Top
Computer Glossary
Security Tips & Information
What's New!!
Help Desk
Taking care of your PC
My Favorite Links
Buying & Recycling PC's
Protect Yourself Online
Software
The mysterious "Cloud"
Improve & Protect your Browser
About Thom & the Site
Search

Pittsburgh Tech Guy

Phone: 412-256-8674

Email: pghtechguy@hotmail.com

Skype: pghtechguy on Skype

 

How to Backup your computer online for free
« Weekend Project: It’s Time to Clean Your Computer, Inside and Out | Main | If we show you how to back up your PC for free, will you finally do it? »
Sunday
Jan292017

It might be time to stop using antivirus....really

DateSunday, January 29, 2017 at 2:04AM

Former Firefox developer Robert O'Callahan, now a free agent and safe from the PR tentacles of his corporate overlord, says that antivirus software is terrible, AV vendors are terrible, and that you should uninstall your antivirus software immediately—unless you use Microsoft's Windows Defender, which is apparently okay.

A couple of months back, Justin Schuh, Google Chrome's security chief, and indeed one of the world's top infosec bods, said that antivirus software is "my single biggest impediment to shipping a secure browser." Further down the thread he explains that meddling AV software delayed Win32 Flash sandboxing "for over a year" and that further sandboxing efforts are still on hold due to AV. The man-in-the-middle nature of antivirus also causes a stream of TLS (transport layer security) errors, says Schuh, which in turn breaks some elements of HTTPS/HSTS.

These are just two recent instances of browser makers being increasingly upset with antivirus software. Back in 2012, Nicholas Nethercote, another Mozillian working on Firefox's MemShrink project said that "McAfee is killing us." In that case, Nethercote was trying to reduce the memory footprint of Firefox, and found that gnarly browser add-ons like McAfee were consuming a huge amount of memory, amongst other things. If you venture off-piste into the browser mailing lists, anti-antivirus sentiment has bubbled away just below the surface for a very long time.

The problem, from the perspective of the browser makers, is that antivirus software is incredibly invasive. Antivirus, in an attempt to catch viruses before they can infect your system, forcibly hooks itself into other pieces of software on your computer, such as your browser, word processor, or even the OS kernel. O'Callahan gives one particularly egregious example: "Back when we first made sure ASLR was working for Firefox on Windows, many AV vendors broke it by injecting their own ASLR-disabled DLLs into our processes." ASLR, or address-space layout randomisation, is one of the better protections against buffer overflow exploits.

Click here to read more from Ars Technica.

AuthorThom McClain | CommentPost a Comment |

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.

Notify me of follow-up comments via email.