When someone first turns on your Windows 11 or macOS PC or laptop i have to be calm: Both operating systems integrate their own antivirus and other options to protect the security and privacy of our data.

But to dological also buy an external antivirus for these systems? To answer this question, we contacted several cybersecurity experts who gave us good reasons not to settle for recommendations from Microsoft and Apple.

Both one and the other have been providing integrated security solutions in their operating systems for years, and in both cases the native platforms are trying to avoid any kind of cyberattack. Again, are they good enough?

That’s what the experts say

Roman Ramirez (@patowc), the organizer of the RootedCON event and the cybersecurity expert, explained to us that “almost all operating systems combine different protection mechanisms.” Some are more technically oriented and others more user oriented but equally positive and very good overall. conclusion”.

Despite this, “enemies will always train their tools or infection processes, assuming the protection measures we have by default. If we add additional layers, we make the attack process more expensive: we make it more costly for the enemy to beat our defenses“.

Ramírez’s advice is consistent and predicted to many other fields: you are guarding your home with an alarm or placing extra locks on the door to deter possible burglars and the same goes for cars: protecting them with some kind of steering wheel anti-theft system means “thieves” will likely get it think twice before trying to steal them: more There may be less protected targets nearby.

In fact, this expert highlighted how many of these external tools “Having additional capabilities such as VPN services, scanning and mail filtering and others. So even if we have tools from the OS, it’s always a good idea to include additional tools.”

Chema Alonso (@chemaalonso) is one of our country’s greatest experts on cybersecurity and, as he himself states, you can contact him at the public MyPublicInbox mailbox. According to him, Microsoft and Apple solutions are fundamental, and using them is “like wearing a helmet to ride a motorcycle.”

However, he warns, “malware has a lifecycle that can take very little if it’s huge and longer if it’s less, and that’s why the cybersecurity industry has advanced with innovation.” to implement other heuristics and other types of protection per channel”.

Specifically, Alonso explains how advanced endpoint security solutions, the operating system used by professionals in the workplace or by the end user at home, are called EDR (Endpoint Detection and Response) and “combine all these improvements provided by the anti-security system.” The malware industry has been evolving in recent years and this lead from central cloud intelligence systemsto artificial intelligence models that help detect malware based on how it starts behaving on the system.”

This expert recommends business and professional users to use centrally managed EDR platforms. Ideal for end users who “want to intimidate” is to purchase some advanced EDR solutions for personal use. Alonso doesn’t like free antivirus very much. —and there are several, both installed and online—”but that’s because I’d rather not have support I can turn to in case of an incident”.

For spotted charlesHead of Cyber ​​Security at Microsoft Ibérica, this company’s platform – called Windows Security, the name Windows Defender is left behind – “is an umbrella concept that includes different aspects aimed at protecting devices and
your data includes Microsoft Defender antivirus.

This expert explains that getting an external antivirus, even if it’s free, is dependent “as every scenario requires a suitable solution.” At Microsoft they also offer tailored solutions to companies and even more complete solutions For end users like Microsoft Defender for Individuals in Microsoft 365.

We asked our experts if they had any relevant suggestions in addition to their native solutions from Microsoft or Apple. Roman Ramírez, “I personally I really like Malware Bytes It runs fairly homogeneously across multiple operating systems. On Linux, for example, I use ClamAV in combination with other tools.”

Manchado didn’t mention any of them, while Chema Alonso valued those who have a security center where security experts can help us fix a potential issue. Yet he explained, “I dare not recommend any of them“.

This is not surprising, considering that some of them use the opportunity to mine cryptocurrencies, even if it is paid. For those looking for a solution, the comparisons in AV-Test and AV-Comparatives can be a reference: it’s obvious there Microsoft Defender doesn’t make it badalthough slightly inferior to several commercial products.

What about ransomware?

Ransomware threats a sad and dangerous truthand Carlos Manchado reminded us that such attacks “have increased 105% over the past year.” Here we wondered how protected we were with native solutions from Microsoft or Apple.

For Román Ramírez, the problem with ransomware when it comes to end users is that “in various scenarios, some protection tools can detect ransomware activity and for example exact. Others “embed” sentinel files into the operating system to monitor if they are encrypted.

However, he explains, “let’s not forget that enemies evolve their attack tools, so having protection tools is not a guarantee of getting out unharmed,” he explains. There is an obvious defense against such situations for Ramírez: “well executed, tested, offline backup“.

Chema Alonso agrees, and as he explains, there will be occasions when they don’t protect us and others: “In the end, it’s malware, which is malware. if you’re lucky you caught it When it’s already analyzed, signed and detected, then great, any antivirus will help you defend against it. But if you’re unlucky enough to be someone unknown to the industry (just a few days old) and he’s coming to visit you, it’s better to have the system powered up and have the best EDR possible.”

Here’s Alonso to us recommend two books different for those who want to investigate this type of threat. On the one hand, ‘Maximum Security in Windows’ by Sergio de los Santos. On the other hand, ‘macOS Hacking’ by Daniel Herrero.

What about mobile antiviruses is another matter

Ramírez explained that both Microsoft and Apple have made significant efforts in this area, but the problem is that they are operating systems. with a large user base. “What’s wrong with these systems? Any vulnerability, no matter how small, has a huge impact on users.”

The vision is also positive for Chema Alonso, who believes they are both doing a good job. “Like everything, there is always room for improvement, but I think endpoint security has improved a lot. However, users and administrators have a lot of work to do to make sure we use all available protection measures and have safe and non-risky habits.” Here, Alonso wrote about the already famous “Don’t click! that link!” this should become a maxim for many users.

We talked about the theoretical need for an antivirus on your PC or laptop, but what about cell phones? For Ramírez, mobile phones are a major concern “because none of the manufacturers have can be installed in the kernel area of ​​the operating system (kernel). All protection solutions depend on what the terminal manufacturer allows you to do or not allow you to do.”

Blocking access to the kernel is a notable security measure – so rooting a mobile phone involves significant security risks – but it also has its downsides, as this expert explains: “Any attacker who can leave the user level and break into it, in any environment of kernel privilege, you can avoid any defense without difficulty. with security vulnerabilities used by Pegasus, for example.“. Ramírez’s advice here is to try to use solutions that minimize risks, even if they can’t prevent them all, and he mentions “the aforementioned MalwareBytes or Kaspersky”.

This is exactly why the superuser domain is blocking Chema Alonso like this. We can be calmer on Android and iOS “Because they are much more closed and controlled platforms. Unless you compromise the app stores and do sideloading, it is unlikely that an app will be installed on them. Don’t get me wrong, it does happen. It’s more complicated. however, the risk is lower than with a desktop system.”

For the same reason, Alonso reminds us that “The basic recommendation for Android and iOS is to constantly update the operating system, not jailbreak or root the phone.” This explains, “you will have a more or less peaceful life with malware on your mobile terminal. If you want to increase security, you can install narrower EDR solutions that also help you do a more holistic analysis of your device security and my advice is to go to a professional service with support.”

Manchado reminded that Microsoft Defender is also on Android and iOS – yes, though paid – and insisting on the same as Alonso, “of course we shouldn’t root our mobile and we should always use common sense in the daily use of our smartphone”.

Image | Ed Hardy