2026 Security Checkup: Bad Medicine ⭐️

Sometimes I’ll see a terrible headline in a news feed in the morning, cringe, and try to avoid viewing the offending article that lies beneath. Sometimes, that strategy is successful. Sometimes, however, it is not, and I will see that headline enough times that I push back my inner warnings and take a look. Which I then regret immediately.

Such was the case with I’ve Tested Every Major Antivirus. Please Don’t Rely on Just Microsoft Defender. It’s written by industry veteran Neil J. Rubenking, so my kneejerk reactions were trust and respect, which provided a nice counterbalance to my equally kneejerk worries about that headline.

And then I read it.

And holy crap, this is among the worst advice I’ve ever read. It is absolutely indefensible at every step along the way.

And I write that with the following self-awareness: In the same sense that I am not a financial expert and yet felt compelled to write From the Editor’s Desk: Conspiracy Theory ⭐️, I am not a security expert, and yet I feel compelled to opine on security, most recently through this 2026 series of articles. In both cases, I approach the topic from a life experience, “school of hard knocks” perspective. I’ve been around the block, so to speak, to the tune of 30+ years in this industry and I not perfect. But I’ve seen things, and I have some thoughts.

And my thoughts include the following.

The author seems to be commingling and mistaking Windows Defender, which is free and built into Windows 11, with Microsoft Defender, which is a part of the subscription-based paid Microsoft 365 offerings. It’s clear he means Windows Defender, however. Probably.

You can rely entirely on [Windows] Defender, at least for system-level protection in Windows 11, and you can do so because you’re being secure in other ways everywhere else.

You do not need third-party antitrust, free or paid.

And you most certainly don’t need a security suite, for the love of God, any more than you need another hole in your head.

Naturally, I have to defend this rather extreme position. But that’s OK. I can do so. Here are the claims with my responses.

Defender doesn’t manage multiple devices

“[A Microsoft blog post about Microsoft Defender] does admit that you might need a third-party antivirus “if you manage multiple devices.” This is 2026. Do you know anyone who doesn’t manage multiple devices? At the very least, you surely have a PC (or a Mac!) and a smartphone. Sorry, Defender won’t do a thing for that phone or Mac.”

Right. And thank God for that: Our smartphones are built to be secure out of the box, in fact, that security is one of the justifications for mobile app store junk fees.

But my big issue here is that we need to be “managing” multiple devices. Yes, we all have several devices of whatever kinds, but the days of “managing” them as if we were some kind of mini-IT department are long past and it was never a good idea to begin with. What we need is security that just works while getting out of our way. This is what Defender does, and unlike a lot of other Microsoft software, you will typically only hear from it once a week when it delivers a notification to let you know everything is going just great. That notification serves as my reminder to turn off, wait for it, that notification.

“Most third-party antivirus solutions include some degree of cross-device management, ranging from simply checking the status of all your devices to taking remote actions such as launching an antivirus scan or triggering an update. You don’t get that with Defender.”

Right. Good. I’m trying to live my life here, not monitor the security status of multiple devices like I work at the Chernobyl nuclear facility.

Phishing protection is limited to Microsoft Edge

“Defender’s SmartScreen filter will steer you away from phishing websites and other fraud. But there’s a catch. This protection only works in Edge. Third-party antivirus apps invariably support Chrome, Edge, Firefox, and Safari, at a minimum. Defender doesn’t do a thing for browsers other than Edge.”

Um.

Let me reword this. Microsoft Edge, like other web browsers, has built-in phishing protection functionality. Third-party web browsers do too. And if you get a third-party antivirus solution, which I do not recommend, that thing might provide browser-based phishing protection that sits on top of whatever the browser already has. Because, again, all web browsers have this feature.

But there is one major caveat. And it is hilarious.

“When I test phishing protection, I challenge the antivirus program alongside the built-in protections in Chrome, Edge, and Firefox. In the last two dozen tests, Edge averaged 75% detection of verified phishing pages. The third-party apps under test averaged 95%, and almost half reached 100% detection.”

So let me get this straight. The built-in phishing protection in Edge is less effective than the phishing protection in third-party AV apps, but you’re upset that Microsoft doesn’t extend its lackluster phishing protection to other web browsers? Curious. But all web browsers offer this protection.

So … how well did the phishing protections built into other web browsers work? Did you test that? And why wouldn’t we simply use the phishing protection available in any password manager–remember, you should use a third-party password manager–since we’re using one already along with whatever anti-tracking and anti-ads extensions anyway? Why add yet another thing to our PC when it’s not needed?

This is starting to feel like a commission-based advertisement for antivirus.

No additional security features included

“Admittedly, Defender is free, so you can’t really expect security bonuses beyond basic antivirus. Or can you? Other free antivirus apps go well beyond the basics. Some of the many bonuses you’ll find in our favorite free antivirus apps are:”

Active defense against trackers in the browser

Some web browsers, like Brave and Helium, provide effective native anti-tracker functionality. But you can secure any web browser against trackers using the right extensions. Then you can test it against Cover Your Tracks to make sure it’s working correctly.

A bootable rescue disk

Which you have to make, it’s not like it’s included in a box. The smarter approach: Keep a Windows 11 Setup disk handy for its Windows Recovery Environment-based recovery tools.

Dark web monitoring

Including in every single password manager. You should use a third-party password manager (and a separate Authenticator app for 2FA).

Secure file deletion

Unnecessary. The PC’s disk is encrypted and you will securely wipe it when you later perform a Reset This PC to sell it, give it away, or otherwise reuse it.

System tune-up

Unnecessary. Windows handles this natively and without any interaction from you, but you can of course run in-box utilities like Disk Cleanup, access any number of third-party “debloat” or “tune-up” apps if you feel it’s necessary. It’s not. But the smartest thing you can do is just reset the PC once a year or so. It’s like getting a new PC in your PC.

A vulnerability scan for missing security patches

We call that Windows Update, and it’s built in.

And more … Microsoft’s post warns that “each added tool increases background activity and complexity,” but these aren’t added tools, just features of the antivirus.

They’re just unnecessary. In addition to being “more crap running in the background on your PC.”

If you’re willing to pay for your antivirus protection, you naturally get even better bonuses. These can include password management and VPN protection, as well as spam filtering, remote management, webcam protection, and even elaborate device control systems that let you limit or ban removable drives.

Yes, you get “more” when you pay.

You are using a third-party password.

Most browsers have some form of VPN, and no one has ever determined that an antivirus-bundled VPN was in some way competitive with free and paid third-party VPNs if you really need such a thing.

You do not need another source of spam filtering. Every email app has that.

You do not need or want to remotely manage your antivirus. It should just work on every device you have and you should never even think about that. And that “elaborate device control system that lets you limit or ban removable drives” is just more of this.

No one needs webcam protection. Every webcam has a way to block the camera.

Scam protection

“Everyone is using AI these days, including crooks and scammers. Deepfake images and videos, emails that seem truly convincing…AI is an amazing boon to the dishonest. The major third-party security companies all recognize this trend. Norton has offered its Norton Genie scam detector app for years. McAfee Scam Protection checks emails, texts, and links as they arrive, warning you of those that reek of fakery. Bitdefender’s Scamio Pro app does the same. These tools have their own AI built in, meaning you can quiz them using natural language if there’s anything you don’t understand.”

You get this from your email provider. Maybe use a good email provider, like Google or Proton. Fun fact: You can route all of your email through a single provider (as I do) to take advantage of a service that works well for this.

I do not want to quiz AI about the security status of my devices.

The Defender user interface falls short

“The image [in the post] shows Defender along with five popular antivirus apps. And even if you misplaced your glasses, it’s really easy to pick Defender out of the pack. Where the others clearly structure their displays to present the most information and functionality, Defender leaves most of its display blank. You can see a few recent activity stats or launch a quick scan, but for anything else, you must scroll way down or dig into links. Yes, it’s a matter of aesthetics, but I think Defender’s user interface is dreadful.”

Here’s what I see.

Five busy, loud user interfaces full of dangerous toggles no one should experiment with and one clean UI that gets out of the way on the rare moment when you actually look at it. But you don’t look at it. It just works in the background and you leave each other alone. Perfect.

Conclusion: Defender is better than nothing

OK.

“You can do so much better. Maybe your budget doesn’t stretch to paying for antivirus? Look at our Editors’ Choice selections for free antivirus, Avast One Basic, and AVG AntiVirus Free. When your finances are in better shape, you can get even more extensive protection from our commercial antivirus Editors’ Choice apps, Bitdefender Antivirus Plus and Norton AntiVirus Plus.”

I’m sorry. When my finances are in better shape, I can pay for an antivirus suite that I don’t need?

No one needs this. What people need are the apps and services I mention above–a third-party password manager, a third-party authenticator app, a secure and private web browser or any web browser with the right extensions, and so on–plus some basic understanding of security best practices in Windows 11 and each device they use, which usually amounts to letting that platform do the right thing for you and not messing around with it.

Third-party antivirus has been superfluous for years, and third-party antivirus suites are a sad relic from a terrible past. You, me, and the author of this travesty would be better off using common sense and listening to good advice. Which the referenced article is not.