is it a good idea to install third party antivirus software?

Based on a lot of research I did I found that Windows Defender is doing pretty good job in the latest testing on protection. and have benefits over third party antivirus that it uses less resources. and even more the browser developers claim that third party extensions in the browser make it less safe their some who will argue that it's is much less effective from third party software, but if you look on the ones who back their conclusions based on test like AV-Test Institute London-based SE Labs  AV-Comparatives and more will say is doing pretty good).
For example
Former Firefox developer Robert O'Callahan, says that antivirus software is terrible you should uninstall your antivirus software immediately, unless you use Microsoft's Windows Defender, which is apparently okay.

A couple of months back, Justin Schuh, Google Chrome's security chief, said that antivirus software is "my single biggest impediment to shipping a secure browser, except for Windows Defender.

Back in December, Google-employed security researcher Tavis Ormandy discovered that the extension adds a large number of new JavaScript APIs to Chrome when it’s installed and that “many of the APIs are broken.” Aside from exposing your entire browsing history to any website you visit, the extension offered many security holes for websites to easily execute arbitrary code on any computer with the extension installed.

“My concern is that your security software is disabling web security for 9 million Chrome users, apparently so that you can hijack search settings and the new tab page,” he wrote to AVG. “I hope the severity of this issue is clear to you, fixing it should be your highest priority.”

and on top of all this many claim that antivirus is dead
for example
In an interview with Wall Street Journal, Symantec’s senior vice president Bryan Dye said antivirus software now catches only 45% of “cyberattacks”.
The Journal has a explanation that he has a business motive to say so but he is not the only one

I am wondering if it is a good idea to install third party antivirus software?

Note I am not sure but think endpoint protection may be better but did not yet find data to back this.

Please Advice.
LVL 3
Abraham DeutschIT professionalAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello ThereSystem AdministratorCommented:
If you use WD, it really ok. It does its job... job like any other third party AV. Morover, this is Microsoft product so it usually doesn't do a mess with your OS...
0
Abraham DeutschIT professionalAuthor Commented:
This was my impression too and you are confirming this. it's a magar change in the way of managing computer, I always made my clients pay for third party software, never left a pc without third party protection...
0
JohnBusiness Consultant (Owner)Commented:
Windows Defender on V1709 and beyond includes key elements of EMET and is now top rated. I use WD myself and there is no need for another third party AV.

I used to use Symantec Endpoint Protection but Windows Defender is as good or better.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Ajay ChananaMCSE-2003/08|RHCSA| VCP5/6 |vExpert2018Commented:
It is good to have third-party antivirus, but at the time of selection, it depends who find the latest viruses first.
0
JohnBusiness Consultant (Owner)Commented:
So long as we (any of us) are using top rated AV, that is what matters most. Microsoft is intent on winning this one.
0
Dovid CohenCTOCommented:
I'd put it like this:  Gone are the days when you don't want a computer on a network for a minute without some third-party anti-virus application.  These days, Windows Defender can hold its own.  Personally, I provision new PCs with Windows Defender only and then come onto third-party anti-virus software only when I'm suspicious that a computer is infected and Windows Defender might not have caught it.  As there are always zero-days, etc. that some will catch and others won't.
0
btanExec ConsultantCommented:
For WD, as a security suite, it is quite low-maintenance. Not that you treat it as once off but at least, yet to see any corrupted signature or hijacked flaws on it or comes with bloatware which some may silently comes with it.

That said, though it is AV and anti malware, you still need layer of defence, one fails to catch, the other takes over.

WD was never meant to be a full suite security. For minimum level defense for those still setting up systems for less hasle. It comes with OS. But note,  WD disables itself when you install a 3rd party security application to avoid confliction with that new security application. Its full Scans noticeably impacts system resources but as it states in its is meant to be thorough. You dont really do that everyday (maybe go weekly). Also it does not scan the emails accessed through its web interface but that again, it is more user vigilance rather than rely on AV.

I see it is something alright for plain user but at Enterprise level you will need more than just WD. You need a suite that include host intrusion prevention (HIPS) that check system integrity and firewall block out unauthorized traffic and alerts on anomalous scans etc. Ypu can actually look at Microsoft Defender Advanced Threat Protection. The value is that it works with existing Windows security technologies including WD (second link) on machine. It can also work side-by-side with third-party security solutions and antimalware products.

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection

Key is layer your defence, the threat is sophisticated and beyond just AV to solely defend against their stealthy stances. Applocker or Controlled Folder access is worthy to look into especially against Ransomware. Go for no administrator right for users, hardening matters and taking a risk approach to lockdown is crucial.

https://www.experts-exchange.com/articles/32100/Making-the-RIGHT-Security-Adopt-a-RISK-based-approach.html
0
fred hakimRetired ITCommented:
I'm also a windows defender fan.  But mostly to eliminate the bloat of the current 3rd party suites.  They get their fingers into all sorts of areas, and in some instance can degrade performance or cause issues with other software especially browsers.   Some can be difficult to configure for whitelisting local files and directories;  portable devices you connect; some apps that folks run and websites they might interfere with.  

I do however deliver SuperAntiSpyware and Malwarebytes free versions along with WD for all my clients (unless they insist on a specific 3rd party product).  I configure Superantispyware and Malwarebytes for only manual scans (nothing automatic or starting up with Windows).   I suggest they scan with one or the other every week.  Those that do that, seldom call back with malware issues.   I also let them know paid versions exist for both, that will schedule the scans automatically.
0
Abraham DeutschIT professionalAuthor Commented:
Thanks all experts by confirming what I found strange after so many years of knowing third party is a most, I would never feel comfortable to accept this without your confirmation.

@ Fred Malwarebytes I understand you install since antivirus will not take care of PUP plus it does not install any extensions to any browser, but why would you install  SuperAntiSpyware
0
nobusCommented:
i have tried running with only windows Defender on a couple of systems - and all was well
i did not try it on all systems yet
0
Joe Winograd, Fellow&MVEDeveloperCommented:
For years, I used MBAM as my anti-malware software and something else, such as MSE or WD, along with it as my anti-virus software. But starting with v3.0, MBAM is positioning itself as anti-virus, too ("With the launch of Malwarebytes 3.0, we are confident that you can finally replace your traditional antivirus..."):

Announcing Malwarebytes 3.0, a next-generation antivirus replacement
Does Malwarebytes Premium replace Anti-Virus software?

I'm not a security expert...anyone have thoughts on MBAM's claim that it can replace A-V software? Thanks, Joe
0
JohnBusiness Consultant (Owner)Commented:
We only use MBAM as a manual scanner in tough situations. Windows Defender is better for real time in my opinion.
0
btanExec ConsultantCommented:
Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies
MBAM claim is actually gearing itself into another security league which is called endpoint detect and response. Actually this is part of the endpoint protection strategy - moving from detective to more proactive taking action in response to the sophisticated malware that goes beyond signature like fileless type that is memory based. I think MBAM is going through a cycle of putting itself a enterprise threat defence for endpoint but short of device control and system integrity, firewall checks that comes from Host Intrusion prevention. It is still a worthy product with this collection. Kind of saying WD, EMET combined to be MS ATP.
0
Joe Winograd, Fellow&MVEDeveloperCommented:
Thanks for the comments — very helpful!
0
fred hakimRetired ITCommented:
I agree with John about using Malwarebytes manually.  Note in my earlier comment how I configure it for my customers.  I'm not a fan of too many security products or functions running in the background.
0
Joe Winograd, Fellow&MVEDeveloperCommented:
I disagree. I'd rather have the real-time protection. Running it manually after I've been infected and having it detect the infection doesn't float my boat. I'm fine with paying a price in performance in order to stop the infection before I get it...the old "ounce of prevention worth a pound of cure" mantra. I've been running real-time protection with both MBAM and MSE/WD on numerous systems, all performing very well. Just one person's opinion, of course. Regards, Joe
1
Abraham DeutschIT professionalAuthor Commented:
@ btan lot of anti-virus vendors like semantic and more offer now endpoint as you explain this is another security league will this change you back in favor of the third party software? But endpoint [except MBAM still installs extensions in the web browsers which according to developers it makes it less safe Thy still should concern the web browsers

Also in re to Malwarebytes, having two anti-virus installed on one computer is highly not recommended since thy fight each other, and because of this If you install a third-party security solution, Windows Defender's antivirus component goes dormant, to avoid any conflict, but this is not the case with Malwarebytes saying that this does fall in the category of anti-virus. Plus as I already pointed out Malwarebytes is the only protection (as far as I know) against PUP
0
JohnBusiness Consultant (Owner)Commented:
Server 2016 also has endpoint protection from the Server Defender product.
0
btanExec ConsultantCommented:
I will opt for one endpoint protection that is good enough. No two product installed. Maintenance and deconflict are going to be challenging. Alternate scanner is when file tagged as suspicious and will be used to validate as second opinion.
0
nobusCommented:
>>  Running it manually after I've been infected and having it detect the infection doesn't float my boat.  <<  i agree Joe, but since there's no 100% protection possible ( they makee it after a new threat appears) you Always need an "AFTERSCANNER" imo
0
Abraham DeutschIT professionalAuthor Commented:
The only thing I am missing after removing the anti-virus and it's browser extension is when doing a search online the anti-virus will mark which website is safe.
0
btanExec ConsultantCommented:
Protecting browser on compromised website and phished pages are beyond AV. For PUA or PUP, WD or endpoint security would cover it too. Probably the part of alerting non reputable site may go beyond WD and other plugin for browser can come in. Browser sandboxing us more worthy and Chrome and FF has those in latest version. Nonetheless, if exploitation take place the endpoint security should kick in which is why real time protection is important whethwr it is WD or other product.
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus
0
Abraham DeutschIT professionalAuthor Commented:
Thank you all for you sharing you knowledge on this important topic it's a major change and before I would not take this in production without you confirmation, and thanks for the additional information you offered.

appreciate.
0
fred hakimRetired ITCommented:
Sorry, I missed your question about superantispyware.  A few reasons, one it checks for installed but potentially unwanted programs and its flags tracking cookies.  It also includes some tools to help restore functions some malware may have messed up, like reset windows logon shell, or reset url prefixes, or enable system tray or enable start menu run and many more.    On infected machines I clean, I often find that each of them MBAM and SAS find some items the other does not.   MBAM of course is very good at stubborn malware, and many rootkits.
0
Abraham DeutschIT professionalAuthor Commented:
Thank you fred for your clarification
0
Claude HaydenIT AdminCommented:
I noticed some people using MBAM after the fact to uninfect. While thats possible I always reload the machine from scratch at the first wiff of an infection. If your in a place that you can reload it is always a better option than attempted "removal" that offers no guarantee's.
To be clear, reload means wipe the partitions (all of them) and reload windows from scratch with new partitions. Plus its a nice time to throw in a SSD to replace an old spinning disk.
0
fred hakimRetired ITCommented:
but, after you reload ... you restore your data, that's what needs to be scanned.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.