News

Ex-Mozilla Engineer: Uninstall Third-Party Antivirus Software Now

A former engineer for Firefox developer Mozilla has advised PC users to avoid installing third-party antivirus software on their systems. Robert O’Callahan felt comfortable making this bold assertion following his departure from Mozilla last year. The reasoning for his extreme position is that antivirus programs, as well as being “slow and bloated”, are hurting security and making it more difficult for developers – especially internet browser vendors – to deliver a truly secure product. The only exception, according to O’Callahan, should be Microsoft’s antivirus software for Windows – either Windows Defender or Microsoft Security Essentials.

“I was just reading some Tweets and an associated Hackernews thread and it reminded me that, now that I’ve left Mozilla for a while, it’s safe for me to say: antivirus software vendors are terrible; don’t buy antivirus software, and uninstall it if you already have it (except, on Windows, for Microsoft’s),” O’Callahan declares on his blog.

“At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google’s Project Zero,” he explained. “These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)”

O’Callahan cites the following Twitter conversation between Chrome security engineer Justin Schuh and security expert Dr. Vesselin Vladimirov Bontchev from last year to highlight misconceptions of the efficacy of AV software, even within security circles:

“Furthermore, as Justin Schuh pointed out in that Twitter thread, AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security,” O’Callahan writes. “For example, back when we first made sure ASLR was working for Firefox on Windows, many AV vendors broke it by injecting their own ASLR-disabled DLLs into our processes. Several times AV software blocked Firefox updates, making it impossible for users to receive important security fixes. Major amounts of developer time are soaked up dealing with AV-induced breakage, time that could be spent making actual improvements in security (recent-ish example).”

“What’s really insidious is that it’s hard for software vendors to speak out about these problems because they need cooperation from the AV vendors (except for Google, lately, maybe),” he concludes. “Users have been fooled into associating AV vendors with security and you don’t want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it. (You can’t tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you’ll catch the blame.) When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that’s how your product is.”

Ashley Allen

Disqus Comments Loading...

Recent Posts

Electronic Arts Titles Played for Over 11 Billion Hours in 2024

Electronic Arts (EA) announced today that its games were played for over 11 billion hours…

2 days ago

Just 15% of Steam Gaming Time in 2024 Was Spent on New Releases

Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…

2 days ago

STALKER 2 Gets Massive 110GB Patch With 1800+ Fixes

GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…

2 days ago

Intel Unveils Core 200H Processors Based on the Previous Raptor Lake Refresh

Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…

3 days ago

Ubisoft Reportedly Developing a New Quadruple A Game

Ubisoft is not having the best of times, but despite recent flops, the company still…

3 days ago

STALKER 2: Heart of Chornobyl Update 1.1 Fixes 1,800 Issues and Revamps A-Life 2.0

If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…

3 days ago