I’ve been running Bitdefender and Windows Security on my machines for a while now. Between the two of them, I have never had a serious infection or a compromised account. They run in the background, I review them and I don’t think about them beyond that.
But that’s a problem. If you stop thinking about your security and give it entirely to software, you stop developing a valuable experience. The software becomes a place of judgment rather than an addition to it, and when it’s gone, you’re left with habits you never built.
So, to see how hard the software can handle, I turned off both Bitdefender and Windows Security for a week and went off of the security concepts I had built up over years of practice. cybersecurity best practices and just being online in general. By the end of the week, I had a new appreciation for how much work those wishes and software did.
Why I did this, and why you shouldn’t
Let me be clear: It turns off your antivirus bad idea. I know this. My editor knows this. But we made an informed decision to start this study anyway
The thing is, there’s a question no one really asks when it comes to cybersecurity: How much of your cybersecurity is actually software, and how much? For years we’ve been told to put the protection on, keep it updated and let it do its thing. Good. But what happens when it does this is not the case running? What if it’s just you?
That’s what I wanted to find out. Not to be careless, but because I honestly believe that most people have little idea how important their behavior is, and how little they are ever pushed to really think about it.
I was careful about this. Before I disabled one thing, I did a test on a second device, not my main machine. Everything important is backed up. My browsingwas within the range of what I normally do on any given week — I wasn’t looking for problems. The whole point was to see what a normal week looks like without the safety net under you.
This was a controlled experiment with a specific objective, to find out if basic security awareness is independent, and what that means for the way we think about security software.
Here’s to one more week of paying attention.
No net, no scanner, no problem… hopefully
As I have written before, I use two layers of virus protection in my usual setup: Bitdefender and Windows Security, which is Microsoft’s built-in solution. Together, they cover almost everything I need. Real-time scanning, web filtering, anti-phishing, automated threat prevention and so on. It’s a solid stack, and shutting it down just seems wrong. But that’s exactly what I did. For science.
I disabled real-time protection for both. I turned off Bitdefender’s web filtering and anti-phishing. I left the firewall running, because turning that off would take this test from interesting to downright unresponsive, and that’s not the story I’m here to cover.
What I was left with was a fully connected, fully functional Windows machine with no active scanning, no automatic threat detection, and no threat capture in the background. Just a browser, an internet connection and whatever judgment I had built up over the years.
A week, every day
Day 1: Monday
The first day was very strange, not because anything bad happened. I opened my browser, checked emails, read the news and did some work. The usual stuff.
But there was this low-level awareness going on in the back of my brain that usually isn’t there. All link and download information has been carefully considered and checked.
It wasn’t exactly paranoia, but it wasn’t comfort, either.
Day 2: Tuesday
I got the email phishing. I’ve written thousands of articles online with my primary email address under it, so this isn’t exactly unusual. I get phishing emails all the time, but between Bitdefender’s web filtering and Gmail’s spam detection, they rarely make it to my inbox.
It was a fake invoice from what appeared to be a “shipping company” I had never heard of. I didn’t click on it, but I noticed that without Bitdefender or Google catching it for me, I spent less time interacting with it than I would have if it never hit my inbox to begin with. This turned out to be a taste of my antivirus-free time.
Day 3: Wednesday
Unusual, especially. I downloaded a PDF from a site I didn’t fully recognize, which is the kind of thing I used to let Bitdefender check for me. I checked the URL carefully, looked at the organization behind it, and decided it was fine. It was good. But that process, which normally takes zero seconds, took about 3 minutes.
Day 4: Thursday
I began to realize how often I relied on browser warnings and built-in protections that I hadn’t fully addressed. Google Chrome has marked the site as potentially dangerous before it is loaded. That’s not Bitdefender or Windows Security. That’s Google doing its thing. It was a helpful reminder that there are more layers to this than most people think.
Day 5: Friday
By Friday I had settled into a slow, deliberate but effective rhythm. I wasn’t avoiding the internet (how could I?), but I knew I was paying more attention to it than I usually do to software.
I found myself reading the URLs carefully, hovering over links before clicking and the most choices I allow on the machine. These are not difficult habits, but they do require you to think. That extra stress and constant vigilance can be tiring.
Days 6 and 7: Weekend
The weekend was a real challenge, because the browsing on the weekend is loose. Streaming, shopping, following links from social media and other types of attention activities are where most people get into trouble.
I kept the discipline that I had received for a week and passed without any problems. Nothing bad got into the machine.
But by Sunday night I was ready to open everything up. The week alone was close to driving me crazy, but I had proven what I needed and I was tired of thinking so hard about everything.
What exactly is protecting you
Here is the week that taught me. Your habits are as important as your software.
I passed seven days without a machine in danger, but I could not rely on luck. Instead, I survived a behavior that I had internalized over the years of being online, and most people never think about it because they always had software to think about them.
The first one is very obvious. I didn’t click on things I wasn’t sure about: phishing emails, suspicious download commands or links from sources I didn’t see without doing more research. If your antivirus isn’t there to catch those, you have to catch them yourself. And you can, if you always pay attention.
The second was being deliberate about where I downloaded the files. Only trusted sources. If I don’t know the site, I check it before I run anything on my machine.
The third was URL awareness. I always checked to make sure the site I was going to put information on was the site I thought it was. This is a deterrent to phishing attacks and credit card fraud, and it requires nothing more than a few seconds of attention.
The fourth was to keep everything updated. Windows, Chrome and all the other apps I use during the week. Unpublished software is a common way for attackers to get in, and it’s one of the easiest things to stay on top of.
None of these things require special software or technical knowledge. They just require a decision to treat your online behavior as a security tool, which it really is. The problem is that people don’t think so because software has always been there to catch what they miss.
That is the gap that needs to be closed.
So, is antivirus important?
Yes. Undoubtedly, yes.
I want to make a note here, because the negative from this test is that antivirus software is not needed and you can just be smart on the internet instead. I finished the week clean because I already had good habits. Most people don’t, and for those people, have a good antivirus the thing that stands between them and a really bad decision. And for me, it was an exhausting effort, and I was glad to have an extra layer of safety back.
There is also a category of threats that good practices simply do not protect you from, such as keyloggers or drive-by downloads. These exist because human judgment is limited, and antivirus software exists to cover those as best they can.
What he showed this week is that software and behavior must work together. Antivirus catches what you missed. Good habits reduce the amount of holding. By combining the two, you create two lines of defense to protect yourself and your data online.