Crazy how not long ago, many Windows users paid 3rd parties to secure the OS they had already paid for. The whole OS industry accepted that your OS wasn’t secure out of the box.

But nowadays, it’s mostly only the people who learned how to PC in that era who still pay for antivirus software.

So what changed?

Microsoft encountered strong incentives to take Windows security seriously - both to regain consumer trust and to support Azure, where millions of VMs run Windows.

They weren’t about to pay a 3rd party to secure their cloud. They also didn’t want to install 3rd party software on every VM. So they heavily invested in securing their operating system.

We saw the fallout in 2024 when a faulty CrowdStrike Falcon update took down millions of machines worldwide. But that incident would have been far worse if Azure had used CrowdStrike. (Yes, some customers on Azure were affected, but only because they chose to install CrowdStrike Falcon, not because Microsoft did.)

Look at the fallout in the antivirus industry: They have been forced to pivot from selling subscriptions to a single product (antivirus) to throwing in all sorts of security & privacy tools: VPNs, password managers, identity theft protection, “dark web” monitoring, cloud backup, etc.

So, do normal people need a 3rd party antivirus in 2025? If you’re running an up-to-date OS with built-in Defender, you likely don’t need anything extra.

The threat landscape has shifted. Hackers don’t hack in - they log in. Good password hygiene, phishing awareness, and backups matter more than an extra antivirus.

---

← Back to blog