Former Firefox Developer: Remove Third-Party Antiviruses

Firefox developer and hacker Robert O'Callahan temporarily left Mozilla, became free from corporate obligations and is now free to tell the truth without reservation. He urged users to immediately remove third-party antivirus software from their computers (Windows Defender is better left).

“Now [after leaving Mozilla] I can safely say: anti-virus software developers are terrible; do not buy antivirus programs, and remove those already installed (except Microsoft, if you are under Windows [10], ”said Robert.

Basic security rules: follow the operating system updates, install the latest security patches. The expert added that if a person has to use outdated Windows 7 systems or, God forbid, Windows XP, then third-party antiviruses will still help him to be not in the full hole - to feel that there is at least some kind of protection.

The call to remove harmful third-party antiviruses is, of course, primarily to Windows 10. And mainly it concerns paid programs, because if you installed a useless thing for free, this is one thing, and if you install a useless thing for money and continue to pay, completely different. Moreover, third-party antiviruses can not always be called neutral useless, because they consume CPU resources and battery power on mobile devices, so users still have to give computing resources to these “cash cows” of the information security market. And most importantly - third-party antivirus can significantly impair the security of the PC.
')
“In the best case, there is a ghostly chance that the main non-Microsoft anti-virus will at least increase security. More likely, they will significantly impair security . For example, look at the list of vulnerabilities in anti-virus products listed on the Google Project Zero vulnerability catalog pages. ”


An example of fixing 0-day vulnerabilities in a popular anti-virus product, 2015-2016.

In the most famous commercial antivirus - dozens of vulnerabilities . We are talking about those bugs that are usually found by outside researchers or are already actively exploited by malware. Antivirus developers are trying to close these bugs, but many users do not update the antivirus and do not install patches. In addition, the update will not help if the attackers are aware of other vulnerabilities, which information has not yet leaked into open access. And there are many such bugs, because the antivirus is a very tempting target for hackers. Antivirus sits in the OS at the lower level, and hacking it can get full access to the file system, up to the OS loader.

The presence of serious bugs in antivirus software makes it clear two things:

1. Antiviruses open to attackers a variety of vectors to attack.
2. Antiviruses are written without observing standard security rules.

Robert O'Callahan is not the only one who blames antiviruses for sabotage. Justin Schuh, one of the programmers at Google Chrome, recently spoke with the same opinion . In a long discussion of the topic of antivirus and security, he said such a phrase in order to explain his opponent’s point of view most clearly: “Antivirus is the single biggest obstacle that prevents the release of a secure browser.”


Shuh explained that antiviruses "poison the program ecosystem" because their invasive and poorly written code makes it difficult for browsers and other programs to ensure their own security. O'Callahan recalls that when Firefox first introduced support for the ASLR memory protection mechanism in Firefox under Windows, antivirus programs constantly broke this protection, introducing their DLLs without ASLR protection into software processes.

Several times antiviruses blocked Firefox updates, preventing the latest important security updates from being installed. Developers have to spend a lot of time bypassing antiviruses. But this time could be given to other security issues.

“The biggest treachery is that it’s hard for software developers to speak out loud about these issues because they need support from antivirus vendors,” says O'Kallahan. - Maybe with the exception of Google, lately. The users were misled that the antivirus provides security, and no one wants the antivirus vendors to speak ill of your browser. Antiviruses are everywhere, and if it breaks your browser, then you need their assistance to correct the situation. ” Browser developers cannot directly and officially tell users to disable antivirus, because if something bad happens that could potentially be prevented by antivirus, then they will get all the bumps.

“When a browser crashes while loading due to antivirus intervention, the browser is to blame, not the antivirus. Even worse, if they make your program incredibly slow and bloated , users think that it’s just such a slow and bloated browser, ”O'Kallahan sadly concludes, recalling the situation with the Firefox browser, which consumed a huge amount of RAM after installing McAfee anti-virus modules .

Antivirus is an obvious security breach not only because of new dangerous vulnerabilities that it adds to the system. This vulnerability is originally by nature, because many antiviruses install their own root certificates by default without warning, being introduced into HTTPS traffic according to the MitM principle. Most antiviruses are in any case the degradation of HTTPS protection , as the information security specialists have repeatedly warned about .

Although O'Callahan himself prefers to refrain from negative evaluation of Microsoft antivirus, it should be noted that this particular antivirus has the worst effect on computer performance (stronger than Windows Defender only Trend Micro antivirus inhibits the system).