I ran Bitdefender and Windows security on my machines for a while now. Between the two, I never had a serious infection or compromised account. They run in the background, I update them and don’t think about them much more than that.
But it’s a problem. When you stop thinking about your own safety and entrust it entirely to software, you stop developing important instincts. The software becomes a substitute for judgment rather than a complement, and if it ever disappears, you’re left with habits you’ll never build.
So to see how much heavy lifting the software did, I disabled Bitdefender and Windows Security for a week and abandoned the security instincts I’d acquired over years of practice. cybersecurity best practices and just being online in general. By the end of the week, I had a new appreciation for how much work these instincts and the software do.
Why I Did This and Why You Probably Shouldn’t
Let me be clear: Disable your antivirus is a bad idea. I know it. My editor knows this. But we still made the informed decision to conduct this experiment.
The fact is, there’s a question no one really asks when it comes to cybersecurity: How much of your online security really relies on software, and how much of it is yours? We’ve been told for years to install protection, keep it up to date, and let it do its job. GOOD. But what happens when isn’t it running? What happens when it’s just you?
That’s what I wanted to find out. Not out of recklessness, but because I truly believe that most people have no idea how important their own behavior is and how little they have been pushed to really think about it.
I paid attention to this. Before disabling anything, I ran the experiment on a secondary device, not my primary machine. Everything important has been saved. My browsing stayed within the range of what I would normally do in a given week – I wasn’t looking for trouble. The goal was to see what a normal week looks like without the safety net underneath you.
This was a controlled experiment with a specific purpose: to determine whether basic security knowledge holds up on its own and what that means for the way we design security software.
That’s a week of great attention.
No network, no scanner, no problem… I hope
As I have already written, I use two layers of virus protection in my normal configuration: Bitdefender and Windows Security, which is Microsoft’s integrated solution. Together they pretty much cover everything I need. Real-time scanning, web filtering, anti-phishing, automatic threat blocking and so on. It’s a solid battery, and turning it off didn’t feel right. But that’s exactly what I did. For science.
I disabled real-time protection on both. I have disabled Bitdefender web filtering and anti-phishing. I left the firewall on, because turning it off would have taken this experience from interesting to truly irresponsible, and that’s not the story I’m here to tell.
I was left with a fully connected, fully functional Windows machine with no active scanning, no automatic threat detection, and nothing detecting threats in the background. Just a browser, an internet connection and the judgment I’ve acquired over the years.
The week, day after day
Day 1: Monday
The first day was definitely the strangest, and it wasn’t because anything bad happened. I opened my browser, checked my email, read the news and worked. Normal stuff.
But there was this low-level awareness in the background of my brain that’s usually not there. Every link and download prompt seemed more deliberate and given a second look.
It wasn’t exactly paranoia, but it wasn’t comfort either.
Day 2: Tuesday
I have a phishing email. I’ve written thousands of articles online with my primary email address underneath, so this isn’t really unusual. I get phishing emails all the time, but between Bitdefender’s web filtering and Gmail’s spam detection, they rarely make it to my inbox.
It was a fake invoice from what appeared to be a “logistics company” I had never heard of. I didn’t click on it, but I noticed that without Bitdefender or Google catching it for me, I spent a little more time interacting with it than I would have had it never reached my inbox. This turned out to be a representative taste of my antivirus-free days.
Day 3: Wednesday
Uneventful, for the most part. I downloaded a PDF from a site I didn’t entirely recognize, which is exactly the sort of thing I’d normally let Bitdefender evaluate for me. I checked the URL carefully, searched for the organization behind it, and decided everything was fine. It was good. But this process, which normally takes zero seconds, took about 3 minutes.
Day 4: Thursday
I started to notice how often I rely on browser warnings and built-in protections that I hadn’t fully considered. Google Chrome flagged a site as potentially dangerous before it even loaded. It’s not Bitdefender or Windows Security. This is Google doing its own thing. It was a useful reminder that there are more layers to this than most people think.
Day 5: Friday
By Friday, I had settled into a slower, deliberate but functional pace. I wasn’t avoiding the Internet (how could I?), but I was aware that I was paying a lot more attention to it in a way that I usually outsource to software.
I found myself reading the URLs more carefully, hover over links before clicking and be more selective about what I leave on the machine. These aren’t complicated habits, but they do require some thought. That extra bit of pressure and constant vigilance can become exhausting.
Days 6 and 7: The weekend
The weekend was the real challenge, because sailing on weekends is freer. Streaming, shopping, following links from social media and other types of low attention activities where most people get into trouble.
I kept the same discipline I had developed throughout the week and got through it without incident. Nothing malicious has reached the machine.
But by Sunday night, I was ready to turn it all back on. The week alone was about to drive me crazy, but I had proven what I needed to prove and I was tired of thinking so hard about everything.
What really protects you
Here’s what the week taught me. Your habits matter as much as your software.
I went seven days without a compromised machine, but I wasn’t counting on luck. Instead, I survived through a set of behaviors that I had internalized over my years online that many people never consciously think about because they always had software doing the thinking for them.
The first is the most obvious. I didn’t click on things I wasn’t sure about: phishing emails, suspicious download prompts, or links from sources I didn’t recognize without doing more research. When your antivirus isn’t there to detect them, you have to detect them yourself. And it is possible, if you constantly pay attention to it.
The second was to figure out where I downloaded the files from. Trusted sources only. If I didn’t recognize a site, I looked for it before leaving anything on my machine.
The third was knowledge of URLs. I always double-checked that the site I was about to enter my credentials on was the one I thought it was. This is what stops most phishing attacks and credit card fraud, and it only requires a few seconds of attention.
The fourth was to update everything. Windows, Chrome and all the other apps I use during the week. Unpatched software is a common way for attackers to gain access to the system, and it is also one of the easiest things to master.
None of these things require special software or technical knowledge. They simply require that you make the decision to treat your own online behavior as a safety tool, which it absolutely is. The problem is people don’t think of it that way because the software has always been there to catch what they’re missing.
This is the gap worth closing.
So, is antivirus really important?
Yes. Unambiguously, yes.
I want to be careful here because the bad takeaway from this experience is that antivirus software isn’t necessary and you can just be smart online. I got through the week cleanly because I already had good habits. A lot of people don’t, and for those people, have a good antivirus is the thing that separates them from a really bad decision. And even for me, it was an exhausting effort, and I was happy to find an extra layer of security.
There is also a category of threats that good habits simply don’t protect you against, like keyloggers or drive-by downloads. These exist precisely because human judgment has limits, and antivirus software exists to cover them to the best of its ability.
What this week demonstrated is that software and behaviors are meant to work together. Antivirus detects what you’re missing. Good habits reduce the quantity to be caught. By combining the two, you create two lines of defense to protect yourself and your online data.