Should you get all-in-one security software?

The world of personal and professional cybersecurity has become more complex in recent times, in an effort to keep pace with the increasing sophistication and frequency of cyberattacks, as the number of vectors threat actors can exploit is far greater than ever.

This has meant users need more than just a basic antivirus tool - malware removal, ransomware protection, password managers and VPNs are all recommended weapons to have in one's arsenal. But of course, paying for all these different services will mean mounting costs and numerous subscriptions to keep track of.

That’s where bundled software come in, combining all these tools into one simple package. But how effective are they compared to their standalone counterparts? Given their rising popularity, it's a question that many will want to know the answer to.

Eggs in one basket

One aspect that may deter people from using bundled software is the greater perceived risk, akin to putting your eggs all in one basket - if one thing goes wrong, then you're doomed across the board. 

This concern isn’t without merit: many Norton LifeLock customers fell victim to a credential stuffing attack in late 2022, with parent company Gen Digital sending a notice to customers explaining that their personal information may have been accessed, as well as their credentials stored in the included password manager. 

Presumably, those with the bundle that includes Norton’s own antivirus and VPN would have seen these compromised too, possibly allowing the threat actors to alter their settings or even disable them.

If you split your various services across numerous vendors, the reasoning goes, then a breach of one won't affect the others - provided, of course, you haven’t used the same credentials to secure every one of your services, which is always ill-advised.

The same argument is sometimes used against password managers: if the master password that secures your vault is cracked or leaked, then all the passwords for every one of your accounts are compromised.

However, using two-factor or multi-factor authentication (2FA/ MFA) means that even if your username and master password are stolen, hackers will still not be able to steal your data; they'll also need to have access to your secondary device used to authenticate your login. In the case of the Norton LifeLock breach, had the affected customers secured their accounts with MFA, then they would have likely prevented themselves from being hacked.

So if you follow good security practices by using strong, unique passwords and securing your accounts with MFA, then the risk from using all-in-one services isn't really any greater than using separate standalone services.

Some examples

Aura is one of the leading identity theft protection services, but it also includes antivirus, a VPN and a password manager in a single package. But how good are each of these extra features?

In our review of the suite, we found that the antivirus tool offered average performance when quarantining our test virus, and the UI was quite spartan with a few issues - especially on Mac, as we experienced crashes with the client on Apple's desktop environment.

The VPN is serviceable, achieving the basic task of masking your true IP address, deflecting prying eyes away from your true location, which can be handy if you want to maintain privacy. However, Aura’s VPN only allows you to connect to servers in the US, whereas standalone VPN providers will let you choose from a wide range of locations. We also didn't find it suitable for streaming content in restricted regions.

As for the password manager, this was quite basic in our view, lacking the ability to organize your passwords with tags or folders - a standard feature on nearly every standalone password manager. 

Its browser compatibility is also limited, only having extensions for Chrome, Firefox, and Edge. Again, many standalone password managers will be compatible with a wider variety of browsers, including Safari, Opera, Brave and DuckDuckGo.

So while its bundled tools can get the basics right, those after more control and advanced features would be better opting for dedicated services instead.

Conversely, password managers themselves have been adding more security-based features to their software. Dashlane recently launched an anti-phishing tool that can protect you from email scams, and Keeper offers various security modules that users can add on to their account.

NordPass is another manager with extra security tools. The company behind it, Nord Security, also offers one the best VPN solutions available in NordVPN, and if you opt for the Plus or Ultimate plan, you get NordPass included, which is also one of the best password manager options. 

Both of these services are class-leaders in their respective fields, so the two together make for a great package. However, as with Dashlane and Keeper, neither of these offer direct protection from malware, ransomware and the like, so that means buying into yet more vendors and services to secure your devices and network to their fullest.

So if you want the most advanced features and the flexibility to tinker with various parameters, then standalone services may be the better option. There are also a greater range of services available in the standalone market, which offer their own unique advantages depending on the use case, making it easier to find a service that suits your own particular needs. Otherwise, bundles may be best for most casual users, as their constituent parts can get the job done and prevent your subscription costs from spiraling.

• If you don't want to pay anything for online protection, then consider the best free antivirus solutions
• ExpressVPN officially launches password manager tool for all users
• Why there’s no one-size-fits all solution to security maturity