Ex-Mozilla Engineer: Don't use third-party antivirus software

[Batu69]

A former engineer at Mozilla has criticized third-party antivirus vendors in a blog post, and claimed that the software can "poison the software ecosystem". He asked users not to buy AV, or uninstall it if they have it already installed, and just use Microsoft's solution, Windows Defender.

 

He blames AV vendors for not following "standard security practices", unlike Microsoft whom he called "generally competent". He explained:

"AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security."

He also said that AV can cause breakage to other products such as browsers, which can lead people to believe that it's the latter's inefficiency. They can also block updates which could be important for users. He added:

"Several times AV software blocked Firefox updates, making it impossible for users to receive important security fixes. Major amounts of developer time are soaked up dealing with AV-induced breakage, time that could be spent making actual improvements in security."

AV vendors have come under increasing scrutiny over the last few years including Symantec for zero-day flaws discovered in over twenty of its products. AVG also found itself in hot water over its privacy policy which gave the company the ability to sell the browser and search history of its users to third parties.

 

Microsoft,however, has been actively working on making Windows 10 the most secure version of the 30-year-old platform, including the introduction of Windows Defender Security Center in the Creators Update and increasing its annual investment on cybersecurity research.

An exchange between Chrome security engineer Justin Schuh and information security expert Dr. Vesselin is what drove O'Callahan to write the post:

@VessOnSecurity @codelancer @taviso You misunderstand your own ignorance. AV is my single biggest impediment to shipping a secure browser.

— Justin Schuh (@justinschuh) November 26, 2016

For Windows 7 and below, which Microsoft asserts are not as secure as their contemporary, O'Callahan noted that "third party AV software might make you slightly less doomed." He also added that employees talking about these issues can create a PR nightmare for both the company and the employee, perhaps contributing to the rarity of public discourse on this topic. Source: Robert O'Callahan via ZDNet

 

Article source

[Kalju]

A huge number of people have been working for years to get people to believe in the importance of the use of anti-virus software, especially, what they offer, and now suddenly the bread may be lost out of hand. Can catch more lie and cheat people out...
Honestly do not believe that it will succeed. People hate their money but people like to believe in nonsense...
The more you lie, the more is believed. That is the anti-virus producers principle.
"Money does not stink, no matter how it is obtained."  /When Titus Flavius Vespasian I (Emperor of Rome)/

Spoiler

When Titus Flavius Vespasian I (Emperor of Rome) had imposed the taxes to the Rome public toilets, 
his son Titus thought that his father has gone too far, took Titus Flavious Vespasian I a handful of coins 
and put the son nose down, saying: "Does not stink." From this comes from the phrase, "Money does not stink!"

 

[pc71520]

Relevant Thread on Wilders Security.

[DKT27]

Many if not most AVs these days come with trusted whitelist already, which check the file signature and allow it. Also, what stops him from working with AV makers, helping them improve the user experience further here.

[straycat19]

Let's take a look at the AV situation from a logical perspective.  There hasn't been a true virus in over 15 years, we are dealing with a much broader scope of afflictions that come under the broad heading of malware.  Long gone are the days where a 'virus' infected your system and kept adding bogus data to the end of your exe files until your hard dive filled up.  That was a virus, it was an irritant, but didn't encrypt your files or destroy your data.  Though people were angered when they had a virus, in the end the AV systems of the day, McAfee and Norton, would both come out with a fix that would block/remove the virus.  AV programs today work with same basic principles used back then of using fingerprints and heuristics to attempt to block intrusions, payloads and other abnormal items.  They don't work very well.  That is why I quit using them years ago when I seriously became involved in securing large multi-state systems (Commonly referred to as WANS).  I spent many hours testing on my home systems and then on some of my admin systems at work.  I don't advocate my approach to businesses because of stupid users, every tool we can get to secure a user's workstation/desktop/laptop computer is used to protect them from themselves.  However I haven't nor will I use an AV program on any of my personal computers.  I prefer using a firewall and group policies to lockdown my system from things that an AV won't even see.  In my tests over the last 5 years I also discovered, as have many others, that malware writers don't want us to look at their code.  In order to stop us they targeted the most common tool we used to do that, the Virtual Machine.  99.9% (I would say a hundred but them there is always that oddity that doesn't fit the norm) of the malware released is designed to detect if an attempt is being made to run it on a VM and if so it not only doesn't run/infect the system but deletes its initial payload from the system, leaving no trace what so ever.  I know of some businesses, who although they still use AV, have every system running a VM from the network and nothing on their actual systems other than the necessary software to connect to the network and run the VM.  20 years ago when I worked with IBM AS400 systems the fact that they used data terminals and ran everything from the server was what attracted most businesses, even small ones like a local dentist's office, to use them.  Once add-in cards came out, like the Bosa Nova, that allowed a PC to act as an AS400 terminal and switch between Windows and AS400 Terminal with a key press, then companies started going to the PC, and eventually many of them went from AS400 to Windows NT server.  And all of a sudden we had many more problems such as virus infections that users and system administrators weren't familiar with and had no experience with which led to massive infections.  And the use of AV programs became even more widespread and were deemed as absolute necessities.  And for some people they still are.

[dave1977nj]

"Microsoft,however, has been actively working on making Windows 10 the most secure version of the 30-year-old platform"

 

 

 

 

LMAO!

 

 

[Fallon]

A former Mozilla guy's opinion is not as important as our own experiences (Mozilla can look at its own problems - plenty there).

Virus or malware, we still can get unwanted stuff on board from just visiting the wrong website. I think anyone who got rid of a ransom attack, doesn't mind his or her AV anymore.

I believe a VM can be useful too. Or running a browser sandboxed.

But guarding unnecessary scans is a criminal waste of time. So I am with those who use their brain and try to keep it light. 

[steven36]

While  I dont agree with using Windows Defender unless that's what you want ..i do agree with people put to much faith in AV and there not what there cracked up too be  ..But what he says dont make any sense  that using 3rd party AV in windows 8 or newer is not needed, how does he know how the security will be like in Windows  8 and Windows 10 when it gets as old as XP and Windows 7 ?

 

But even this guy had enough sense to see Firefox is going nowhere  after 16 years of working on it and left.

http://robert.ocallahan.org/2016/03/leaving-mozilla.html