Anti-Virus

Your OS already has antivirus built in. Most people have never opened it. Before spending money on third-party software, know what you already have and whether it’s configured.

Modern operating systems include built-in protection. Windows has Windows Security (formerly Windows Defender). macOS has XProtect. These provide baseline protection — but they have to be configured and kept current.

Windows — Windows Security

Path: Start > Windows Security

OR: Settings > Privacy & Security > Windows Security > Open Windows Security

Virus & Threat Protection

Path: Windows Security > Virus & Threat Protection

• Protection Updates: Click “Check for updates” — ensure definitions are current
• Quick Scan: Run if you suspect infection
• Scan Options → Full Scan: Run monthly
• Real-time Protection: Ensure this is ON — scans files as they are opened or downloaded
• Cloud-delivered Protection: Enable — uses Microsoft’s threat database for faster detection
• Automatic Sample Submission: Your choice — sends suspicious files to Microsoft for analysis; disable if privacy is a concern
• Tamper Protection: Enable — prevents malicious software from disabling your antivirus

Ransomware Protection

Path: Windows Security > Virus & Threat Protection > Ransomware Protection > Manage Ransomware Protection

This is the most underused security feature on Windows. Most people have never touched it.

• Controlled Folder Access: Enable — prevents unauthorized apps from modifying files in protected folders
• Protected Folders: Add important folders (Documents, Desktop, Pictures, work folders)
• Allow an app through Controlled Folder Access: Add legitimate apps that are incorrectly blocked
• Ransomware Data Recovery: Links to your OneDrive backup — ensure OneDrive is set up for automatic backup if you rely on this feature

Enable Controlled Folder Access now. It protects your files even if malware gets past the scanner.

Firewall & Network Protection

Path: Windows Security > Firewall & Network Protection

• Ensure Firewall is ON for all three network profiles: Domain, Private, Public

App & Browser Control

Path: Windows Security > App & Browser Control

• Reputation-based Protection: Enable all options — blocks potentially unwanted apps and suspicious downloads
• SmartScreen for Microsoft Edge: Enable
• SmartScreen for Windows Store apps: Enable

Second-Opinion Scanner

Windows Security handles real-time protection well. But a second-opinion scanner catches things it misses.

• Malwarebytes (free version) is excellent as an on-demand scanner alongside Windows Security
• Run it monthly — they don’t conflict with each other
• Don’t pay for the premium version unless you specifically want real-time protection layered on top of Windows Security

macOS — XProtect & Friends

macOS includes several layers of built-in protection. Unlike Windows, there’s no single security dashboard — these tools run silently in the background. That’s nice until you realize you’ve never verified they’re actually configured.

XProtect & Malware Removal Tool

• XProtect automatically updates with new malware signatures — but only if macOS is up to date
• Notarization: Apple reviews apps for malicious content before they can run
• Malware Removal Tool (MRT): Runs automatically in the background to remove known malware — no user action needed, but it depends on keeping macOS updated to get new definitions
• XProtect only catches known malware — it’s not a substitute for safe browsing habits

Gatekeeper

Path: System Settings > Privacy & Security

• Verify Gatekeeper is enabled — look for the “Allow applications downloaded from” setting
• “App Store and identified developers” is the default and a good baseline
• “App Store” is stricter — only allows Mac App Store apps
• Gatekeeper prevents unsigned or unnotarized apps from running, which stops most casual malware

FileVault

Path: System Settings > Privacy & Security > FileVault

• Turn on FileVault — encrypts your entire startup disk
• If your Mac is lost or stolen, FileVault means the data is unreadable without your password
• This is not antivirus per se, but it’s a critical protection that belongs in any security checklist

Firewall

Path: System Settings > Network > Firewall

• Turn it on — it’s off by default on macOS, which surprises most people
• The macOS firewall blocks unwanted incoming connections
• Enable Stealth Mode for additional protection — prevents your Mac from responding to network probing

Keep macOS Updated

Path: System Settings > General > Software Update > Enable Automatic Updates

Every macOS security feature depends on updates. XProtect signatures, MRT definitions, Gatekeeper data — all delivered through system updates. If you’re behind on updates, your protection is stale.

Recommended On-Demand Scanner

• Malwarebytes for Mac (free version) — excellent for manual scans when you want a second opinion
• Microsoft Defender for Mac — free and a viable option if you’re already in the Microsoft ecosystem
• Neither replaces safe browsing habits, but both are useful for periodic checks

Your defense on macOS is primarily: keep the OS updated, don’t install software from untrusted sources, and verify your built-in protections are actually turned on.

Linux

Linux is not immune to malware, but the threat model is different. Most malware targeting Linux goes after servers, not desktop users. The average Linux desktop user faces far less risk than Windows or even macOS users — but “less risk” is not “no risk.”

Most Linux users don’t need traditional antivirus. Your behavior is your antivirus. Instead, focus on fundamentals:

• Keep your system updated — sudo apt update && sudo apt upgrade (Debian/Ubuntu), sudo dnf upgrade (Fedora), or your distro’s equivalent. This is the single most important thing you can do.
• Only install software from official repos or trusted sources — Flathub, Snap Store, your distro’s package manager. These packages are reviewed and signed.
• Be cautious with curl | bash installation scripts — you’re piping code directly into your shell without reviewing it. At minimum, download the script first and read it before running it.
• Don’t run random things as root — sudo is powerful. Treat it that way.

Firewall

Most distros include ufw (Uncomplicated Firewall) but don’t enable it by default.

• Enable it: sudo ufw enable
• Check status: sudo ufw status
• It blocks incoming connections by default while allowing outgoing — sensible defaults for a desktop

If You Want a Scanner

• ClamAV — open-source, free, command-line. Good for scanning downloads or email attachments, not designed for real-time desktop protection. Install it with your package manager and run clamscan on files you’re unsure about.

For Power Users & Server Admins

• rkhunter — scans for rootkits and suspicious system modifications
• AIDE — file integrity monitoring, alerts you when system files change unexpectedly
• These are overkill for most desktop users but essential if you’re running servers

Bottom line: on Linux, keep things updated, don’t run random scripts as root, use a firewall. That covers the vast majority of threats a desktop user will encounter.

ChromeOS

ChromeOS takes a fundamentally different approach to security. Traditional antivirus is unnecessary on Chromebooks.

• Verified Boot: ChromeOS verifies system integrity on every boot — if anything has been tampered with, it self-repairs
• Sandboxing: Every app and browser tab runs in its own sandbox. A compromised tab can’t reach the rest of your system.
• Automatic Updates: ChromeOS updates silently in the background — no user action needed

Keep ChromeOS updated and don’t enable Developer Mode unless you know what you’re doing — it disables Verified Boot and weakens the security model significantly.

Third-Party Antivirus

Windows: Windows Security is sufficient for most people. Pair it with occasional Malwarebytes scans and you’re well covered. If you add a different third-party AV with real-time protection, disable Windows Defender’s real-time protection to avoid conflicts and performance issues.

macOS: Third-party AV is rarely necessary for typical folks. Malwarebytes (free) for occasional scans is a solid choice if you want peace of mind.

Linux: Traditional AV is rarely needed for desktop users. ClamAV is there if you want it.

Avoid free antivirus from unknown vendors — many free AV products collect and sell your data, making them a privacy risk themselves. You’d be trading one problem for another.

Signs of Infection

Watch for:

• Device running unusually slow without explanation
• Unexpected pop-ups or browser redirects
• New programs or browser extensions you didn’t install
• Files missing or encrypted (ransomware — they usually leave a ransom note)
• Unusual network activity

If you suspect infection:

1. Run a full system scan immediately
2. Disconnect from WiFi or network if you suspect active data exfiltration
3. Do not enter passwords or payment information until the device is clean
4. Consider professional assistance for ransomware incidents — do not pay the ransom without consulting an expert first

Open Windows Security and turn on Controlled Folder Access. Settings → Virus & Threat Protection → Ransomware Protection. That’s the single most impactful setting most Windows folks have never enabled.