Although installing anti-virus is still one of the first steps that most would recommend you do with a new PC build, it turns out not everyone subscribes to that line of thinking. Ex-Mozilla developer Robert O’Callahan has gone so far as to say that anyone running the latest version of Windows 10 should delete it, as it risks creating more vulnerabilities than it protects against.
O’Callahan left the Mozilla Foundation in mid-2016, but worked there for many years, helping develop the Firefox browser, and more recently was involved with research into the “rr” record and replay debugging tool. In short, he knows his stuff, enough that when he says we don’t need something as seemingly essential as anti-virus, it’s worth taking notice.
This isn’t to say that O’Callahan believes security on a PC platform is worthless. Indeed he makes a specific claim that Microsoft’s anti-malware software, like Windows Defender, is a must. But as for everything else? He genuinely believes that it’s a waste of time and in a worse case scenario, may actually make your system more vulnerable than if you had nothing installed at all.
As an example of why this is the case, he highlighted bugs that Google’s Project Zero vulnerability team have discovered in antivirus software. At the time of writing that appears to be just one, though the illustration does somewhat argue his point: if antivirus itself can have security vulnerabilities and doesn’t do enough to ward against others, is it really necessary?
O’Callahan truly believes that it isn’t, citing one particular instance on his Eyes Above The Waves blog, where Firefox updates of yesteryear would be blocked by overzealous antivirus software. That meant that important security patches would not be delivered to users in a timely manner, all because they were using third-party anti-virus software.
He even goes so far as to highlight why it is he’s only speaking about this “now that [he’s] left Mozilla for a while.” It’s because software developers need the cooperation of anti-virus makers, since if they were to tarnish a software’s name with the idea that it’s insecure or a tool for malware in its own right, that could have a massively negative effect on the developers’ business.
While we might not go so far as to advocate uninstalling your anti-malware solution, we have run into issues of our own where anti-virus software blocked legitimate patches and updates from being applied. Have you guys encountered anything similar over the years?