With the ubiquitous nature of antivirus solutions across work and home devices & systems, a frequently asked question in cyber security is “which is the best antivirus to use?”, whether that’s for a small business, a large business or even for use at home. The focus often being whether a change in solution should be made.
Asking which antivirus is the best is a little bit like asking what’s the best car to buy. You have a set of criteria which you use to decide on the car that will best suit your needs, and you will have gone through a thorough process to get your criteria. However, this shouldn’t be a fixed approach, you need to allow for some flexibility to ensure you get the best outcome.
Another potential pitfall in approaching this topic with such a broad question is that what you mean by “best” could be mis-interpreted and the advice you receive, and decision you make, could lead to major issues later on. Do you mean best detection? Best performance? Easiest to use?, ultimately what’s best for one business may not be best for another. If you are seeking something that simply picks up on the most number of viruses you are not looking at the wider antivirus picture. Equally it might be missed that you need antivirus that works on PCs and Macs, or that you need antivirus that isn’t going to cause a performance issue on your machine when it’s running.
Given that this narrow focus could give a false sense of doing the right thing regards antivirus it is worth highlighting that changing one AV for another often only brings marginal gains, so the net gain is not always worth the investment in making a change. Also, antivirus is only one part of a cyber security strategy, and therefore it may be better to focus on what other measures need to be put in place rather than focusing too much on getting a small gain from changing one solution for another.
Further still, antivirus isn’t effective if:
- It doesn’t cover ALL devices
- You don’t know about all of your devices
- It’s not kept up to date
- It’s not manageable
So to this end it would be more effective to focus on the best implementation and ongoing management of the solution you have in place right now, rather than putting in place something that may sound as if it offers increased protection but the reality of the above means this is lost the moment it’s live.
Not to seem all negative about antivirus solutions it is important to state that there are some types of threats that it doesn’t typically prevent as cyber criminals have evolved to develop new attack methods. Antivirus typically relies on being able to detect and protect from what it knows, it doesn’t necessarily have the dynamism required for today’s cyber threats. Whether they are targeting our systems with fileless malware, trying to hit connected devices away from your laptop or desktop machine, or launching attacks when you are working on less secure connections such as public Wi-Fi, the threat landscape cyber criminals have developed is both broader and more complex than ever before.
Ensuring that you are investing and focusing on multiple aspects of cyber resilience and cyber defence will be an approach backed by any experienced cyber security professional you talk to. They’ll also tell you that antivirus is only part of the picture in terms of technical solutions that you need in place to protect your organisation, and will further advocate the importance of protection via your people and processes. These two aspects are critically important and you can read more about process & policy as well as staff training.
So in summary, when exploring what’s the best antivirus to use, the answer to that really is to recognise that you may be focusing on an overall nominal increase in the performance of your antivirus areas of security rather than the other areas which could yield much greater levels of protection against todays threats.