Ex-Mozilla developer Robert O’Callahan has got a bee in his bonnet about the merits of anti-virus software:
Antivirus software vendors are terrible; don’t buy antivirus software, and uninstall it if you already have it (except, on Windows, for Microsoft’s).
At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google’s Project Zero. These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)
I couldn’t disagree more with Robert O’Callahan.
I think the vast majority of people would be crazy to connect to the net without having an anti-virus in place.
That doesn’t mean that anti-virus software is perfect, or that it hasn’t sometimes suffered from its own flaws and vulnerabilities.
But the typical user is much MUCH more likely to be protected by anti-virus software intercepting a piece of malware than find themselves targeted by a sophisticated attack which exploits a flaw in the security software.
Don’t believe me? Just find a relative or friend’s Windows PC that doesn’t run any anti-virus software. Chances are that it is riddled with multiple instances of malware, adware and unwanted browser search bars.
Just because anti-virus software cannot find every new piece of malware doesn’t mean it doesn’t provide a security benefit for most people.
Techies who are capable of disassembling every program that comes their way to determine if it’s safe to run or not might not need anti-virus software as much as my Aunty Hilda, but boy it helps save a heck of a lot of time and effort.
And just how do you think you’ll feel when your company’s data breach is making the headlines of the newspapers, and they’re asking your CEO live on TV why your firm made the decision to ditch its anti-virus software.
Anti-virus software isn’t the complete solution, and it isn’t flawless. But it is part of the layered defence which can help protect your home and office PCs.
And there’s a reason why most companies are still protecting themselves with anti-virus software 30 years after the malware threat first emerged. No-one has come up with anything better.
If you really want to reduce your attack surface, you should be ditching the likes of Adobe Flash long long before you take the drastic step of throwing out your anti-virus software.
Further reading: The guys at independent anti-virus testing firm SE Labs have also commented on O’Callahan’s controversial blog post.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.