarters of those ages 45 to 54 and 86 percent of those 55 and older. But more than 3 in 5 rely on free programs, such as Microsoft Defender, which comes already installed on Windows 10 and 11 machines. And slightly fewer users of free programs, 8 percent vs. 10 percent, had problems with a device becoming infected with a virus.

a red key on a white keyboard marked with a white bug
Getty Images

The security industry has often scolded customers to try harder while working to keep them nervous, Tobener says. He decried that approach in a talk at the 2022 Black Hat security conference in Las Vegas, saying, “Fear is a common tactic in cybersecurity.”

Laptops and desktopssmartphones and tablets already include good-enough free protection. It’s not like the bad old days when you had to buy basic security software because a PC came with none.

Microsoft Defender in Windows and Gatekeeper in Apple’s macOS look out for malware in software downloads, either from the web or from the safer app stores in Windows and macOS.

Phones, tablets, browsers add safeguards

Security is tighter on mobile devices. Out of the box, Google’s Android and Apple’s iOS and iPadOS allow app installs only from the stores each company controls.

Android will let you get an app from elsewhere if you must, but its Google Play Protect checks those downloads, too. And both mobile platforms police apps’ access to your data.

That’s why good security advice now starts with “Install security patches.” Engst calls it essential to stay up to date with operating system and app updates because they plug security holes.

That, too, is easier now. The apps most likely to get exposed to sketchy stuff online — web browsers like Apple’s Safari, Google’s Chrome, Microsoft’s Edge and Mozilla Firefox — automatically update themselves. And on the last three browsers, those patches take only a minute or so to install.

Apple, Google and Microsoft’s app stores update software installed through them without your intervention.

AARP Membership Card

AARP Membership — $12 for your first year when you sign up for Automatic Renewal

Join AARP today for $16 per year. Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP The Magazine. 

And the iOS, iPadOS, macOS, Android and Windows operating systems check automatically for updates. But since major patches on those generally require restarts, which on an iPhone, iPad, Mac and Windows PC can leave the device unavailable for several minutes, they let you wait to install them, often until the late night when you’re likely not using the machines. Just don’t wait too long.

Check your (duplicated) passwords

The trickiest part of security nowadays is also one that antivirus apps can’t help on much: the passwords used to sign into apps, sites and services. Phishing scams try to fool us into volunteering them at fake sites while the widespread but ill-advised practice of password reuse enables a scammer to take one guessed or leaked password and see how many accounts it unlocks.

You can thwart phishing attacks with multifactor authentication, where a site has you confirm a login with a one-time code or notification sent to your phone. The strongest forms, such as the passkeys now coming online, ignore phishing sites even if they ask for these codes.

Rachel Tobac, CEO of the San Francisco-based Social Proof Security, offers this counsel about requests for sensitive data or actions: “Be politely paranoid.” For example, before responding to a friend’s request that you wire money, verify their identity with two forms of communication.

It’s also a good idea to be a little paranoid about installing software, even from an app store. If it comes from a company you don’t know and somebody you trust isn’t recommending it, don’t do it.

The usual fix for password reuse is to use a password manager to create and save different logins.

“Use a password manager with unique passwords for each site,” Epstein says.

But Mogull supports lower-tech methods if they help you stop recycling passwords. Even as basic as writing them down: “A password book is totally fine if they don’t want to mess with a password manager.”

Rob Pegoraro is a contributing writer who covers technology. His work also has appeared in Fast Company, PC Magazine, U.S. News & World Report and USA Today.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?

MORE FROM AARP

Benefits Recommended For You

See All