What Security Software Do You Recommend?

What security software should I use? What anti-virus is the best? How about a firewall? And what about spyware? Should I use one of the all-in-one packages that claim to do everything? Is there anything else I need?

As you might imagine, I get questions like this all the time.

Here’s a short summary of my current recommendations.

The short-short version

Most home and small-business users who don’t want to think about it too much should simply:

  • Get a router, even if you have only one computer. This will be your primary firewall.
  • Use Windows Defender, already installed in Windows 8, 8.1 and 10, or install the free Microsoft Security Essentials for earlier versions of Windows. This will be your anti-virus, anti-spyware, and malware scanner.
  • Make sure Windows Update is on to keep your computer as up-to-date as possible.
  • Make sure Windows Firewall is on when you travel — or just leave it on all the time.

That’s it.

Good basic protection in four steps, with only one download.

Basic security software: Windows Defender

Windows Defender Security Center

Windows Defender Security Center in Windows 10.

Windows Defender comes pre-installed in all recent versions of Windows. In fact, Microsoft has doubled-down on its commitment to Windows Defender in Windows 10, and seems to be improving it with every release.

Defender does a fine job of detecting malware, and does so without adversely impacting system performance or nagging you for renewals, upgrades, or up-sells. It just does its job quietly in the background — exactly what you want from your anti-malware tool.

Windows 7 or earlier?

If you’re running a version of Windows prior to Windows 8, you’ll want to download and install Microsoft Security Essentials (MSE). It’s the same as Windows Defender, except it’s not pre-installed and not as aggressively improved.

Important: the “Windows Defender” pre-installed in some earlier versions of Windows is not the same — it’s only an anti-spyware tool. Current versions of Windows Defender and Microsoft Security Essentials are full anti-malware tools.

The ratings game

Every so often, Windows Defender comes under fire for rating lower than other security packages in tests published online. As a result, every so often I get push-back — often angry push-back — that Windows Defender remains my primary recommendation.

There are several reasons I stick to that position.

  • No anti-malware tool will stop all malware. Malware can and does slip by even today’s highest-rated packages.
  • “Highest-rated” changes depending on the date, the test, and who’s doing the testing. There is no single clear, consistent winner.
  • Regardless of how the data is presented, the differences among detection rates across most current anti-malware tools is relatively small compared to other factors.

There are also some very practical reasons I continue to prefer Windows Defender.

  • It’s free.
  • It’s already installed in Windows 8 and later — there’s nothing you have to do.
  • In practice, it rarely impacts system performance.
  • It integrates with Windows Update to keep itself up-to-date.
  • It has no additional agenda: it’s not going to pester you with renewals, upgrades to more powerful versions, or up-sells to tools you don’t need.

It’s not perfect, but no security tool is.

Thus, my recommendation stands. Windows Defender remains a solid, free anti-malware package with minimal system impact. It should be appropriate for almost everyone.

Alternatives and additions

On the other hand, I fully recognize that Windows Defender might not be the right solution for everyone. No single product is.

This is where I run into difficulty trying to make recommendations. The landscape keeps changing. Tools that were once clearly free have, on more than one occasion, moved to promoting their paid product so heavily that the free version virtually disappears. People download and install programs thinking they are free, only to discover it’s a “free trial” or “free download” (if you want to keep it past a certain length of time, you’re required to hand over money).

Some programs have become as much self-promotion tools as they are anti-malware tools, bombarding you with sales pitches and upgrade offers to the point of getting in the way of your work.

Things keep changing. So to the extent that I mention specific tools below, caveat emptor: “let the buyer beware”. I can’t honestly predict these tools will remain recommendation-worthy.

Malwarebytes Anti-Malware has evolved over the years from a tool that defied categorization — not really anti-virus, not really anti-spyware, but still catching things that other tools did not — to a full-featured anti-malware package. It continues to have a very good track record of removing troublesome malware other packages sometimes miss.

Spybot Search and Destroy is one of the longest-running and highly-regarded anti-spyware tools out there. Like Malwarebytes, it has also expanded to be a more fully-featured anti-malware tool. I used it for many years myself back in its anti-spyware days.

AVG, Avira, and Avast, or the “three AV’s”, as I like to call them, are three other free solutions I’ve recommended over the years.

Caveats with all

I need to reiterate some important points.

  1. I’m referring to the FREE version of each of these tools, not the “free trial”. In several cases, they are two completely different downloads. A “free trial” is just that – a trial, typically of a more fully-featured product. Unless you know otherwise, the truly FREE version of these tools would be my recommendation.
  2. Regardless of which you download, you are still likely to be faced with upgrade and up-sell offers to a more fully-featured version, or even an ongoing subscription. Unless or until you know you want this, always decline.
  3. Speaking of declining: when installing any of these products, always choose custom installation, never the default. You may well get toolbars and other unrelated software you don’t need or want. Consider using Ninite to install these tools — all are available there.

What else?


For home and business use, I recommend the use of any good NAT router as a firewall. You probably already have one.

They don’t have to be expensive, and are one of the simplest approaches to keeping your computer safe from network-based threats. If all the computers on the local network side of the router can be trusted, there’s no need for an additional software firewall.

When traveling, or if you don’t trust the kids’ computer connected to the same network as your own, I recommend turning on the built-in Windows Firewall. In recent versions of Windows, it’s likely already on by default. There’s often no harm in leaving it on, but it can occasionally get in the way of some local machine-to-machine activities like sharing files and folders.

Back up

I strongly recommend you back up regularly.

In fact, I can’t stress this enough. 99% of the disasters I hear about could be completely avoided simply by having up-to-date backups.

Macrium Reflect and EaseUS Todo are the backup tools I currently use and recommend. More on backing up here: How Do I Back Up My Computer?

Stay up-to-date

Keep your computer — Windows as well as all the applications you run — as up-to-date as possible. That means being sure that Windows Update is running. More on that in this article: How do I Make Sure that Windows is Up-To-Date?

The vast majority of computer infections we hear about are due to individuals who have not kept their operating system or applications up-to-date with the latest available patches.

And finally, Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet has even more tips for keeping your computer safe.

Video Narration

This is an update to an article originally posted September 30, 2008
Minor updates periodically to keep things current.

Originally published as What Security Software Do You Recommend? on Ask Leo!