windows 10 inbuilt antivirus

Before you make a decision, just know that a batch script can disable the whole WD protection without any kind of alerts or admin prompts, which is something we can't do with other AV's (at least not with such an easy process). Check this for details.

 

In reality, it's even many times more than what you actually need.
True, in reality, you never need any antivirus.
At least none of what has been offered for decades and is still offered to you.
None of them has ever protected anyone from anything.
They simply don't work, even can't work.
But in the end, it's up to You to decide what kind of God You believe in and what You use or don't use.
I tested everything available for about 10 years and then realized that they were pointless. I haven't used any for about 15 years now and I've never seen any viruses. Also, have ever met anyone who has ever met a virus in their lifetime.

 

I've been in It since windows 98SE (roughly) and have seen an uncountable number of infected PCs.

Its not as bad as it used to be. 98SE -> XP era was pretty insane. XP in particular looked like it was coded specifically to make malware a giant PITA. Between what you could hook without consequence and the nearly unlimited ways to gain persistence, XP was a malware author's dream.

As things moved to Vista and 7 (and 64bit as a consequence) the rootkit plague started to die down since it was no longer the hooking paradise that 32bit was. Malware as a service started heating up and the days of it being obvious that your system was infected were gone. Instead of 17 new browser toolbars, hijacked wallpapers and constant warnings about "your system is infected" you get bots that constantly and silently update themselves and are leased out to people looking to use these botnets for nefarious purposes. This also disconnects the moment of initial infection from future impact. You might get hit a ransom trojan months after getting infected with a bot if someone leases that botnet to do a ransomware campaign months down the road.

Social engineering also gave way to exploits as the point of entry as "you need to install this 'codec' to watch your p0rn" stopped being very convincing. Exploits simply require your system to be unpatched and you to visit a compromised page. The worst exploit on a "safe" page I have ever seen was when an ISP's webmail page was compromised and directly infected people that visited it. People finally stopped clicking 'yes' on everything so malware adapted, there is no need to click anything for an exploit to trigger. Instead of the shotgun approach, things became a lot more targeted and specific. Insanely convincing emails have such a high success rate that you can send out 4 orders of magnitude less and have the same success that shotgun spam with terrible English had years ago.

Around the time windows 10 came out it was clear that malware was moving more towards business targets and away from Joe/Jane user. Its not gone, but its a lot more rare. This rarity does come at a price though. If you get hit with something, it is likely to be more serious. Ransomware is the big one. If you get hit with this and are not prepared, you will be paying the ransom, giving up and starting over or waiting moths to years for a decryptor to become available.

It does not get enough attention but the advancements in PC technology and the fact that Windows 10 can be used without a key actually allows for a very secure setup. About 4 years ago I switched to a security model leveraging windows 10 VMs. I set up 2 VMs on my main workstation. VM1 is dedicated to general purpose surfing. VM2 is dedicated to secure transactions (banking, online purchases ....). VM2 is never booted unless I am using it for its intended purposes or updates. VM1 is used exclusively for general screwing around online. The actual bare metal system itself is used for dev work and nothing else. Backups of important data are also offline unless I am making/restoring a backup, just in case. I have security software installed but that is a backup. The way I have things set up should make it impossible for the host system to ever be compromised and on the off chance the general use VM gets compromised, a clean backup can be restored in just a few minutes, 0 disruption to the main system.