A former engineer at Mozilla has criticized third-party antivirus vendors in a blog post, and claimed that the software can "poison the software ecosystem". He asked users not to buy AV, or uninstall it if they have it already installed, and just use Microsoft's solution, Windows Defender.
He blames AV vendors for not following "standard security practices", unlike Microsoft whom he called "generally competent". He explained:
"AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security."
He also said that AV can cause breakage to other products such as browsers, which can lead people to believe that it's the latter's inefficiency. They can also block updates which could be important for users. He added:
"Several times AV software blocked Firefox updates, making it impossible for users to receive important security fixes. Major amounts of developer time are soaked up dealing with AV-induced breakage, time that could be spent making actual improvements in security."
AV vendors have come under increasing scrutiny over the last few years including Symantec for zero-day flaws discovered in over twenty of its products. AVG also found itself in hot water over its privacy policy which gave the company the ability to sell the browser and search history of its users to third parties. Microsoft, however, has been actively working on making Windows 10 the most secure version of the 30-year-old platform, including the introduction of Windows Defender Security Center in the Creators Update and increasing its annual investment on cybersecurity research.
An exchange between Chrome security engineer Justin Schuh and information security expert Dr. Vesselin is what drove O'Callahan to write the post:
For Windows 7 and below, which Microsoft asserts are not as secure as their contemporary, O'Callahan noted that "third party AV software might make you slightly less doomed." He also added that employees talking about these issues can create a PR nightmare for both the company and the employee, perhaps contributing to the rarity of public discourse on this topic.
Source: Robert O'Callahan via ZDNet
106 Comments - Add comment