Free Tools To Secure Windows Against Malware

Today we're showcasing a selection of free security and anti-malware apps, tools and utilities to keep your Windows PC running safe and smooth.


Everyone wants a secure operating system. No one likes to have a computer infected with malware that slows down the PC, destroys files or steals sensitive information. Often, that operating system isn't very secure by default. If it's also a highly popular OS, such as Windows, then more tools are needed to enhance its security, simply because its default defenses will be targeted and bypassed by more attackers.

There's no security magic bullet, but using multiple layers of security can drastically lower the chance that your system will become infected by malware or be attacked by malicious hackers.

Some security tools are free, some are easy to use and others are so complex that a normal PC user couldn't possibly figure them out. What most PC users want is for their system to be protected "automatically" with minimal effort on their part. They don't want to tinker too much with complicated programs, and they would prefer not to pay too much extra to secure their computers.

I often help friends and family — usually, people who aren’t very technical — set up their new PCs and Windows installations. They always seem to ask me to "install an antivirus" as well. They know that there needs to be some "extra" protection on their PC to truly keep them safe, but they don't really understand what exactly is needed to achieve that. Therefore, they ask for a program that everyone knows protects PCs against "bad stuff" — an antivirus.

What they really mean, though, is that they want their PCs to be safe, regardless of which app or tool achieves that, as long as they don't have to bother with it after everything is set up. As such, I've looked for tools that offer as much protection as possible that are accessible by the vast majority of people. (It helps that the tools I've chosen are also free.)

In fact, most of the tools I'm going to mention require only slight or no tinkering at all after installation, or are very easy to use even by nontechnical users.

Some more advanced and complex software may offer stronger protections, but if the users don't understand how to use it properly, or they don't want to take the time to learn how to do it, they might just end up uninstalling it to save themselves the headaches.

MORE: All Security Articles
MORE: Best VPN Services Of 2015
MORE: The Pros And Cons Of Using A VPN Or Proxy Service
MORE: VPN Services in the Forums

Proactively Disarming Most Malware

Tools like antivirus software try to solve a problem after the fact, meaning they detect the virus or malware after they're already in your PC. Antiviruses exist only because the underlying operating systems aren't very secure by default and make the existence of viruses or malware possible in the first place.

But that doesn't mean the operating systems are fully to blame for that, as sometimes, some security compromises are necessary to benefit usability. Also, software bugs will always exist, and attackers will always take advantage of them. However, the point is to make the systems as secure as possible by default, to limit the vast majority of easy attacks on PCs.

One of the main reasons Windows Vista and Windows 7 were much more secure than Windows XP is that Microsoft limited, by default, software's capabilities within the OS. The User Access Control (UAC) system implemented in Vista limited how apps could interact with one another and, therefore, how malware could interact with apps.

This level of control made Windows Vista and future versions of Windows much more secure. But UAC doesn't go far enough. Expert attackers can still bypass it when the users are, by default, in an Administrator account instead of a Standard account.

Switching to a Standard account in Windows also means that, if that particular Standard account is infected with viruses or other malware, it won't affect other accounts on the computer, and the damage will be more contained. If the users are in the Administrator account when they get infected, the malware could affect the whole Windows installation.

Windows requires at least one Administrator account, which means that if you create only one account at installation, it will be the Administrator account. That account will give you, as well as malware (that manages to bypass the UAC), full privileges to the operating system.

On the other hand, if malware infects a Standard account, it will be limited by the privileges of that Standard account, and won't be able to do much else. Therefore, making a separate Standard account should significantly increase your protection and disarm most malware by default.

Switching To A Standard Account

Ideally, you should create both the Administrator account and the Standard account when you have a fresh installation of Windows. Then, use only the Standard account, and keep the Administrator account clean. The Administrator account will require you to set up a password, which you'll be prompted to enter every time you do something in your PC that requires Administrator privileges (such as installing a new program).

If you've already installed plenty of software on your default account and don't want to start over with a new account, here's what to do:

  1. Create a new Administrator account.
  2. Enter that account.
  3. Go to Control Panel.
  4. Go to "Change an account type."
  5. Click on the original Administrator account, and change its type to Standard.

This will turn your previous default Administrator account into a Standard account, making it much safer than before. It will switch UAC settings to the highest level and will now require the password of the second Administrator account whenever you need to perform an Administrator-level task (such as installing an application).


EMET is one of my favorite security tools because it protects against a wide array of vulnerabilities in software that arise from poorly written code (which can be found in most apps). It offers many protections against zero-day vulnerabilities that malware authors like to use to infect people's PCs by bypassing built-in Windows security systems such as the UAC.

One of the nice things about EMET is that it's not the type of software to bug you about stuff; it's mostly just "set it and forget it." By default, you can choose the "Recommended settings," but unless you use Java, which usually crashes under EMET, then you can probably safely use EMET with Maximum security settings as well. If you find it causes too many problems with some of your apps, you can revert back to the "Recommended security settings" later on.

Automatic OS And App Updates

It's always a good idea to keep your operating system and applications up-to-date because vulnerabilities are discovered in them all the time, and the companies behind the apps and operating systems patch them up as soon as they can. Unfortunately, that sometimes takes many months, and that's just from the time the vendor itself discovered a particular vulnerability. However, the vulnerability could have been discovered a long time before that by skilled attackers.

This is where EMET can help greatly. But even so, it's a good idea to stay up-to-date and get the fixes as soon as possible to protect your system from vulnerabilities that many other malware creators can use after the vulnerabilities become widely known. To ensure you don't forget to install the updates, it's best to have them set to install automatically. The same goes for any apps that you might use; it's preferable to update them as soon as possible.

Anti-Malware Tools

There may be significantly fewer viruses now than in the days of Windows XP, but they still exist today, thanks to zero-day vulnerabilities and users who get tricked into clicking or installing something that infects them. An antivirus can still be useful to protect against popular viruses that have spread on other computers. The antivirus companies have learned about them and have updated their own databases to stop those viruses from infecting other PCs.

There are several free, useful tools that do a decent job of protecting PC users from viruses. Each one protects the PC in a slightly different way, which makes them work well together.


Until Windows 8 was released, I would have recommended Microsoft Security Essentials antivirus because it used to be one of the best free antiviruses out there, and it was also the easiest to use (the same "set it and forget it" principle). But after it started coming preinstalled in Windows 8, I've noticed that it has become much less effective at catching viruses, both from sites that benchmark the effectiveness of antiviruses as well as from personal experience. (Avira would catch malware that Windows Defender wouldn't, for example.)

Avira also used to be more annoying, with an almost-full-screen pop-up ad that appeared once a day. However, these days, the pop-up appears only in a corner, and is much smaller and less obtrusive, so it hardly bothers me at all.

Germany-based Avira also has been consistently at the top of the rankings for both free and paid antivirus software. It may not be the very best out there, but for a free antivirus, it's good enough. Much like the old MSE, you don't have to tinker with it, and you almost forget it exists on your PC until it catches some malware and alerts you to it. Unlike most other antiviruses, it's also quite lightweight in terms of resource consumption.

Avira also has some nice extra features, such as automatic blocking of "autorun" executables from external media devices (such as a DVD or USB), so it should protect you from automatically getting infected when inserting someone else's DVDs or USBs into your PC. It also protects against malicious changes to Windows' "hosts" file.


There are viruses and other types of malware — such as ransomware, Trojans, spyware, adware, and exploits — that an antivirus might not catch. Malwarebytes is generally the most recommended free tool to help catch the type of malware that your antivirus might ignore.

Malwarebytes does have one major weakness: It doesn't automatically scan or catch such malware in the free version; you have to scan manually every time to check your PC for malware. Scanning about once a week should do the trick, though. In case something got through the other defenses, at least it won't have very long to do much damage.

Tools For Safe Web Browsing

Most people need only the browser, most of the time, for entertainment or work. That means browser security is almost as important as the security of the underlying operating system.


Right now, the most secure Web browser available by default is Google's Chrome. Whether that will change in a year, two or five, however, remains to be seen. Nonetheless, Chrome consistently comes out on top in browser hacking competitions.

That doesn't just happen by accident. Chrome has a strong sandbox system that isolates every tab or extension into its own process. This can lead to an increase in memory usage that many people have complained about; however, it gives a great advantage in both security and processing performance (because each process can be run independently by the CPU, avoiding browser lags).

When each Web app or extension is isolated as much as possible from the others, it dramatically restricts the damage any website can do to your browser or your PC.


WOT is a nice little browser extension that allows people who use it to rate how secure a website is on the Web. It's essentially crowdsourced malware protection. While more technical users may be more careful about what links they click on, most regular Internet users might not, and they could be going to unsafe sites.

WOT attempts to warn users about bad sites and green-light the safe ones. It's a tool that comes in handy, especially on websites such as Google and Twitter, where you may see many links but don't know how trustworthy some of them are.

These days, most browsers come with their own filters for malware websites, but you only get warned when you've already clicked on the link. I like the "prewarning" WOT gives on links as well.

HTTPS Everywhere

HTTPS adoption has been increasing rapidly, but some sites may still default to plain-text HTTP connections, which are not secure — both from a privacy standpoint (others can intercept your traffic) and a security point of view (you can be attacked more easily through nonsecure connections).

The Electronic Frontier Foundation has built a tool called HTTPS Everywhere that ensures all websites connect over HTTPS as long as those websites support HTTPS (but doesn't redirect most users to it).

HTTPS Everywhere also acts as some sort of user-centric alternative to the HSTS (HTTP Strict Transport Security) protocol, which mandates that the connection is done over HTTPS. However, most HTTPS websites don't "strictly" enforce their HTTPS connections, which could make some man-in-the-middle attacks easier by downgrading the connection to HTTP.

The extension also recently received a feature that could be very useful: the option to connect only to HTTPS sites and block all requests that happen over HTTP (such as third-party trackers that can work over plain HTTP even on top of an HTTPS site, therefore weakening its overall security).

However, unless you visit only a handful of HTTPS websites every day, then enabling this might be a little too inconvenient for the casual Web user for now. When most popular websites are HTTPS, then users could fully secure themselves by enabling that feature as well.


OpenDNS' "Enhanced DNS" free service is another great security tool you can use to protect against websites that are infected with malware either intentionally or by getting hacked by malicious attackers. All you have to do is replace the DNS addresses with the ones provided by OpenDNS, and you'll benefit from an extra layer of security.

The aforementioned tools are not a 100-percent foolproof solution for Windows security, but together, they offer a reasonably high level of security for users who don't want to struggle to learn how to use more advanced and complicated tools. They're also completely free.

Most of the aforementioned tools require only installation or an initial setup. After that, they "invisibly" protect users behind the scenes, which is just about ideal for the vast majority of Windows PC owners.

MORE: All Security Articles
MORE: Best VPN Services Of 2015
MORE: The Pros And Cons Of Using A VPN Or Proxy Service
MORE: VPN Services in the Forums

Lucian Armasu is a Contributing Writer for Tom's Hardware, covering News.

Follow Tom's Hardware on Twitter, Facebook and Google+.

This thread is closed for comments
    Your comment
  • humus
    EMET does not support Windows XP.
  • humus
    SuperAntiSpyware and ESET On-Line Scanner - both are free and effective stand alone tools.
  • mjmacka
    @EMET Microsoft doesn't support Windows XP anymore. There is no way to secure that OS. You should be running a newer version of Windows or Linux instead of XP.
  • John J Miller
    to those that say switch to Win 7 or 8... there are some of us out here who can't afford the required hardware needed to run either one correctly.
  • computertech82
    Avira is rated #1 this year. SuperAntiSpyware is pretty good at malware, usually better than malwarebytes.
  • alpha27
    heh im running mse, comodo and avast, I think my cpu handles them well...heh i7
  • jacobian
    Rather sadly, much of the history of Windows security vulnerabilities is due to poor security practices among the users and software developers. Not using administrator account by default could have saved many headaches, and we had Windows 2000, a fine multi-user OS, since when, 1999? (I don't mention NT4 since it wasn't meant to be a consumer-level OS)
  • gerr
    1933185 said:
    to those that say switch to Win 7 or 8... there are some of us out here who can't afford the required hardware needed to run either one correctly.

    If Windows 8.1 can run on that, you must really have an old system.
  • atwspoon
    to those that say switch to Win 7 or 8... there are some of us out here who can't afford the required hardware needed to run either one correctly.

    Wait what? name a system in the past 10 years that cannot run Windows 7. I have installed the OS on numerous laptops and premade desktops from 2006-present. If your machine is more than 10 years old, you're doing it wrong.

    "If you want to run Windows 7 on your PC, here's what it takes:

    1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor

    1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit)

    16 GB available hard disk space (32-bit) or 20 GB (64-bit)

    DirectX 9 graphics device with WDDM 1.0 or higher driver"
  • gravewax
    to those that say switch to Win 7 or 8... there are some of us out here who can't afford the required hardware needed to run either one correctly.

    win 7 and 8 have very low hardware requirements. if you have a machine purchased in the last 15 years it mostly probably will run just fine, if in the last 10 it will almost certainly work.
  • moniruzzaman khan
    very good article