Running antivirus software is just common sense… until it causes a few blue screens. Or constantly detects false positives in your favourite applications. Or makes your programs crash with unhelpful, mysterious errors. Is there an argument for not installing antivirus software? Perhaps.
Robert O’Callahan, a former Mozilla software developer, has written a post advocating that Windows users “uninstall” their antivirus software, the argument being that “[AV] software vendors are terrible”.
In fact, he recommends Microsoft Defender if you’re going to run anything at all, despite it being utter pants in terms of threat detection compared to the competition.
It almost sounds like insanity. Almost. Fortunately, O’Callahan goes into more detail further into the post:
At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google’s Project Zero. These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)
He goes on to say that problems with “poorly-implemented” AV usually manifest in other applications, somewhat hiding the problem:
When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that’s how your product is.
Does O’Callahan have a point? I’d say more experienced users can get away with installing AV and disabling real-time protection. Often you just want to scan the odd file; a constant watchdog is not necessary.
For the less knowledgeable user though? Real-time AV does have a place, though vendors could do better when it comes to code quality.
Disable Your Antivirus Software (Except Microsoft’s) [Eyes Above The Waves, via ZDNet]
Comments
3 responses to “Antivirus Software Does More Harm Than Good, Says Former Mozilla Developer”
AV software is the pits.
For most people I set them up with a decent firewall, and a bootable Antivirus DVD and have them leave it in the drive and boot off it twice a week before they go to bed to check for threats.
Dvd? What’s that?
AV serves a good purpose for many individuals. Some products work very well, and of course, like with everything, some do not. The idea that somehow AV should be held to a higher standard is laughable. It is software, just like any other. And it is something that dedicated attackers make an effort to defeat. We are going to be behind. That doesn’t make it worthless.
You can mitigate nasties at home by being diligent – it comes down to how you use your computer. The biggest threats are;
– bad web sites; we all know which ones… use a VM that’s disposable or with a snapshot. If you can’t, boot into live distro like Ubuntu/Linux Mint without filesystem access (unmount all)
– questionable apps; avoid torrent sites/keygens, dodgy freeware, etc… and only use/install known-trusted apps from reputable sources or embrace open source
– attachments; delete any correspondences from suspecious or unknown senders and utilise a good spam filter
– media; don’t open any random USB’s/optical media/disks, etc without having some context as to it’s origin or purpose, and
– foreign networks; don’t trust them or do every little. Some ‘free’ wifi hotspots can be bad actors, intercepting or malforming data packets. Rely on a trusted proxy or VPN service or use your mobile’s data service.