This article is more than 1 year old
Former Mozilla dev joins chorus roasting antivirus, says 'It's poison!'
Kill your antivirus, maybe keep Windows Defender
Antivirus is harmful and everyone should uninstall it, so says recently liberated ex-Mozilla developer Robert O'Callahan.
The former Mozilla man worked at the browser baron for 16 years and has now joined his voice to the growing chorus of hackers pouring scorn on the utility of antivirus software. Among O'Callahan's beefs is that at one point vendors of the would-be malware protection technology blocked Firefox updates to sever the increasing security they found hard to deal with.
Almost all arguments against antivirus centre on the fact that the technology increases security attack surfaces, breaks operating system defences like address space layout randomisation and uses hacked-together hooks to comandeer web browsers.
Many security boffins therefore believe that antivirus reduces developers' ability to ship secure products.
That includes antivirus software itself: Google's Project Zero hack house has been revealing crushing vulnerabilities in all corporate antivirus that leave users open to remote compromise.
Moreover, the ease with which targeted attackers can craft malware that eludes and disables antivirus means the once essential security control has few friends left in information security circles.
@VessOnSecurity @Jindroush Kinda like how a lightbulb that sets things on fire is still high quality, so long as you only measure lumens?— Tavis Ormandy (@taviso) November 19, 2016
O'Callahan roasts the ancient security control with similar arguments in a blog that concludes that such antivirus hate speech from staff developers would draw the ire of corporate gatekeepers; "But now I'm free! Bwahahaha!".
"At best, there is negligible evidence that major non-Microsoft antivirus products give a net improvement in security," O'Callahan says.
"Antivirus products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security.
"Antivirus software vendors are terrible; don't buy antivirus software, and uninstall it if you already have."
He says Redmond's antivirus is okay since it is built by the company's "generally competent" developers who follow good security practice.
Antivirus companies have irritated Mozilla hackers. Years back Firefox engineers had cooked the then new address space layout randomisation operating system exploit defense into their browser and were frustrated as antivirus companies installed on so many user machines disabled the critical control with DLLs.
The security scourge even blocked Firefox updates.
"Major amounts of developer time are soaked up dealing with antivirus-induced breakage, time that could be spent making actual improvements in security," O'Callahan says.
Antivirus would face broadsides everywhere if it were not for the need for developers to work with the security software companies in order to have false positive virus flags removed, he says.
That quiet has fooled users into "associating antivirus vendors with security".
Others have been less dismissive of antivirus software. Respected Google hacker Darren Bilby has called on security thinkers to spend more energy on developing, refining, and deploying more meaningful defences than "magic" antivirus and intrusion detection systems that "do not work".®