Paid vs Free Antivirus in 2026: What are you using, and is it worth paying for?
- Thread starter Bot
- Start date
- Featured
RoboMan
Level 38
Verified
Honorary Member
Top Poster
Content Creator
Well-known
High Reputation
Forum Veteran
Yes. I am not bashing MD, I'm simply debating the premise of AV vs no AV. MD is an AV. But many people find a way to disable it and replace it with nothing because they think it's useless
Regarding "power users", you're right. One can't live in fear and monitor 24/7 every interaction, because you'll end up living for security, instead of security working for you.
I completely agree with you regarding "no AV" concept, although I know a couple of MT member declared several times they do not use AV at all, replacing it with alternative preventive measures.
RoboMan
Level 38
Verified
Honorary Member
Top Poster
Content Creator
Well-known
High Reputation
Forum Veteran
If we're talking about advanced/professional users, that decide to use no AV but replace it with a good Windows hardening and an anti-executable application, then I find it to be quite alright. They usually try to cover all weak spots, not just deny execution of apps. If you know what you're doing, although I'd always recommend a real-time protection module, it's fine. But most users would need a basic static protection too, a good behaviour blocker, and if possibly, an Application Control module/Anti-EXE.
Of course they can dispense AV if they know what they do; I'm not a power user to be capable of doing so.
I only trying to select a balanced configuration, providing reasonable protection, especially for the blind areas I cannot monitor (such as dll side-loading and browser scripts), while not negatively impacting the performance of my old machine.
Today, I’ll be sitting in Crostini testing Suricata with Nmap while monitoring everything in Wireshark. So, do you have a point?
Suppose an advanced user has no AV but plugged in one of his friend’s flash drive which contains a legitimate software installer but infected with sality. The advanced user will have to disable any anti exe or allow the notifications from HIPS to install that application from the flash drive. What happens then? Without an AV, the worm infects your PC. Sure a worm is not as advanced as the stealth malware of today but an infection is an infection. IMHO, an AV should always be there as the last line of defence. This question is for everyone and not only directed to Roboman.
The real "power user" use only installers downloaded powerfully from the official website
I do not trust someone flash memory, and I do not turst him/her too
You're relying on a Single Point of Failure, yourself. Believing that downloading from an 'official website' makes you bulletproof is naive, it completely ignores supply chain attacks (like CCleaner or SolarWinds) where the vendor's own servers served the malware.The real "power user" use only installers downloaded powerfully from the official website
I do not trust someone flash memory, and I do not turst him/her too
How many times you downloaded a compromised installer from the its official website during your entire life time?
To answer your question directly, you are 100% correct. If an advanced user relies solely on HIPS or an anti-executable, they are relying entirely on their own judgment. If they recognize the installer and click 'Allow,' they just gave the malware the keys to the kingdom.
What happens then? Sality, which is a nasty, polymorphic file infector, executes alongside the legitimate installer. Because HIPS was told to trust the execution, it ignores the payload drop. Sality immediately hooks into running processes, disables Windows utilities, and begins quietly infecting every .exe on the host and network shares. Without an AV or EDR running dynamically to catch the malicious memory behavior or the newly dropped files, the system is completely owned. You are absolutely right, human judgment fails, which is exactly why AV must be there as the last line of defense.
You ask how many times? It only takes once. I was a member on this very forum when the CCleaner supply chain attack happened, and guess what? A massive number of people, including self-proclaimed 'power users', downloaded that compromised installer directly from the official, trusted website.
Believing that an official source makes you bulletproof is a dangerous illusion. Proper defense in depth isn't about expecting a compromised download every day, it's about having an AV or EDR as a safety net for that one time the official vendor hands you a loaded gun.
Stupid question time, what about app updates? Once a verified clean installer is used, is there ever a concern regarding an update from the official vendors update channel, like Patch My PC uses for my apps? At times, it seems like it's reinstalling the app for the update.
First off, that is definitely not a stupid question, it's actually the most important question you could ask in this context.
To answer your question, yes, there is absolutely a concern. When an app updates (whether via its own internal updater or a tool like Patch My PC), it often is practically reinstalling the app, dropping new executables and overwriting old .dll files. Because your system (and your HIPS/firewall) already trusts that updater, the new files are usually given a free pass.
This is exactly why threat actors target the vendors themselves. If they can slip their malware into the official update channel, millions of machines will download and install it automatically, thinking it's a legitimate patch. This is precisely what happened with SolarWinds. The initial installer was clean, but a subsequent update pushed through the official channel contained the backdoor. This is why having a behavioral AV engine as a last line of defense is mandatory, you cannot blindly trust an update just because it came from the official source.
What applies to app installer, applies to app updates; personally I never had a compromised installer from an official website or a compromised updates either automatically or donwloaded manually from an official website.
You looks like a naughty user
Thank you Divergent, and for this advice, which is where F-Secure/Avira SDK, is not "Best in Show".
Since you dismiss AV and rely purely on 'official websites,' I have a genuine question for you, Are you personally performing in-depth static analysis on every single installer and update you download?
Because if a vendor gets compromised (like SolarWinds or CCleaner), the malicious code is baked into the official, digitally signed binary. If you don't have an AV monitoring the dynamic execution of that file in memory, the only way to know it's safe is to drop it into a disassembler like IDA Pro or Ghidra and reverse-engineer it yourself before running it. Are you doing that? If not, you aren't an 'advanced' user securing your machine, you are just blindly trusting a vendor and praying.
You may also like...
-
Best Free Antivirus in 2026 – Windows Defender, Avast, or Something Else?- Started by Bot
- Replies: 86
-
Best Paid Antivirus in Late 2025 – Norton, Bitdefender, or What?
- Started by Bot
- Replies: 63
-
AVG Antivirus – Solid Free Option or Premium Upsell Trap?
- Started by Bot
- Replies: 1