Ask a Security Expert: Why Pay for Antivirus?

By George Anderson

**Editor’s Note: Read our list of 20 top antivirus software providers offering products and services via channel partners.**

“Why should I buy an antivirus package when I can just use a free one?”

Gordon Keenan, technical director of TA Systems, says he gets this question constantly from clients, and no wonder. We live in a world where you can get almost everything for free — Wi-Fi, apps, email. However, when it comes to online security, customers might want to think twice before opting for a free solution. My answer: “Your sensitive information and personal identity are not things you’d want to risk getting into the wrong hands. And as the threat landscape continues to evolve and attackers become more sophisticated, it is crucial to consider the benefits of a paid antivirus solution.”

To fully recognize the value of a paid antivirus (antimalware) package, we must first understand its purpose. At its core, antivirus software is designed to prevent the entry of, identify and remove viruses and other malicious software such as worms, Trojans, adware and ransomware. Although free and paid AV solutions are designed with the same goal – to combat malicious threats – there are often significant differences between the two options.

In other words, you get what you pay for.

One of the primary issues with free solutions is that they lack the capabilities to automatically remove and remediate complex malware. This is a major problem for MSPs as there is a significant cost when employees must re-image customer machines compromised by infection.

What companies offer as a “free” antivirus solution often includes limited protection and doesn’t have all the features of a paid version. For example, free AV software might scan files for malware but not prevent the infection in the first place. Take phishing, which remains the most used and most successful attack methods. Without proper protection, users risk having their computers infected, data held for ransom or their identities and credentials stolen. Ransomware accounted for 39 percent of malware-related data breaches last year, according to a recent study by Verizon. Once a scan happens, it’s too late. 

And, attackers are becoming increasingly creative and sophisticated in their methods. A recent report by my company, Webroot, found that 94 percent of malicious executables are polymorphic, meaning the executable file changes completely on each individual device it executes upon. Further, the actions the malware performs also change. This makes the traditional use of signatures and hashes to detect a single instance of malware obsolete. The infection can be delivered to a large number of people and avoid detection as it has morphed so much. Too often, free options do not have elaborate behavior-monitoring capabilities to pick up and warn against today’s elusive attacks.

Additionally, free solutions rarely include technical or telephone support, which is standard with paid options. If the customer has problems installing or running a free program, it can be really difficult to get help, and when dealing with security issues like ransomware, you don’t want to be left to fend for yourself.

There also are hidden costs when using free antivirus, mainly the time to keep the solution up to date and to managed on a day-to-day basis. In many cases, the hourly maintenance cost to support a “free” solution is greater than supporting a paid solution, where the supplier pushes updates proactively. Finally, free security software might be driven by advertisements, where companies try to sell users on other software or an upgrade to the premium solution. This can be a simple nuisance – nobody wants to constantly be served ads – or it might be “malvertising” and a threat to the customer.

It’s key to remember that when a product is free, you (and your data) are often the product.

So, what exactly are you paying for with premium AV?

While each company varies in its antivirus software offerings, AV is a key component of an effective managed security bundle. There are five essential functions performed by the solution:

While antivirus software that is always kept up to date is key to protecting desktops, laptops, tablets and smartphones, the reality is that fighting viruses and malware is an imperfect science, and even paid solutions will make mistakes. The difference with a paid option: Technical support is there to help.

Don’t get me wrong; there are several legitimate free options out there — here’s an extensive comparative review of 31 products. Windows users have their own rating of 18 products. And by all means, free is better than nothing; however, make sure customers who choose to go that route are prepared.

Want more Ask An Expert? Check out my takes on social engineering and the importance of threat intelligence.

George Anderson is director of product marketing at Webroot. George has spent the past 18 years in the IT security industry helping companies consider the real threats to their business.