You Don't Need an Antivirus (Except Microsoft's Built-in on Windows), Says Former Firefox Developer

Former Firefox developer Robert O'Callahan believes that antivirus software is not necessary, AV vendors are of little help, and that you should uninstall your antivirus software immediately. From a blog post: Users have been fooled into associating AV vendors with security and you don't want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it. (You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame.) When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that's how your product is.

IN SOVIET RUSSIA

...VIRUS CLEAN ANTIVIRUS

This is obvious even to AV vendors

[The-Ixian]

The writing has been on the wall for a while now. You rarely get "just AV" when you install an AV product these days. You end up with a whole suite of value added applications like password managers, system optimizers, registry cleaners, web site scanners, IPS and content filters, etc.

The reactionary system we have been living in was never very good. Relying on signatures to detect malware is a fundamentally flawed system. As the operating systems and, more importantly, the applications that run on them become increasingly secure, the need for the signature-based AV systems declines.

Any AV software company has seen this coming for a long time. At least I would hope they have.

Re:This is obvious even to AV vendors

Part of it had to do with running most users with administrative privileges, and Microsoft created this mess by making the systems hard to use if you didn't have administrative privileges.

I know people even today who turn off UAC the first chance they get because they are so annoyed by the prompts.

Re:This is obvious even to AV vendors

[chispito]

Relying on signatures to detect malware is a fundamentally flawed system. As the operating systems and, more importantly, the applications that run on them become increasingly secure, the need for the signature-based AV systems declines.

I 100% agree with you. Unfortunately it is regulated industries that are keeping this crap afloat.

Security != Compliance

AV Free for years

Further, any software you install likely creates new security holes in your system. By installing an AV you are likely opening up more holes then you are closing.

There are three main sources of security holes:
1) Holes in the OS that the OS manufacturer needs to close
2) Holes in installed software that the software manufacturer needs to close
3) Holes in the user's general security intelligence.

None of those are solved by adding ANOTHER software suite.

Re:AV Free for years

[tepples]

Holes in the user's general security intelligence.

None of those are solved by adding ANOTHER software suite.

Not even whitelist-based security tools that allow only vetted applications to run? I thought that was the point behind Apple's App Store, game consoles' app stores, and the PC Matic tool for Windows.

Re:AV Free for years

[Dr_Barnowl]

Problem with whitelisting is that it destroys your computer.

It's not a computer any more. It's an appliance.

Which is fine for people you can only trust to run an appliance, but it prevents anyone from programming aka becoming more productive.

It's a nice little racket - it guarantees the IT dept. a job (they were charging £2,000 to vet programs for distribution at my last place), it gives the "real" programmers more work, but it stops users reaching enlightenment and getting the computer to do what it's for - lots of repetitive tasks in an automated manner.

---

Aside from that, whitelisting software has been responsible for some of the more spectacular performance drops I've seen - like taking a process that writes around 30,000 files and increasing it's runtime from 2 minutes to 15 minutes, taking an operation that subject matter authors were doing when they felt like it and making it a tea-break thing, totally wrecking productivity.

Re:hyper-v and don't install chrome extensions

Another benefit of using a virtual machine is just powering it off when you are finished and having it reset to the last snapshot. Every month or so apply patches and move your snapshot forward.

AV is a joke

[n0w0rries]

I started removing AV from clients computers years ago. All it does is slow your PC down. Every time I had to deal with an infection, the PC involved had AV, that was sometimes very hard to remove.

malware removal services should just be a tax on the easily confused.

Re:AV is a joke

[FyRE666]

Exactly. I do the same, if we get a new PC with commercial AV installed (usually some trial) it's the first thing I uninstall to installing improve disk performance by 50-100%. The Windows 10 built-in AV works fine and doesn't make a PC perform like it has a 5400rpm drive from 2001, instead of a modern SSD.

The average user still needs AV

[entropy01]

I don't use AV, but the average person still needs it. The average person either doesn't know or doesn't care what they are clicking on. As part of a layered defense strategy for the average user, it is still needed. Personally, I don't like AV stealing my CPU cycles. I use other methods, common sense chief amongst them, to prevent infection.

Re:The average user still needs AV

[DarkOx]

The average person does need A/V but the built in stuff that come with Windows is more than adequate. Signatures are really only good if they are nearly to the moment up to date and with the present rate of churn on the internet that model just does not really work. To the degree it does still work Microsoft does as good a job as anyone. Its the heuristic side where there is still some effectiveness but even the high dollar stuff like Cylance falls down more than it succeeds. They claim 99% and maybe that is true if you just grab random malware off the internet and throw it at their stuff. We did some internal testing with more recent exploit code from metasploit and what have become downright common powershell and rundll payloads; if all we did is make the most trivial modifications to them we saw more like a %2 detection rate, other endpoint packages did about the same as well.

Long story short A/V won't protect you from even a broadly targeted (hey I know these guys are using windows 8 because I Trojaned my "stat button" replacement app for windows 8/8.1, now I'll just wait and here and see how my hosts join my botnet) attack using updated tools. It certainly won't help you against an actual targeted attack.

Should everyone leave Windows Defender on, yes its free and MS has done a pretty good job making sure their own AV package does not foul up their own OS. I would NOT recommend any third party A/V solution at this point for individuals or SMBs. There might be some residual value in endpoint packages for larger businesses but there is an equal strong cases for going without and focusing on a systems management solution instead where you simply make sure everything is patched and you have tight control over what gets run. Unfortunately Applocker bypasses are fairly trival now so you do need a third party solution800,000 to take a true white list approach.

Ad Block

[EvilSS]

These days one of the best AV products is a good ad blocker. I can protect myself from sketchy downloads: don't download sketchy software or from sketchy sites. I can't prevent some asshat from exploiting a zero day in a browser through an ad on a mainstream site, except by blocking all ads on all sites.

*Yes, trusted sites can be comprised and it's happened in the past where downloads were infected but the odds that I'll download that software during that window where the infected files are being handed out are about the same as me getting stuck by lightning.

Re:Ad Block

[interkin3tic]

I use addblock, ghostery, and noscript to protect myself from viruses

"YOU'RE KILLING THE INTERNET!"

Yeah, well the internet infected and killed one of my computers, so I'm going to be wearing an internet condom from now on. Besides, you can't tell me no one is viewing ads anymore when my aunt still is using windows XP.

"What websites were you LOOKING at that killed your comptuer?"

Oh the usual ones, porn, porn, yahoo, and more porn.

"You pervert! Use google instead!"

Re:Ad Block

[EvilSS]

Yea I get the need to make revenue but if they won't work to make sure that all of their ads are vetted and clean, I won't stop using adblock. For some reason instead of doing this, they seem to think it's a better idea to just make the ads that people without adblock see more and more intrusive. Or do like Wired and try to get me to pay more for their website without ads than I do for their freaking paper magazine! Logic.

Re:Ad Block

[interkin3tic]

Forbes too seems to be going full on RIAA. "A fraction of people are getting our product for free. SPEND ALL THE MONEY TRYING FRUITLESSLY TO FIGHT THESE RARE PEOPLE!"

I'm sure they have more information than I do, but I suspect they're spending more money and losing more readers doing it than they would theoretically be gaining in the first place.

Re:Ad Block

[EvilSS]

Yea that was the last straw for me with Forbes. I actually added them to my personal blocklist addon so they don't show up in google searches anymore, and I try to avoid them where i can elsewhere. They are basically a blogging platform for out of work "journalists"... sorry... freelancers these day with virtually no editorial oversight. The writers just pump out as much crap as they can to maximize their meager revenue. Then they pull that crap with their adblock blocking, and the very day they turn it on they were serving up malware via a malicious ad.

Re:Ad Block

[Fire_Wraith]

Given the nature of Ad Networks, it doesn't really matter what sites you're looking at. You could surf only perfectly reputable sites, and you'd still get pwned if you weren't blocking the ads. It's because they're using third-party distribution networks, and while certainly there are some networks that are shadier than others, I've yet to see anything that convinces me that the crooks can't get malware up on them long enough to do damage.

I agree with the summary

[DatbeDank]

Let's be real with ourselves. Nowadays the vectors for attack are easily protected so long as you use a modern browser that sandboxes itself and use an ad blocker you really don't need anything more than the built in AV and firewall tools for windows. I don't even think OSX provides an AV tool.

I haven't paid for antivirus software since 2005 which was coincidentally when I discovered Firefox and Adblocking extension.

I'll stick with the free tools.

Duh

[Khyber]

AV products actually make you less secure. They act as a MITM, replacing certificates with their own and totally defeating the purpose of TLS/HTTPS.

APK

[aicrules]

This story needs some APK posts.

Not used an AV in the past decade

[GeekWithAKnife]

I find that SPI firewalls, execution prevention, careful permissions for limited users, NoScript and other tools are far superior to an AV.

Liberal OS policies and platforms are not ideal for anything you;d hate to lose. Often you would not know that something malicious is running.

With multiple layers of security on a system that does not change often you can have fine grain control of anything. An odd internet connection attempt, a never heard of before program attempting to run etc -that reasonable easy to catch.

AV vendors have been packaging (shoving) everything included as soon as they realised AVs are done. Unfortunately the desktop class products are often more trouble than they are worth.

That being said, I still advocate the complete security packages from AV vendors for users that know little being logging into facebook. They are clueless and could not manage a complex system a "security suite" type program is their best bet.

Re:hyper-v and don't install chrome extensions

[CaptnCrud]

I do the same thing, except I have the song ~smooth operator by sade playing in the background when im in "secure" mode.

iPad, PlayStation, and Jiffy Lube

[tepples]

an appliance [...] prevents anyone from programming aka becoming more productive [and] stops users reaching enlightenment and getting the computer to do what it's for - lots of repetitive tasks in an automated manner.

Which elicits a big "So?" from appliance fans.

The majority of the population do not read Slashdot. I imagine that most either A. use computing devices for entertainment rather than "becoming more productive" or B. prefer to outsource the programming to a specialist rather than "reaching enlightenment" themselves. For evidence of these, look at the popularity of iPod touch, iPhone, iPad, PlayStation 3, Xbox 360, PlayStation 4, and Xbox One. For evidence of preference of delegation to a specialist, look at the popularity of services such as Jiffy Lube rather than doing your own car maintenance.

Re:This is news?

[MightyMartian]

I think most of us have been bit too many times by the bloat that products like Norton AV and McAfee represent. Norton in particular is just a resource hungry monster, and as a good many of the machines in our organization are about seven or eight years old, the idea of putting that kind of CPU cycle ravisher on them fills me with horror. In the end, we upgraded to Windows 10 (a rather mixed experience), and just used the built-in Windows Defender plus a pretty locked down network and good backups so if, somehow, some ransomware gets loose, our actual data loss is fairly low. And that's really the lesson here, AV has never been the entire answer, and relying on it in the absence of good practices and user training has always been a dangerous path.

Re:Addons = inferior & inefficient vs. hosts

[EvilSS]

Hostfiles are a horseshit way to manage this. If you don't want to use addons then do it at the firewall where you can more easily manage lists you use and you don't have to do it on a machine by machine basis. This is more than possible with consumer gear and third party open firmware.

Re:You're less efficient programmatically

[EvilSS]

Not sure what you don't understand, but do these look like IP addresses to you? https://imgur.com/a/44AnF

You can block hosts at the firewall, you are not limited to just IP's. I think it's you that needs to take a refresher in compsci and networking. Your understanding seems to be a few decades out of date.

You're credible why?

[zifn4b]

And we should trust the developer of a browser whose development team didn't see the problem with their memory model chewing up resources until Firefox ground to halt and took an ivory tower position of something along the lines of "you shouldn't have your browser open that long." I know quite a few people who switched to Chrome over that nonsense, myself included. Why should we trust your recommendations again?