The two best-marketed security products on earth protect completely different things: an antivirus watches what runs on your machine, a VPN hides what travels on your network. Neither substitutes for the other, both vendors increasingly pretend otherwise, and the bundling wars have made a simple division genuinely confusing.
Here’s the clean version, plus the honest answer on whether you need both.
The division of labor, in one table
| Threat | Antivirus | VPN |
|---|---|---|
| Malware, ransomware on your device | Yes | No |
| Phishing executables and droppers | Yes | No |
| ISP logging your browsing | No | Yes |
| Snooping on public Wi-Fi | No | Yes |
| IP-based tracking and geo-blocks | No | Yes |
| Malicious websites and ad domains | Partly (web shields) | Partly (DNS blockers) |
| Logged-in tracking, cookies, fingerprints | No | No |
Read the bottom rows twice: there’s a small overlap (both ecosystems now block bad domains) and a shared blind spot (neither touches the tracking that survives both). Everything else is separate territory.
What the antivirus layer actually covers
Modern endpoint protection (Windows’ built-in Defender now being a genuinely respectable baseline) handles execution-layer threats: malicious downloads, ransomware behavior, infected attachments, exploit attempts against your software. It sees inside your device in ways no network tool can, which is exactly why it can stop a trojan and your VPN cannot.
What it can’t do is anything about observation: your antivirus does not blind your ISP, secure hotel Wi-Fi, or move your IP. A spotless, malware-free laptop on cafĂ© Wi-Fi is still broadcasting its traffic patterns to the room and its browsing map to the network, the precise scenario the public Wi-Fi guide exists for.
What the VPN layer actually covers
The tunnel encrypts your connection and relocates your IP: ISP blindness, hostile-network safety, geo-flexibility, the whole catalog this site documents. What it can’t do is anything about execution: a VPN will faithfully encrypt your download of ransomware and deliver it to you in perfect privacy. Infected is infected, tunneled or not.
The marketing erosion happens at the edges: VPN suites now bundle “threat protection” features (NordVPN’s Threat Protection, Surfshark’s CleanWeb and antivirus add-on, Proton’s NetShield) that block malicious domains, ads and trackers at the DNS level, and in NordVPN’s case scan downloads. These are real and useful, closer to a web-shield layer than to full endpoint protection: they reduce exposure, they don’t replace behavioral malware defense. Treat them as a bonus layer, not a substitution.
So: do you need both?
For most people, yes, and the good news is that “both” is nearly free. The realistic stack for a normal household: the built-in antivirus (Defender on Windows, XProtect on macOS, both default-on) kept current, plus a quality VPN for the network layer, plus the browser-level hygiene neither tool covers. Total added cost: the VPN subscription alone.
Paid antivirus suites earn their fee in specific cases (households needing central management, heavy downloaders, identity-monitoring bundles); for everyone else the built-ins have closed most of the gap. Paid VPNs, by contrast, have no real built-in equivalent: the OS doesn’t ship one, and the free tier landscape is two honest options with limits. Hence the asymmetric advice: default antivirus is usually fine, default (nonexistent) VPN is not.
The bundles flip the question: is one subscription for both worth it? NordVPN’s higher tiers bundle Threat Protection’s download scanning; Surfshark One adds a true antivirus module to the VPN at a price that undercuts buying separately. For users who want one bill and adequate coverage, these are honest value; for users with strong preferences in either category, separates still win. The comparison table prices the VPN half of that decision; NordVPN is here and Surfshark One is here when the bundles fit.
The myths this comparison generates
“I have antivirus, so I’m safe on public Wi-Fi”: no; the network sees you fine, your files just stay clean while it does. “I have a VPN, so I can’t get infected”: emphatically no; the tunnel carries malware as faithfully as cat videos. “The VPN’s threat blocker means I can disable Defender”: no; DNS filtering and behavioral endpoint protection are different layers, keep both. And the evergreen “Macs and phones don’t need any of this”: platform malware profiles differ, but the network layer is identical everywhere, which is why the phone setup matters as much as the desktop one.
One configuration note for the both-camp: security suites that filter network traffic occasionally wrestle with VPN tunnels (the symptom list lives in our disconnection guide); the fix is excluding the VPN app in the antivirus settings, after which the two coexist silently.
Where each tool’s marketing oversells
Both categories earn skepticism at the edges of their ad copy. Antivirus suites oversell identity protection (monitoring services bolted onto scanners, useful but not malware defense) and system optimization (registry cleaning theater). VPN brands oversell anonymity (the tracking reality is layered), and “military-grade encryption” (AES-256 is table stakes, not a differentiator). The pattern in both: the core function is real and commoditized, so marketing migrates to the periphery. Buy the core, evaluate the periphery as bonuses, and never let either category claim the other’s territory.
The password manager: the third leg nobody asked about
Any honest both-or-neither article owes you the third tool: a password manager closes the breach-reuse attack path that neither antivirus nor VPN touches, and credential stuffing compromises more ordinary accounts than malware and network snooping combined. The full modern stack for a household is boring and short: built-in antivirus current, a VPN for the network layer, a password manager for credentials, updates on autopilot. Four items, two of them free, and the realistic threat catalog for a normal person is substantially covered. Everything beyond that is threat-model-specific, which is where the high-risk guide picks up.
(For readers building the four-item stack today: the OS already installed item one, the comparison table ranks item two, any reputable manager covers item three, and item four is a settings toggle. Total setup time is under an hour, most of it choosing the VPN.)
Two tools, two jobs, one quiet computer: the whole debate resolves into a shopping list shorter than the articles arguing about it.
(File this one under questions worth settling once: the stack fits on an index card, and every future scary headline about either category gets read against it calmly.)
Parents asked the version with kids: same stack, plus the platform parental controls neither tool replaces, and the router-level DNS filtering that catches what individual devices miss.
Want to compare all VPNs side by side? Check our full VPN comparison table with scores across 18 criteria.
VPN versus antivirus is a category error dressed as a decision: one guards the device, the other the connection, and a normal digital life is exposed without either. Run the built-in antivirus your OS already gave you, add a quality VPN for the layer nothing built-in covers, and consider the bundles only as a billing convenience. The real upgrade over both is the unglamorous third layer: updates installed, passwords managed, and a healthy suspicion of free things that want permissions.