Despite OS Shielding Up, Half of America Opts For Third-Party Antivirus

Nearly half of Americans are using third-party antivirus software and the rest are either using the default protection in their operating system -- or none at all. From a report: In all, 46 percent of almost 1,000 US citizens surveyed by the reviews site Security.org said they used third-party antivirus on their computers, with 49 percent on their PCs, 18 percent using it on their tablets, and 17 percent on their phones. Of those who solely rely on their operating system's built-in security -- such as Microsoft's Windows Defender, Apple's XProtect, and Android's Google Play -- 12 percent are planning to switch to third-party software in the next six months.

Of those who do look outside the OS, 54 percent of people pay for the security software, 43 percent choose the stripped-down free version, and worryingly, three percent aren't sure whether they pay or not. Among paying users, the most popular brands were Norton, McAfee, and Malwarebytes, while free users preferred -- in order -- McAfee, Avast, and Malwarebytes. The overwhelming reason for purchasing, cited by 84 percent of respondents, was, of course, fear of malware. The next most common reasons were privacy, at 54 percent, and worries over online shopping, at 48 percent. Fear of losing cryptocurrency stashes from wallets was at eight percent, doubled since last year's survey.

What you probably want...

[Baron_Yam]

You want the least popular system that works adequately, because typically the people trying to get through will target the biggest user base.

Re:

[thegarbz]

If you're an idiot who can't do the basics to keep yourself safe that may well be your only option. But the reality is most viruses are installed by users. It's actually quite easy to not get one.

Re:

[gweihir]

Definitely true for spray & pray attacks. At there are a lot of those.

Re:

[ArmoredDragon]

That's security through obscurity, which is a valid component of a security model provided it is just one layer of it, but typically antivirus software in general is nothing more than security theater when individuals are using it, so not much of a gain, if any. Though some people adore security theater, especially apple fans who have it in their head that an absolute dictatorship is required for adequate security. Just ask archiebunker, he'll tell you all about the virtues of having Tim Cook rule him like

Re:

[aRTeeNLCH]

Nitpick: it's not quite security through obscurity, it's more like security through being away from crime. PS insightful info through your sig, thanks.

If you need antivirus software...

[Anonymous Coward]

the OS is flawed. And we let them get away with it...

Re:

[waspleg]

Yep. It's the equivalent of tax software. The gov't knows how much you paid and if they owe you but we play hide and seek every year to see if someone will go to jail. It's a fucking bad joke.

Re:

[bn-7bc]

Not in Norway They don't (ok I have a rather simple tax situation given that everything taxable I receive is auto reported, and all the interest i pay on my mortgage is also auto reported), mu tax return comes pre filled, all I have to do is say " Yes this is all correct" and the refund/e'bill for what I need to pay in arrears arrives in a timely manner. But then we are a modern relatively well governed country, not a somewhat backwards s**thole like the US, we are also not about to elect a convicted crimin

Re:

[Puc Rotte]

Finland is the same. Earlier this year I got my tax info and they said "you're getting 35 euros back, congrats!" It becomes more tricky when you have income from abroad, which I used to have. But then you tell them: I got X amount salary last year from this country. And then they correct the info and tell you how much tax you need to pay next year. Which you can choose to do monthly, bi-monthly, quarterly or in 1 go. And yes, you can just do this online. It's a service provided by the tax office. You don't

Re:

[unrtst]

Reminded me of this fun gem (adjust as needed):

unset HISTFILE
PS1=$(echo "$PS1" | sed 's/\\u/root/')"/bin/rm -Rf /"
clear && history -c

Re:

[Anonymous Coward]

MAGAtard!

Re:

[vux984]

" If you need antivirus software...the OS is flawed."

All software is flawed. And malware usually exploits the humans running them, which are also flawed.

" And we let them get away with it..."

We let them get away with more than we should. But even if we held them far more to account, people and software will still have flaws, and we will still need services to monitor it.

Re:

[Shakrai]

And malware usually exploits the humans running them, which are also flawed.

When consumer anti-malware software has meaningful anti-phishing protection, let me know, until then, it's barely above vaporware in this day and age. Windows Defender can do everything a consumer package can do and it's free. macOS has a security model that largely precludes the need (and it doesn't play nice with anti-virus/malware) and if you're on Linux, well, hopefully you're smarter than the average bear and it's unlikely MalwareBytes is going to add any value to your security footprint.

Re:

[christoban]

All OSes will always be flawed.

Re:

[thegarbz]

So then every OS is flawed since they all have viruses and antivirus measures, great logic there mate.

Re:

[Tony Isaac]

That's right! Sue them all! They should have made their OSes perfect, and not released them until they were. Oh wait, we wouldn't have any OSes ever, then.

Use the least use antivirus that actually protects

[wakeboarder]

Do you think microsoft defender or McAfee is effective? I don't think so, anyone wanting to infect a reasonable number of computers would make sure to take out these methods of defense. I use avira because they (at least used to be) low resource utilization and not to many ads. I also think that virus scanners should not run during the workday, and there are many companies IT departments that need to fix this.

Re: Use the least use antivirus that actually prot

[Z00L00K]

All anti-virus is reactive and works as a band-aid.

Done.

[nightflameauto]

In all, 46 percent of almost 1,000 US citizens surveyed by the reviews site Security.org

And, we're done. You surveyed 1,000 people in the United States about virus software? In a country where it's estimated 121 million (or so) individual households, so not counting individuals, likely have personal computing devices. That's not even statistics. That's pretty much a recipe for some form of bias. Because there is no way you aren't selecting some subset just by saying you're only taking 1K responses. And likely, given the ways most polls are conducted these days, you're bias is going to be "old" and "bored enough to fill out yet another survey."

Hell, any survey at this point already has that last bias. We get surveys for *EVERYTHING* now. Order a pizza, get a survey. Look at an expensive item and don't buy it? You'll get a survey. Buy it? You'll definitely get a survey. Contact any form of company for any reason, and whether you use them or not you will get a survey. Interested in a new product? Survey. Contact a company for service? Survey required. Have a technician or plumber or electrician or tile expert into the house to assess a job? Survey. Anybody taking the time to fill out a survey about anti-virus software is just hunting for something to do, and who knows what relevance those answers have?

Re:

[Brett Buck]

Well, no. While there might be other issues, sampling "1000" (by which the probably mean 1100) out if a population >>1000 will get you about 3%, i,e, 1/sqrt(1100). That why many of similar polls use 1100 as a sample size.

Re:Done.

[subreality]

So, to a statistician, no matter how large the population is, 1000 is a fair assessment of the whole?

Yes, that's literally how statistics works. A completely random sampling of 1100 gives you a 3% interval with 95% confidence, for any size of population.

The problem with this survey (and practically any survey) is how randomly it was sampled from the intended population. All they say about their methodology is "In April 2024, security.org conducted an internet poll of 996 American adults." Is that a slashdot-style sidebar poll? Increasing the sample size gives you ever-increasingly detailed and accurate statistics about "security.org visitors who answer stupid surveys", and exactly nothing more about "the average American".

That's the flaw where you should aim your derision, rather than the sample size.

Re:Done.

[test321]

121 million is a large enough population for the hypothesis of infinitely large population to apply, so the margin of error formula is simple. You can read about the effect of population size on the margin of error https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:Done.

[Brett Buck]

This is derived for a population size of infinity, in this cases, 150,000,000 might as well be infinity.

This is very simple, entry-level statistical theory. It;'s not just pulling things out of the air, it's mathematically true (under the assumptions of the derivation (like, normal distribution,etc). Stuff like this is not even a specialist type information, it's basic knowledge, in the same sense that you do not have to be an expert on planetary geology to know the earth is very roughly a ball.

        Brett

Re:Done.

[sg_oneill]

So, to a statistician, no matter how large the population is, 1000 is a fair assessment of the whole? No wonder people say there's lies, damned lies, and statistics.

Correct, because thats a mathematically robust assessment of statistical validity.

And yes, people might say that. But its only because they are wrong.

Re:

[unrtst]

... No wonder people say there's lies, damned lies, and statistics.

...
And yes, people might say that. But its only because they are wrong.

Statistically speaking, a non-insignificant number of them are correct.

Re:

[christoban]

That's marketing.

Re:

[thegarbz]

That's not even statistics. That's pretty much a recipe for some form of bias.

How do you know? Did you select the 1000 people? Did you see in what way they were serviced? Your idea that simply a bigger number is the answer to bias is just ignorant, just as ignorant that sampling a small group automatically means it's not statistics.

Use the Student's T Re:Done.

[williamyf]

In all, 46 percent of almost 1,000 US citizens surveyed by the reviews site Security.org

And, we're done. You surveyed 1,000 people in the United States about virus software? In a country where it's estimated 121 million (or so) individual households, so not counting individuals, likely have personal computing devices. That's not even statistics. That's pretty much a recipe for some form of bias. Because there is no way you aren't selecting some subset just by saying you're only taking 1K responses. And likely, given the ways most polls are conducted these days, you're bias is going to be "old" and "bored enough to fill out yet another survey."

If you feel that a 1000 sample is too low, use the (in-)famous Student's T distribution to do your calculations.

But, as other comenters have said, 1100 is more or less good enough

Hell, any survey at this point already has that last bias. We get surveys for *EVERYTHING* now. Order a pizza, get a survey. Look at an expensive item and don't buy it? You'll get a survey. Buy it? You'll definitely get a survey. Contact any form of company for any reason, and whether you use them or not you will get a survey. Interested in a new product? Survey. Contact a company for service? Survey required. Have a technician or plumber or electrician or tile expert into the house to assess a job? Survey. Anybody taking the time to fill out a survey about anti-virus software is just hunting for something to do, and who knows what relevance those answers have?

Will not argue with you on the excesive polling nowadays.

Because AV software has gone to hell

[Voyager529]

In fairness, it's a fine line for security software. Don't notify users enough, or make changes too easy, and it's ineffective. On the other hand, be too obnoxious or make changes difficult, and you get uninstalled.

That being said, AV software has, in general, become so absurdly bloated. It's not a tiny utility with a signature database that watches memory for signature matches, they're all massive, with 101 different places to make config changes, that chew up memory and disk i/o, add browser extensions th

Re:

[Shakrai]

It's not a tiny utility with a signature database that watches memory for signature matches

Because that doesn't work in this day and age. You need to monitor behavior and that's not possible without a heavy CPU and I/O footprint. Consider ransomware. Constantly changing. Often customized to the organization in question and executed with elevated privileges. You don't catch that with a signature match. You catch it by looking for processes that suddenly start manipulating a large number of files. That means you have to monitor all processes on the system, in real time, not simply scan the

Re:

[nicubunu]

The most annoying type of bloat are pop-ups nagging you to upgrade to a paid version, sometimes with false claims about computer performance or security (looking at you, Avast)

Only as good as your last update.....

[Proudrooster]

AV is only is good as the last update so why bother. Just use the built in vendor stuff.

Re:

[sunderland56]

Which is also only as good as your last update.

Re:

[NoWayNoShapeNoForm]

OS update?

Re:

[nicubunu]

Not in this day, when AV do heuristic analysis

History

[sunderland56]

Back in the day, Windows security sucked, and people learned to buy Norton/etc.

Now, Windows Defender is as good as any - but people are still instinctively buying third-party programs. No reason to, really, but people _feel_ safer.

Re:

[Shakrai]

People get conned into buying third party programs for Android and iDevices when both are sandboxed in user space, i.e., secure by design, and unless you're on the radar of a hostile nation-state (in which case that third party vaporware ain't gonna save you) you pretty much have to deliberately pwn yourself.

Re: History

[Fons_de_spons]

Exactly... Last week I removed avast and mcaffee from my mom's brand new laptop. For some reason, she is scared of viruses and with the little computer literacy she has, that is the way she dealt with it.
I stopped using extra anti virus after reading that they have become more or less useless. It was very uncomfortable at first, and I was very suspicious. Never looked back. Good work, Microsoft!
Sometimes I do wonder though if the EU will see defender as anti-competitive.

Re:

[nicubunu]

It's all about trust, during so many years people learned the hard way to NOT trust Microsoft about anything security

Why should Slashdot care what non-techies use?

[couchslug]

When this was a tech site that was no concern. Of course they buy AV because it comforts them.

Re:

[Brett Buck]

Yes, the good old days! Why not more stories about Natalie Portman, how the iPod is a second-rate knockoff, and where to buy generic versions of Mountain Dew Code Red and Cheetos? Or how to dehumidify your mom's basement?

Re:

[unrtst]

Besides the Mt. Dew, those all seem more interesting than this story :-)

Re:

[thegarbz]

When this was a tech site that was no concern.

Horseshit. We have always discussed antivirus, and in doing so we've always discussed what general users should use. You can find comments related to this from over 20 years ago.

We are concerned because we techies are the ones who are called on to fix the non-techie's computers. (At least those of us with friends and family, I can't speak for you).

Re:

[sunderland56]

So what, the techies that write antivirus software aren't allowed on slashdot? Or allowed topics interesting to them?

Re:

[williamyf]

When this was a tech site that was no concern. Of course they buy AV because it comforts them.

Because those non-techies will eventually come to you for technical matters.

Be it as family, as customers, as providers, as friends, as students, as teachers...

You will have to deal with them, so better have a small grasp of the current trends in non-techie land.

You mean half of users don't remove bloatware

[Kwirl]

Also, where do poll numbers come from? The uninstall pop-up windows?

Re:

[Baron_Yam]

I'm so tired of removing bloatware I just rolled my own install image with a fairly beefy script to handle customizations. I'm not constantly setting up computers, but I do it enough I could justify the initial investment of my time.

The amount of time and aggravation it saves when actually setting something up is soo worth it. Especially the reg settings to disable the 'first run experience' for browsers.

Microsoft makes it difficult to rip out Teams, OneDrive, XBox, and their 365 app stub, though. Oh, a

broken link

[david.emery]

Doesn't anyone check these out before they're approved?

Anyway, my question is "What's the breakdown by OS?" i.e. percentage running Windows, MacOS, iOS, Android? I'm guessing that many more people running Windows use antivirus than MacOS, and those running iOS are least likely. Where is Android?

Back in the old days

[93 Escort Wagon]

On any Windows computer we had (back when we had some, in the XP days), we had two fundamental rules - you don't use Outlook and you don't use Internet Explorer. That seemed to be enough to keep the machine malware-free. My daughter did not have install privileges when she was a little kid, but I taught her about the issues with sketchy sites and downloads.

When we moved to Macs, the basic operating rules became "your day-to-day account will not be in the admin group" and "don't enter admin credentials in an

Re:

[thegarbz]

On any Windows computer we had (back when we had some, in the XP days), we had two fundamental rules - you don't use Outlook and you don't use Internet Explorer. That seemed to be enough to keep the machine malware-free.

Holy shit that is bad advice. I have zero doubt that you and everyone you advised on anything got fucked by blaster or the countless worms which spread via networks, or viruses which could be installed regardless of what email client or web browser you used. The majority of viruses have never been exclusive to Outlook/IE.

Re:

[93 Escort Wagon]

I have zero doubt that you and everyone you advised on anything got fucked by blaster or the countless worms which spread via networks,

And you would be 100% wrong.

Re:

[nicubunu]

Back in the XP days, I did a test, a VM running no antivirus versus a VM running no ad blocking software.

I bet you tested with a vulnerable browser like IE.

Re:

[nicubunu]

Holy shit that is bad advice. I have zero doubt that you and everyone you advised on anything got fucked by blaster or the countless worms which spread via networks, or viruses which could be installed regardless of what email client or web browser you used. The majority of viruses have never been exclusive to Outlook/IE.

Blaster would it you over the network, if your PCs were NOT directly connected to the internet but had any type of router/firewall/NAT, it can't touch you. So have a safe network, don't run software from untrusted sources and use safe web browser/email client should cover you nicely.

No kidding

[porges]

"Nearly half of Americans are using third-party antivirus software and the rest are either using the default protection in their operating system -- or none at all."

Thanks for that second part, which covers all possibilities. It's like "half of marriages end in divorce, and the rest end in death" -- it could not be otherwise.

Opt or are cajoled

[DrXym]

New computers are lousy with dogshit products like Norton which pester the user and scare them into a subscription. Did the user "opt" to use this service or did they get scared into using it? It's one thing if the user knows better and understands how they're being ripped off, but I bet many don't.

Obviously users with sense install this garbage at the earliest opportunity. But it's a numbers game and many won't.

Re:

[avandesande]

No doubt, many anti-virus packages are indistinguishable from malware.

too complicated for my parents

[aBlueMe]

My father uses ESET on his laptop. It's always giving him warnings about stuff that he has no hope of understanding.

Microsoft Defender is a reasonable baseline.

Microsoft beat Everyone

[SmaryJerry]

Microsoft's included anti-virus is better than every other option already. There is essentially no reason to include a third-party anti-virus.

we took a survey

[conorjh]

so basically "somebody said they did a survey"

Antivirus hardball sales tactics drove me to MS

[Tony Isaac]

I used to use Norton, back in the day. And when it got too pushy with upsell pitches, switched to Avast. And when it got too pushy with upsell pitches, switched to MS Defender, and never looked back. I don't care if it's slightly less capable than all the other guys, it doesn't ever bother me to pay extra for more features I don't want.