News

Ex-Mozilla Engineer: Uninstall Third-Party Antivirus Software Now

A former engineer for Firefox developer Mozilla has advised PC users to avoid installing third-party antivirus software on their systems. Robert O’Callahan felt comfortable making this bold assertion following his departure from Mozilla last year. The reasoning for his extreme position is that antivirus programs, as well as being “slow and bloated”, are hurting security and making it more difficult for developers – especially internet browser vendors – to deliver a truly secure product. The only exception, according to O’Callahan, should be Microsoft’s antivirus software for Windows – either Windows Defender or Microsoft Security Essentials.

“I was just reading some Tweets and an associated Hackernews thread and it reminded me that, now that I’ve left Mozilla for a while, it’s safe for me to say: antivirus software vendors are terrible; don’t buy antivirus software, and uninstall it if you already have it (except, on Windows, for Microsoft’s),” O’Callahan declares on his blog.

“At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google’s Project Zero,” he explained. “These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)”

O’Callahan cites the following Twitter conversation between Chrome security engineer Justin Schuh and security expert Dr. Vesselin Vladimirov Bontchev from last year to highlight misconceptions of the efficacy of AV software, even within security circles:

“Furthermore, as Justin Schuh pointed out in that Twitter thread, AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security,” O’Callahan writes. “For example, back when we first made sure ASLR was working for Firefox on Windows, many AV vendors broke it by injecting their own ASLR-disabled DLLs into our processes. Several times AV software blocked Firefox updates, making it impossible for users to receive important security fixes. Major amounts of developer time are soaked up dealing with AV-induced breakage, time that could be spent making actual improvements in security (recent-ish example).”

“What’s really insidious is that it’s hard for software vendors to speak out about these problems because they need cooperation from the AV vendors (except for Google, lately, maybe),” he concludes. “Users have been fooled into associating AV vendors with security and you don’t want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it. (You can’t tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you’ll catch the blame.) When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that’s how your product is.”

Ashley Allen

Disqus Comments Loading...

Recent Posts

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

4 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

4 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

4 hours ago

Logitech G Saitek Farm Sim Controller

Heavy Equipment Bundle: Includes a steering wheel for heavy machinery, gas and brake pedals, and…

4 hours ago

Razer Ornata V3 X – Low Profile Gaming Keyboard

Low-profile Keys for an ergonomic gaming experience. With slimmer keycaps and shorter switches, enjoy natural…

4 hours ago

Glorious Gaming Model O Wired Gaming Mouse

Size & style: Ambidextrous lightweight mouse for gaming. Built for speed, control and comfort, with…

4 hours ago