A former Mozilla engineer has heavily criticized several antivirus software developers in a blog on his website. He states that now he has left Mozilla he's finally able to speak out about it. He calls for users to no longer purchase antivirus software and to uninstall any previously purchased antivirus applications.
(Robert O'Callahan by Tristan Nitot, used under CC BY )
He does add that uninstalling antivirus software should only be done on an up-to-date OS.
Ex-Mozilla engineer Robert O'Callahan argues that only Microsoft's antivirus solution can be safely used and that the others 'poison the software ecosystem'. He writes, "AV [antivirus] products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security."
According to O'Callahan it happened several times that Firefox updates were blocked by antivirus applications which meant the company could no longer provide its users with important security fixes. He also states that it took considerable time to fix breakage caused by antivirus software, time that was better spent on improving the security of the browser itself.
O'Callahan also argues that the net-security provided by antivirus products is debatable. Because the product itself sometimes also contains security leaks that can be exploited by attackers. He refers to Google's Zero Day project which lists exploitable antivirus products from Kaspersky, Trend Micro and Symantec/Norton.
He calls Microsoft as 'generally competent' to follow standard security practices, unlike the other antivirus vendors.
Another disadvantage of antivirus products is, according to O'Callahan that it uses a lot of resources which slow down the computer.
He ends his blog that it's hard for a developer to speak out about the problems, "users have been fooled into associating AV vendors with security and you don't want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it."
O'Callahan adds, "You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame. When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that's how your product is."
