Serious Discussion Antivirus vs. Common Sense — What Really Keeps You Safe in 2025?

Is Antivirus Still Necessary in 2025, or Just Fear-Based Marketing?

  • Absolutely! A good antivirus is essential

  • Only for non-techy people

  • Microsoft Defender is enough

  • Antivirus is overrated

  • AV companies push fear to stay relevant

Results are only viewable after voting.
Putting aside what's possible, let's focus on what's real. How many of us have been infected in the last year, unintentionally? The fact that it's likely a small number, if not zero, is my point about being well-informed. While there are no guarantees in life, you can greatly reduce your risk of a severe car crash by simply wearing your seatbelt and driving with caution.
 
  • Like
  • +Reputation
Reactions: roger_m, TairikuOkami, oldschool and 4 others
Speaking about common sense, common sense is the tool I use to identify false positive detections by AV.
Kaspersky flagged (using system watcher) Ulaa browser installation as malicious, blocked it, and reverted changes, just because it dropped some components in the AppData folder, meanwhile did not make a beep when Yandex installed the whole browser in the same folder.
 
  • Like
Reactions: roger_m, simmerskool, ForgottenSeer 116559 and 3 others
silversurfer said:
Regarding those people claiming I never got infected the majority of them are unable to check everywhere (OS) carefully for hidden malware or traces...
Click to expand...
Exactly!
Marko :) said:
Antivirus software isn't as quickly updated as DNS or ad blocking filters and for that reasons you can't expect them to catch malicious website which typically last an hour or so before they are taken down. Again, this is why phishing is so efficient; antivirus companies just can't keep up with it. By the time antivirus company adds phishing domain into their data base, website is already long gone.
Click to expand...
Your statements are mostly on point but this one is rather nonsensical.

1. If antivirus companies with billions of revenue can’t identify the Phishing website, what makes you think NextDNS or some community-maintained lists will have detection? Unless you are talking about the ability to block brand new websites. Similar reputation and whois analysis is also performed by AVs.

2. There are many real time analysis methods that are employed. They vary from vendor to vendor but pretty much no one nowadays relies solely on the concept of the phishing URL being on blacklist.
If anyone hasn’t tried Check Point Zero Phishing, it may be time to.
In fact the only providers relying simply on blacklists, are the ones that you mentioned (Quad9, Hagezi and so on).

You are saying “that’s why Phishing is so successful, because AV companies can’t keep up. They may be missing some Phishing here and there.
But how much do they block:

Total Phishing Emails ~3.4 Billion Global / Daily


Google Blocks >100 Million Gmail / Daily


Microsoft Impersonations ~42-61 Million Estimate / Daily


UK Businesses Attacked ~1.4 Million UK Gov Survey / Yearly


Confirmed Breaches (DBIR) 949 Verizon DBIR Cohort / Yearly

Marko :) said:
Common sense is the one that will tell you not to enter your credit card details after taking a survey for free iPhone, not an antivirus software. It will also say that you aren't related to any Nigerian prince so you shouldn't give him your data when you get a mail. And that you don't have a banking account in Las Vegas filled with millions that you forgot about.
Click to expand...

Yes, but you are talking about these cheap, ridiculous and very obvious scams that have been around since the millennia. There are highly sophisticated schemes that will make even you, with your common sense, scratch your head and wonder whether this is real or not.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: roger_m, oldschool, simmerskool and 6 others
Divergent said:
Putting aside what's possible, let's focus on what's real. How many of us have been infected in the last year, unintentionally? The fact that it's likely a small number, if not zero, is my point about being well-informed. While there are no guarantees in life, you can greatly reduce your risk of a severe car crash by simply wearing your seatbelt and driving with caution.
Click to expand...
You may be driving with caution, but still, security mechanisms are expected to be implemented. You may be driving with caution, but if your vehicle starts falling apart on the middle of the road, this caution won’t help much.

So it’s a combination of both caution and safety/security tactics being implemented in every aspect and part of the vehicle/computer usage.
 
  • Like
  • Hundred Points
  • +Reputation
Reactions: roger_m, oldschool, simmerskool and 5 others
Trident said:
You may be driving with caution, but still, security mechanisms are expected to be implemented. You may be driving with caution, but if your vehicle starts falling apart on the middle of the road, this caution won’t help much.

So it’s a combination of both caution and safety/security tactics being implemented in every aspect and part of the vehicle/computer usage.
Click to expand...
Thus the seatbelt part of the analogy. Security is absolutely essential, but a lot of common problems could be avoided if people focused more on developing secure habits.
 
  • Like
  • +Reputation
Reactions: roger_m, simmerskool, silversurfer and 5 others
stonjean633 said:
There will always be people who are too gullible that thinks .com is the same as being ".CON"
Click to expand...
The exact definition of "lack of common sense"; common sense encompasses basic knowledge; I should not drive a car without basic knowledge regarding not only driving, but also how car works.
 
Last edited:
  • Like
Reactions: roger_m, Khushal, Trident and 1 other person
Parkinsond said:
The exact definition of "lack of common sense"; common sense encompasses basic knowledge; I should not drive a car without basic knowledge regarding not only driving, but how car works.
Click to expand...
That’s again over-generalisation.

Picture this, you had a 12-hour night shift (third or fourth in a row) and an email comes supposedly from a colleague. It leads to a .con domain. Are you likely to notice? Doubt it.

Not everyone is a tech wizard like the people on MalwareTips and not everyone’s attention can be 100% focused at all times.
What’s “common” sense for you, for someone else could be an extremely complex and complicated matter.
Don’t use yourself as a “unit of measurement” for what’s common sense.

The way barbers do haircut is also “common sense” for them. But if you ask me to do it, you’d be ashamed to leave home for 2 weeks. 🤷🏻‍♂️
 
Last edited:
  • Like
  • Hundred Points
Reactions: roger_m, Victor M, simmerskool and 4 others
Unfortunately, common sense alone won’t protect you from something like an infected PDF sent by a client. In such cases, an antivirus may save you, whether it’s the one that comes with your operating system or a third-party solution, is really a matter of personal preference. Emphasis on may.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Virtuoso, Ameise, oldschool and 4 others
mlnevese said:
Unfortunately, common sense alone won’t protect you from something like an infected PDF sent by a client. In such cases, an antivirus may save you, whether it’s the one that comes with your operating system or a third-party solution, is really a matter of personal preference. Emphasis on may.
Click to expand...
Remember the Linus Tech Channel infostealer situation. I doubt these guys didn’t have “common sense”. They received a fake contract (looking like the tens of other contracts they receive).

As well the word “common” implies that the wide audience is gonna have this sense.
That’s incorrect and unrealistic. The wide audience usually believes that “Trojan Horse” is one “virus” and the “scariest one”.
 
  • Like
  • +Reputation
Reactions: roger_m, mlnevese, oldschool and 3 others
mlnevese said:
Unfortunately, common sense alone won’t protect you from something like an infected PDF sent by a client
Click to expand...
Common sense can; I disable internet connection to pdf reader, disable executing javascript from the reader, enable AppLocker script rules for user space, scan every pdf file before opening, after checking its real extension from properties.
 
  • Like
Reactions: Khushal
Parkinsond said:
Common sense can; I disable internet connection to pdf reader, disable executing javascript from the reader, enable AppLocker script rules for user space, scan every pdf file before opening, after checking its real extension from properties.
Click to expand...
And how is all that “common sense”?
 
  • HaHa
  • Hundred Points
  • Like
Reactions: mlnevese, simmerskool, Parkinsond and 1 other person
Trident said:
Exactly!

Your statements are mostly on point but this one is rather nonsensical.

1. If antivirus companies with billions of revenue can’t identify the Phishing website, what makes you think NextDNS or some community-maintained lists will have detection? Unless you are talking about the ability to block brand new websites. Similar reputation and whois analysis is also performed by AVs.

2. There are many real time analysis methods that are employed. They vary from vendor to vendor but pretty much no one nowadays relies solely on the concept of the phishing URL being on blacklist.
If anyone hasn’t tried Check Point Zero Phishing, it may be time to.
In fact the only providers relying simply on blacklists, are the ones that you mentioned (Quad9, Hagezi and so on).

You are saying “that’s why Phishing is so successful, because AV companies can’t keep up. They may be missing some Phishing here and there.
But how much do they block:

Total Phishing Emails ~3.4 Billion Global / Daily


Google Blocks >100 Million Gmail / Daily


Microsoft Impersonations ~42-61 Million Estimate / Daily


UK Businesses Attacked ~1.4 Million UK Gov Survey / Yearly


Confirmed Breaches (DBIR) 949 Verizon DBIR Cohort / Yearly



Yes, but you are talking about these cheap, ridiculous and very obvious scams that have been around since the millennia. There are highly sophisticated schemes that will make even you, with your common sense, scratch your head and wonder whether this is real or not.
Click to expand...
I agree with you. All security companies have some kind of mechanism to detect phishing. And yes, they block a lot of it, but I really don't think they miss "here and there". They miss A LOT. Doesn't matter what kind of tools they have in their advantage, they still need to get the domain of phishing website in order to detect fraud.

If I created one now and spread the links here on MT, none of the products would react. It's only a question how long it will take security companies to say "oh look! a phishing website!". And I know for a fact it takes them a lot of time before they start blocking the site.

Here in Croatia very popular type of scam is "failed delivery" through SMS. Message simply says Croatian Post tried to deliver a package but you weren't home and that you should open the link to reschedule delivery. Even though I got the message early in the morning; I could still access it several hours later. I tested the website multiple times during the day with VirusTotal and URLVoid, by the end of the day it was blocked by Google and several other security companies, though not nearly all of them.

And this is my point. All of them will end up detecting a phishing page eventually, but not before a lot of people fall for a scam which is what they were supposed to prevent. This is why I mentioned DNS services as a possible protection. You can't reach phishing website until you hit the DNS; they see all requested domains hence they will often be the first one to see something suspicious. I'm very confident DNS0 will block the phishing website before a lot of antivirus companies out there. I don't count Google and Microsoft here. They will be among the first ones to detect phishing due to data collection program they have.
 
  • Like
  • Hundred Points
Reactions: roger_m, oldschool, simmerskool and 2 others

You may also like...