When someone decides to start their own small business, one of the issues that comes up pretty quickly is what do about the IT – that itself usually gets framed as “how to I get email?”, “how do I get a website?”, and “where do I store my files?”. Some of those questions get answered by popping along to the new business owners local branch of Currys PC World, John Lewis, or similar.
This creates, for the savvy seller of IT equipment, an opportunity – what you have here is someone coming into your store with a need (“I need a laptop for my new business”), but this person is not a professional IT buyer. You are also, as a savvy seller of IT equipment, used to not making much in the way of margin out of a PC sale. One way to add a bit of fat is to sell antivirus products.
There is no doubt that your PC requires some sort of antivirus protection. Your humble PC has a very long history – in particular a history that is steeped in geek hobbyist communities in the 1970s and 1980s. If 40-50 years ago, you were into computers, the general principle was that they were a toolkit of parts that you could explore and bend to your will. This meant that architecturally, everything in a PC was wide open – if you had access to it, you were largely trusted to act in a beneficent way. (The iPhone, incidentally, was built on the exact opposite model, which is the App Store is so locked down and why no one talks about computer viruses or malware on iOS devices.)
This was fine when there were a) only (relatively) few computers in the world, and b) there was no internet – but as the internet gained a foothold and more and more people were using them to store data that was worth something, this “wide open” architecture became a problem. To protect your PC against “bad actors” who got their kicks (and got paid) by writing malicious software, you needed antivirus -- ideally one that provided malware protection.
For a while, Microsoft went along with this and was content to look after building Windows, allowing a third-party ecosystem of virus protection products to develop. We saw products like Norton Antivirus, McAfee, Kaspersky, AVG, etc come to market.
As these were separate products, and were largely needed to make the computing experience safe, if you went into PC World to buy a laptop, buying an antivirus subscription along with it made sense and everyone won – the retailer made more profit (and Microsoft had happier retailers), the antivirus vendors had a decent business, and the customer had a secure system.
Eventually though, Microsoft started to get concerned about its own image. They were, by some measure, pitching an insecure product that required third-party products to make safe – it started to look like Windows wasn’t technically/legally fit for purpose without the user installing an additional antivirus product. Microsoft therefore decided to plough billions into making Windows not need antivirus software but a) hardening the operating system itself, and b) making what was then called Windows Defender but is now called Windows Security, actually a good product.
Third-party retail antivirus products are as a result, mostly, junk and exist mainly to allow the retailer to make more money. Most antivirus products now have got ridiculously bloated, offering a whole bunch of additional features that no one really needs. As a result, I have been diligently telling my customers to uninstall any retail antivirus that they buy and rely on Windows Security. This approach makes their IT simpler, and cheaper.
(This comes with the caveat that Windows needs to be patched and kept up-to-date, that they use strong passwords with a password manager like LastPass, and that they abhor email attachments or links unless they absolutely know that they are trusted, lest your business ends up leaking personal information leading to reputational damage and fines from the ICO.)
However, I am now modifying this advice…