Former Firefox Developer: Remove Third-Party Antiviruses

    Firefox developer and hacker Robert O'Callahan temporarily left Mozilla, became free from corporate obligations and is now free to tell the truth without reservation. He urged users to immediately remove third-party antivirus software from their computers (Windows Defender is better left).

    “Now [after leaving Mozilla] I can safely say: anti-virus software developers are terrible; do not buy antivirus programs, and remove those already installed (except for Microsoft, if you are under Windows [10], ”said Robert.

    Basic security rules: monitor the operating system updates, install the latest security patches. The expert added that if a person has to use outdated Windows 7 systems or, God forbid, Windows XP, then third-party antiviruses will still help him to be not in complete hole - to feel that there is at least some kind of protection.

    The call to remove harmful third-party antiviruses is, of course, primarily to Windows 10. And it mainly concerns paid programs, because if you installed a useless item for free, this is one thing, and if you install a useless item for money and continue to pay, completely different. Moreover, third-party antiviruses can not always be called neutral useless, because they consume CPU resources and battery power on mobile devices, so users still have to give computing resources to these “cash cows” of the information security market. And most importantly - third-party antivirus can significantly impair the security of the PC.

    “In the best case, there is a ghostly chance that the main non-Microsoft antivirus will at least increase security. More likely theysignificantly worsen security . For example, look at the list of vulnerabilities in anti-virus products listed on the Google Project Zero vulnerability catalog pages . ”

    An example of fixing 0-day vulnerabilities in a popular antivirus product, 2015-2016.

    In the most famous commercial antivirus - dozens of vulnerabilities. We are talking about those bugs that are usually found by outside researchers or are already actively exploited by malware. Antivirus developers are trying to close these bugs, but many users do not update the antivirus and do not install patches. In addition, the update will not help if the attackers are aware of other vulnerabilities, which information has not yet leaked into open access. And there are many such bugs, because the antivirus is a very tempting target for hackers. Antivirus sits in the OS at the lower level, and hacking it can get full access to the file system, up to the OS loader.

    The presence of serious bugs in antivirus software makes it clear two things:

    1. Antiviruses open to attackers a variety of vectors for attack.
    2. Antiviruses are written without observing standard security rules.

    Robert O'Callahan is not the only one who blames antiviruses for sabotage. With the same opinion recently delivered by Justin Schuh (Justin Schuh), one of the Google Chrome project developers. In a long thread of discussing the topic of antivirus and security, he said such a phrase in order to explain his opponent’s point of view most clearly: “Antivirus is the single biggest obstacle that prevents the release of a secure browser.”

    Shuh explained that antiviruses "poison the program ecosystem" because their invasive and poorly written code makes it difficult for browsers and other programs to ensure their own security. O'Callahan recalls that when Firefox first introduced support for the ASLR memory protection mechanism in Firefox under Windows, antivirus programs constantly broke this protection, introducing their DLLs without ASLR protection into software processes.

    Several times antiviruses blocked Firefox updates, preventing the latest important security updates from being installed. Developers have to spend a lot of time to bypass antiviruses. But this time could be given to other security issues.

    “The biggest cunning is that it’s hard for software developers to speak out loud about these issues because they need support from antivirus vendors,” says O'Kallahan. - Maybe with the exception of Google, lately. The users were misled that the antivirus provides security, and no one wants the antivirus vendors to speak ill of your browser. Antiviruses are everywhere, and if it breaks your browser, then you need their assistance to correct the situation. ” Browser developers cannot directly and officially tell users to disable the antivirus, because if something bad happens that could potentially be prevented by the antivirus, then they will get all the bumps.

    “When a browser crashes while loading due to antivirus intervention, the browser is to blame, not the antivirus. Even worse, if they make your program incredibly slow and bloated , users think that your browser is so slow and bloated, ”O'Kallahan sadly concludes, recalling the situation with the Firefox browser, which consumed a huge amount of RAM after installing McAfee anti-virus modules. .

    Antivirus is an obvious security breach not only because of new dangerous vulnerabilities that it adds to the system. This vulnerability is originally by nature, because many antiviruses install their own root certificates by default without warning, being introduced into HTTPS traffic according to the MitM principle. Most antiviruses arein any case, the degradation of HTTPS protection , as the information security specialists have repeatedly warned about .

    Although O'Callahan himself prefers to refrain from a negative assessment of Microsoft antivirus, it should be noted that this particular antivirus has the worst effect on computer performance (stronger than Windows Defender, only Trend Micro's antivirus inhibits the system).

    Also popular now: