back to article Former Mozilla dev joins chorus roasting antivirus, says 'It's poison!'

Antivirus is harmful and everyone should uninstall it, so says recently liberated ex-Mozilla developer Robert O'Callahan. The former Mozilla man worked at the browser baron for 16 years and has now joined his voice to the growing chorus of hackers pouring scorn on the utility of antivirus software. Among O'Callahan's beefs is …

      1. Anonymous Coward
        Anonymous Coward

        Default deny is the number one protection I've been using for 20 years. I highly suggest you talk to real security engineers before accepting otherwise. Least privilege is next to prevent circumventing Default Deny.

        1. Kiwi
          Windows

          Default deny is the number one protection I've been using for 20 years. I highly suggest you talk to real security engineers before accepting otherwise. Least privilege is next to prevent circumventing Default Deny.

          Vista effectively tried that with UAC. I watched a number of people click whatever button made the prompt go away quickly, without bothering to read what was there. Often it was the "yeswhateverjustpissoffletmeplaymygame" button rather than the "You know what, I've read this and I am unsure what it means so for now I will say NO and seek help/think about it in depth".

          I used to use Comodo Firewall and set it up for people, and I would spend a while going through everything on their machine to make sure everything was running OK (Commodo like Zone Alarm would whitelist programs AND things like writing to the registry, changing system files, changing their own exes and so on). Those who followed my instructions and got me on the line before clicking any "allow" prompt had a stress-free system. Those who insisted on clicking the "allow" so they could install "guaranteed safe downloaded from download.com/softonic etc free (honest! just give us your credit card info so we can verify your age!) whatever" were infected within a few days. Wasn't much I could do for them anyway, whatever security that went into place was inconvenient if it didn't let them install whatever they wanted.

          Considering one of them started downloading the Dark Knight movie a few hours after it had been announced (as in filming hadn't even started, the film company/producers/whoever had just publicised that the movie would be made) and couldn't see the logic in waiting till the movie was actually filmed first.. Well, user stupidity knows no bounds.

          Icon - I've always associated with a homeless guy sniffing a nice bottle of glue - would have more sense than some of the users I've dealt towith over the years....

  1. Potemkine Silver badge

    :unsure:

    From my experience, all the (non-tech) people I see around me without an AV on their computer have their PC infected and generally by multiple strains of viruses.

    1. Mage Silver badge

      Re: :unsure:

      All the PCs I've cleaned viruses, trojans, rootkits from DID have AV installed.

      I know people that have never used AV and never had infections.

      1. VinceH

        Re: :unsure:

        "All the PCs I've cleaned viruses, trojans, rootkits from DID have AV installed."

        Ditto...

        Except it has always been a long out of date free trial that was part of the manufacturer's default build.

      2. Anonymous Coward
        Meh

        Re: :unsure:

        All the PCs I've cleaned viruses, trojans, rootkits from DID have AV installed.

        I know people that have never used AV and never had infections.

        My granny smoked several packets of cigarettes a day before dying of a heart attack at 95, so smoking doesn't cause cancer. Anecdotal evidence is no substitute for statistical evidence.

    2. Anonymous Coward
      Anonymous Coward

      Re: :unsure:

      There is a particular type that's very hard to eradicate, too - think it's called Norton?

      1. Destroy All Monsters Silver badge

        Re: :unsure:

        Great stuff.

        Anecdotal evidence and angry blog posts do not lead to good conclusions.

        Statistics, can we have any?

        1. Destroy All Monsters Silver badge

          Re: :unsure:

          Actually got a very suspicious attachment in my e-mail, twice, pretending to be a "friendly message". Virustotal shows only "Arcabit", "Fortinet" and "NANO-Antivirus" flag it as malicious.

          Sigh!

        2. Anonymous Coward
          Anonymous Coward

          Re: :unsure:

          Sure, what kind of statistics would you like? Governments and corporations routinely make up their own statistics, so I guess we can too.

        3. Naselus

          Re: :unsure:

          "Statistics, can we have any?"

          https://chart.av-comparatives.org/chart1.php#

          Plus, the same thing every year since about 1997, with more or less similar rates each year despite a threat environment that grows exponentially each year.

          So, what we see is no AV protects against 100% of threats, but even the worst AV protects against about 95%. Microsoft (y'know, the one Mr Mozilla rates as the bestest because it doesn't interfere with his code as much) rates fairly low on the list, with a 3% full-on compromised rate (behind, well, literally all the dedicated AV vendors who he was busy slagging off). So yeah, it's not perfect, but then only a complete amateur would assume it was; heuristic AV should be deployed as part of a multi-layer security regime that also includes anti-malware scanning, spam protection, firewalls, proxies, ACLS, non-admin accounts with elevation requirements, and (if possible) a DMZ and IDS. This is hardly news, and has long been the refrain of infosec bods - 'onion security' and all that.

          See, I'd feel a lot more convinced by this argument if it had more quotes from genuine infosec specialists criticizing AV software, and less noise from non-AV developers and bug hunters complaining about how AV doesn't let them do cool things they really, really want to do. How long before Mozilla devs then starts complaining that proxy servers should be removed because they screw up SSL certificate checks? It's true, they do, but I'd still rather have my proxy in place, thanks.

          See, that's kinda the issue here, more than anything; I want Firefox to be a browser. It needs to be secure, but not so secure that it conflicts with all my dedicated security infrastructure (which it does near enough constantly). When it starts doing so, is the problem really the AV software, or is it that Mozilla has gone into full-on mission creep and is starting to muck about in areas that it has no business playing with (while slowing it's own performance down to dog-like levels compared to other browsers)?

          I'm not removing my AV solution yet, because while it may 'only' protect against 99% of threats, I'd sooner have that protection against those 99% at that layer, and trust that the other 5 or 6 layers of security in my network will deal with the rest. Firefox, on the other hand, is already gone.

          1. Charles 9

            Re: :unsure:

            "I'm not removing my AV solution yet, because while it may 'only' protect against 99% of threats, I'd sooner have that protection against those 99% at that layer, and trust that the other 5 or 6 layers of security in my network will deal with the rest. Firefox, on the other hand, is already gone."

            But what happens when a malware EXPLOITS the AV software to say create an admin-level exploit and uses it to leapfrog all the other defense layers? Is a layer of defense really worth it when it can be made into a mole?

          2. patrickstar

            Re: :unsure:

            The actual protection rate of any AV against malware at the time you actually encounter it in the real world (drive-by browser exploit for example) is close to 0%.

            What do you think malware authors do before releasing their creations: Answer: They test it against all major antivirus products. Doesn't matter if it's a signature detection or some sort of heuristic that detects it - whatever it is, they fiddle with the files until all detections are gone.

            What do you think malware authors do once it's in the wild and one or several AVs detect it? Answer: They go through the process above again.

            These are professionally operated and funded businesses, not a bunch of teenage kids who can't attend to the AV evasion work because their mom would take the computer away if they skipped school.

            While AVs admittedly have a sort of collective restraining/slowdown effect on the malware ecosystem as a whole, it's unlikely that your particular AV happens to save you in a given infection attempt.

            The exception would possibly be things delivered via mail, since there can be a significant time between a mail being sent and actually opened by the receiver, but that doesn't require some horrible attack surface running on the clients hooking into the system and applications to stop.

          3. veti Silver badge

            Re: :unsure:

            See, I'd feel a lot more convinced by this argument if it had more quotes from genuine infosec specialists criticizing AV software

            What, you mean like this, or this, or this?

            If you've been paying attention at all, you know the literature is out there. This is just a story about one guy's opinion. Take it for what it's worth, which is not much, but don't dismiss the whole subject just because this story doesn't cover the whole thing. That's like reading an article about Arctic sea ice that mentions global warming, and dismissing "global warming" because the article doesn't go on for 20 pages telling you everything there is to know about it.

          4. JCitizen
            Thumb Up

            Re: :unsure:

            @Naselus - BAZINGA!!

        4. Kiwi
          Devil

          Re: :unsure:

          Statistics, can we have any?

          One machine. Up to date proper paid Norton AV (Think it was 360 but not entirely sure). Machine was running XP but was before end of life.

          1492 infected files, over 400 (can't recall exact figure) different viruses, as detected by Kaspersky Rescue Disk. That was about 50% of the way through the scan where I decided I would first clone the drive.

          If you want real stats, just install the norton crap on your machine. Measure the time between installing to the time before you throw it through the window because it's just so unstable/slow/obviously infected you can no longer tolerate its existence.

          No security pro would ever suggest Norton. Fraudsters might though.

  2. Anonymous Coward
    Anonymous Coward

    Er, the Browser Cannot Save Us

    There's far more to life than browsers. Software nasties are delivered by many routes that have nothing to do with a browser; CD, USB, file shares, email, the lot. You name it, malware will travel via it. If you're even slightly exposed to those possible routes for infection, you need something to watch your back, even (depending on one's level of paranoia) on Macs.

    OK, so probably not Norton or McAffee, but there's plenty of sane reasonably priced AV software out there that does a reasonable job.

    The browser developers have been as guilty as everyone else in creating vulnerabilities, or placing unwarranted trust in certificate authorities right up until it's way too late. Firefox itself had nightmare memory leaks worthy of legend. Probably still does, and probably will continue to do so until they throw out all their crufty code and do it again properly, and maybe Rust will help them get it right.

    And their absurd passion for one of the worst languages in the world, Javascript, is driving down coding quality so much that there's bound to be severe repercussions somewhere or other.

    1. Charles 9

      Re: Er, the Browser Cannot Save Us

      "And their absurd passion for one of the worst languages in the world, Javascript, is driving down coding quality so much that there's bound to be severe repercussions somewhere or other."

      Except that getting rid of JavaScript would have EVEN MORE SEVERE consequences. As in users would stop using it, because many sites REQUIRE JavaScript, have no alternatives, and The Customer Is Always Right. So what do you do? Open security holes or fade into obscurity? And don't even start with education since the average user isn't capable of learning.

      1. Pascal Monett Silver badge

        Re: "getting rid of JavaScript would have EVEN MORE SEVERE consequences"

        Yeah, all those cool sites would become a lot less cool, all the tracking and data gathering would be drastically reduced, and ads wouldn't be able to infect machines any more

        Can't have that, obviously.

    2. Anonymous Coward
      Anonymous Coward

      Re: Er, the Browser Cannot Save Us

      Depending on free Anti-Malware is right up there with negative results. I always have site licenses for any security product, of which Anti-Malware is a tiny fraction. For instance toss backup into the toolbox, lots more. If this were easy, anyone could do it. The evidence is that most people cant, including IT people.

    3. Kiwi
      Paris Hilton

      Re: Er, the Browser Cannot Save Us

      Firefox itself had nightmare memory leaks worthy of legend. Probably still does,

      Hmm.. 24+29 tabs open (2 windows), most haven't actually been loaded in a while, FF v 50.1.0 on Mint 17/64bit, AdNaseum, NoScript and a couple of other general addons.

      It's only using just shy of a gig of ram. Not so much "memory leak" as "memory hogged beyond belief".

      I still prefer it for some reason. Dunno why. Laziness?

      Her memory could get filled by small amounts of trivial things as well I believe.

      [Edit - hitting submit on this post made FF jump from 937Mb to 987 mb used - yes, submitting a post to El Reg used an extra 50Megabytes!]

    4. JCitizen
      Big Brother

      Re: Er, the Browser Cannot Save Us

      Before Windows 7 came out, I put Avast on all my clients who could not afford NOD32 but ESET. I never had to hear from then again, although I did start putting subscription based MBAM on clients who may need additional protection because of what they keep on their hard drives, privacy needs, and the banking and shopping habits they require.

      I've NEVER seen a problem with Avast - and if they claimed they did, I always found out it was because of some problem they had BEFORE Avast was put on the machine - usually something not properly updated - or a trashed out registry.

  3. Anonymous Coward
    Anonymous Coward

    From the trenches...

    AV has one major advantage that keeps us installing it, even though we know it greatly increases attack surface and doesn't catch much of what it's supposed to catch. It stops us getting sacked. Imagine a post-incident enquiry by senior management, "so how did this happen? Why didn;'t the AV catch it? What's that you say -- you're such a brilliant security expert that you uninstalled our antivirus software??" Your feet wouldn't touch the ground.

    On top of that, financial auditors (who often get the job of IT security controls audits as well, GOD knows why as they mostly seem to be children who can just about install an app on their phone but know nothing about IT, let alone infosec) *always* demand / expect AV. These are not people you can reason with; they have their checkboxes and they're damn well going to check 'em. And finally, to the best of my knowledge all security management frameworks like ISO 27001, NIST SP 800/53, IASME, Cyber Essentials, etc etc always demand it.

    It's pure CYA. But you don't last long in this game unless you CYA. We have two main functions in security: (1) as a figleaf to convince auditors, customers, shareholders and the Board that we TSVS (Take Security Very Srsly), and (2) to be sacrificial goats in the event that anything properly bad happens, because who else are you going to blame for a security failure but your security team?

    "...and that's why I drink."

    On reflection, better post this as AC...

    1. Charles 9

      Re: From the trenches...

      "AV has one major advantage that keeps us installing it, even though we know it greatly increases attack surface and doesn't catch much of what it's supposed to catch. It stops us getting sacked. Imagine a post-incident enquiry by senior management, "so how did this happen? Why didn;'t the AV catch it? What's that you say -- you're such a brilliant security expert that you uninstalled our antivirus software??" Your feet wouldn't touch the ground."

      Until you find out that the AV was the means by which the company got pwned?

      1. stephanh

        Re: From the trenches...

        @Charles 9:

        "Until you find out that the AV was the means by which the company got pwned?"

        From an *ss-covering perspective, would that not be optimal? You get somebody else to blame!

        1. Charles 9

          Re: From the trenches...

          No, because YOU then get the blame for choosing such a, pardon by American, stupid moron.

    2. patrickstar

      Re: From the trenches...

      You could probably find some piece of software that could reasonably be called an "AV" but isn't utterly horrible. There are presumably some good HIPS/HIDS solutions for example. Or disable "realtime" protection on the hosts and punt that scanning to the mail server/proxy level (which can be ClamAV or whatever).

    3. tiggity Silver badge

      Re: From the trenches...

      Upvote for the Doug Stanhope reference

  4. Halfmad

    Bodyguard cards

    I remember back in the 90s having little PCI (might have even been ISA?) cards which would effectively protect the active windows partition, reboot the PC - it resets back to how it was. We used them in public library pcs and they were excellent - got a problem? Just reboot the PC - problem solved. You could even format the c drive and still reboot to fix.

    I've no doubt there are/were alternatives but it suited us great, eventually we just removed AV and scheduled the PCs to reboot nightly at closing time + 2 hours.

    1. Kiwi

      Re: Bodyguard cards

      Just reboot the PC - problem solved. You could even format the c drive and still reboot to fix.

      Just about any *nix liveCD would do that, just have the CD drive* internal to the machine so no one can change it. With a bit of spare RAM you could even load it into ram pre-boot, so loading eg the web browser from CD doesn't take a decade or so. Or netboot it from an ISO as well, don't even need the spinny bits in the machine. With a properly set up network you could even let your customers use USB/CD etc ports without worry.

      There's ways to do this with Windows XP, Vista and 7 though a harder than Linux IIRC, but once it's set up it's done, just back up your server as often as necessary** and you're set.

      *yesyesIknow, usually a DVD these days.

      **Can be once, if the content is unlikely to change significantly, just a simple clone....

      1. Yet Another Anonymous coward Silver badge

        Re: Bodyguard cards

        Have them, they are called chromebooks.

        For extra points get one with an ARM cpu - couldn't run a virus if you wanted them to.

        Running windows on a pubic web browser terminal securely is like making a fire extinguisher out of magnesium - you COULD do it safely but it's tricky and there are easier ways.

    2. JCitizen
      Childcatcher

      Re: Bodyguard cards

      Drive Vaccine used to be one of those vendors - but now they claim (XP, Vista, Win7), that they can do it better by installing on the hard drive only. I haven't had time to test it yet - but when I was in college DEEP FREEZE, by Faronics, worked just fine - their network was never compromised in the last 20 years I was watching how things were going over there.

  5. RIBrsiq
    Facepalm

    AV isn't perfect. It's supposed to be another layer in your defences, though, and not the only thing keeping the Big Bad World out.

    Arguing that AV should not be used because it doesn't solve all malware issues is like arguing one shouldn't see a doctor until they can cure all illnesses.

    Finally, imagine the PC of your typical user, please. Now ask yourself: would it really be more secure without an AV...?

    1. Charles 9

      Unless the layer becomes a LADDER? As in the AV BECOMES the means by which the malware gets in. Now layers are useless because the malware can use the AV to leapfrog everything.

    2. patrickstar

      A lot of AV would be like seeing a quack that feeds you heavy metals and various toxins followed by a good dose of radiation. Might not kill you 100% of the time - hell, might even cure the occasional disease (see mercury treatment for syphilis) - but certainly not something anyone with a solid medical background would recommend.

  6. inmypjs Silver badge

    "Antivirus is harmful and everyone should uninstall it"

    Maybe someone should have told Intel that before they paid $7.7 billion for Mcafee.

    Still could be worse, they seem to have only lost $3.5 billion in 5 years.

  7. Mahhn

    LOL

    All that useless stuff AV does, detecting malware in Email and blocking them, filtering out URLs that are serving malware, providing full disk encryption incase the laptop is stolen, Device control so people don't put infected USB sticks in the work PC, ability to pull vulnerability reports on the software that's out of date (including firefox), white and black listing software, 3rd party license management, advanced firewall rules (better than MS)

    Yeah, all that useless stuff. Maybe if software vendors didn't make exploitable software and people didn't try to steal data, but that's unlikely.

    1. patrickstar

      Re: LOL

      The inability of AVs to actually detect malware is kinda the reason we're having this discussion. That, and the huge attack surfaces they frequently introduce as well as problems they cause.

      URL filtering is included with lots of browsers.

      Full-disk encryption is included with Windows, and I would much rather trust that or Veracrypt than some random AV vendor offering.

      Device control is included with Windows.

      Firefox auto-updates pretty fine on its own. So does the OS and related applications.

      White/blacklisting software is included with Windows.

      License management is best done by something that doesn't have the downsides of AVs.

      Advanced firewall rules - not entirely sure what you want here, but if you are hoping to stop malware from phoning home, I'd be very surprised if any endpoint firewall rule, no matter how advanced, would succeed since essentially all malware simply use the normal web browser for that.

      1. JCitizen
        Holmes

        Re: LOL

        @patrickstar - white listing worked well with Vista, but I can't tell what it is doing on Windows 7 - haven't had a chance to see if Win8 thru Win10 have improved on it, or even implement it.

        So far on my Windows 7 honeypot, I haven't had an infection on a standard user account with white listing enabled though, so maybe it is working. However I always clean with CCleaner in between sessions, just to eliminate old session situations and test the new attacks.

    2. Anonymous Coward
      Anonymous Coward

      Re: LOL

      Agreed. I practiced, and frequently succeeded, in zero defect, safety-critical software engineering. We still haven't seen NAS North Island blow up in the last 26 years so we got it mostly right. Developers. and System Administrators were and remain a bane of my existence.

  8. Kev99 Silver badge

    I've been running Norton since NU5. There are two reasons I've never had a problem. One, I use this old fashioned software called "my brain". I don't click on every link I see. I don't open emails from people I don't know. And I ignore special offers from web sites I do frequent.

    Second, the few times Norton has gone apoplectic I pay attention and let it whack the "offender". It's easier than reformatting my drive. and spending a few days reinstalling Windows.

    1. Kiwi
      Trollface

      I've been running Norton since NU5.

      You forgot...

      Third, the computer is so slow and unstable that no malware has a chance to function anyway. One extra CPU instruction and the system falls over.

  9. Dr.Flay

    Seriously ?

    The given reasoning that MS AV must be good is because of the probable good quality of the company as a whole.

    Seriously ?

    No evidence given ?

    Unfortunately some crappy AV and vendors are being used as the gauge to measure against.

    Avira has never given me any problems since swapping to it, and never seems to show in the lists of vendors doing stupid things.

    Microsoft are not virus experts. Just like Symantec they bought into the AV scene and have failed to impress or progress with their AV products.

    Not 1 AV comparison site shows Defender or MSE as being any better than low-average.

    Microsoft themselves have said that their AV should be considered "Baseline".

    The baseline is not the bar you are aiming to climb to, it is the lowest you should ever fall to.

    I often have to repair people PCs that rely on only MS protection, and know that the AV I then use to fix it, would have protected it if they used it.

    MS AV does not stop people going to bad sites, and does not scan web-page content unless you use MS browsers.

    It does not even have a sandbox like all good AV, so unknown files are still allowed to run

    Yes education is the key, but it is not happening so throw that idea out unless you are actively doing something about it.

    Do you trust your Mum to retain the nerd-info you gave her enough to spot a phishing site ?

    I don't and I am glad my Mum has Avira keeping her virus-free for the past 5 years (and yes I regularly scan with a standalone).

    I am now trialling an AV that also notifies about, and blocks keylogging and webcam activation.

    Which part of MS security does that ?

    People need to stop comparing how geeks protect themselves, to the needs of the majority users who cannot be bothered with white-lists or regular audits.

    They want a MacOS style world where you push a button and it works.

    You can teach them to be secure, but it will not last.

    AV are never going to be the perfect solution, but as the rate of viri and hacks continues to rise, the sheer stupidity of advising people ditch good AV and rely on only "Baseline" is an act of criminal insanity.

    Good tech support means you have tested the options and give evidence based recommendations.

    Just because VW did some stupid things with their tests, does that mean all other car makers are as crap and guilty ?

    Whould you recommend people stop using seat-belts in all cars, if only some car makers had faulty seat-belts ?

    1. Naselus

      "Microsoft themselves have said that their AV should be considered "Baseline"."

      Very much this; MS are pretty clear that they aren't an AV company and that their various security products are there as 'better than nothing' only. MSE was actually extremely good when it was first released (so good that some malware families actually checked if MSE was installed and didn't deploy if it was), but everyone (MS included) was amazed by that, and it very, very quickly fell down the rankings.

      It's fairly clear that O'Callahan's objections aren't particularly based on whether the AV stops viruses (because who would measure how good an AV product is based on a silly metric like how many threats it detects and stops), but rather by whether it prevents his own code from doing clever stuff that most programs don't. But that's the entire point of AV software. Sure, that's really annoying for developers, but it's exactly the reason most people are installing AV in the first place.

      Besides, while removing AV might be better for the 7.5% of people who use Firefox, what about the other 92.5% on browsers with a different (and less secure) feature set?

      1. patrickstar

        All AVs have a 0% detection rate for any fresh malware you are gonna encounter. Or what, didn't you think malware authors check their goods against all common AVs? There are even automated cloudy services for this - you submit a file via a API and get back a response.

        The best you can hope for is your particular AV happening to pick up a specific variant in the timeframe before the malware authors have pushed out new files.

        Basically the whole "traditional AV" model was built in the days of viruses spread via floppies and the occasional BBS download. "New strain of malware" meant "one or a few variants", spreading slowly from computer to computer. AVs had time to add detections for it long before it reached a substantial amount of users. And it was all done basically for the hell of it.

        Now malware is a 100% commercial business. You literally have organizations much like companies, with employees doing nothing but developing malware and evading AVs. And their newest variants literally reach the entire world in an instant.

        This evasion, frequently a semi-automatic process, starts as soon as a single AV detects it. Chances are very high that this particular one is not whatever you happen to be running. So in most cases, even _before_ your AV has added a signature it's already obsolete and won't offer any protection.

        As for MSE, it has never had a great total detection rate if you feed it a collection of random malware samples of various ages. However, it's often been the first one to detect something new.

        Several of the commercial AVs have very low detection rates by BOTH these measures - some very close to zero for things plucked from the real world (regardless of their Virus Bulletin AV industry circle-jerk back-scratching scores).

      2. patrickstar

        Read what he writes again. This "clever stuff" he's trying to do is using officially suipported and fully documented mechanisms in the OS to enhance security. The AV software is breaking his use of these mechanisms because it's buggy, not because it would somehow improve security. I am very sure the reason people is installing AV software isn't so that say a Flash exploit can compromise the entire system (that's what the 'delayed Win32k Flash lockdown' mentioned in the earlier discussion with the Google/Chrome guys essentially means, for example).

        As to the 92.5% of people not using Firefox - all the major browsers are reasonably similar security-wise these days. And AVs are hurting all of them. Note that this is a Firefox developer picking up a discussion from a Chrome developer.

    2. patrickstar

      Guess what the authors of keylogging and webcam spying tools will have them do as soon as that software gets any market share, if they haven't already? Answer: Bypassing it.

      The only way that kind of software can possibly work is if it's not available to the attacker beforehand.

      Besides, neither is much of a concern unless you are expecting targeted attacks. And webcam spying is easy to protect against in a way that can't be bypassed - piece of tape, or a shutter if you need to use it sometimes (Trend Micro actually has branded ones as giveaways - certainly much better and more effective than their AV software)

      And for keylogging, well, you are much better off scrapping passwords for anything important.

    3. Kiwi
      Unhappy

      Avira has never given me any problems since swapping to it, and never seems to show in the lists of vendors doing stupid things.

      Avira was my free AV of choice for a long while. Then a known good clean file kept getting flagged as infected by it, and no matter what I did (copy from backup, recompile from source code, tell Avira it was OK over and over, send a copy to Avira along with source code and compiler version so they could check themselves (they never replied or even acknowledged receipt). It got too annoying trying to run stuff that I knew full well was clean so I swapped out for BitDefender this time round.

      And yes, I know the file is fine. It has been checked against several other competing AV products and some online scanners as well (eg Trend Micro's "housecall"), Avira was the only one that insisted it contained a trojan (generic.win32 or something) and ignored any "this is safe ignore it in future" options. I do still have Avira on a couple of my VM's that don't need this specific file.

    4. JCitizen
      Windows

      Avira??

      Meh! Too slow on the draw - It once let a friend of mine get cracked because it wasn't fast enough, despite the fact that it recognized the batch file as suspicious. I haven't trusted it since.

      Too many reports about false positives too!

  10. steve 124

    Sorry, I have trouble detecting sarcasm...

    Surely the bunch of you jest in your comments. AV is crap? Seriously?

    This single line from the article made me laugh so loudly my staff had to ask what I was reading... "He says Redmond's antivirus is okay since it is built by the company's "generally competent" developers who follow good security practice."

    Microsoft is leading the fight against malware? Really? Cause, I've really never ran into any problems surfing the web on my Linux box but every time I've encountered a virus on a box (personally and professionally) it's been because M$ had some broken "feature" that was being exploited (except the java script and flash player induced comas).

    I've been using Webroot for a few years now professionally and at home and I'm not sure if it's being missed in these "evaluations" or not but I haven't had a problem since I installed it. Our last solution at work was McAfee and it was just terrible. I was using ESET and Norton at home but ESET stopped catching stuff late in 2006 and Norton just bloated so badly after 2001 that it was worse than having an actual virus. Maybe you guys are just not looking hard enough for a good AV because aside from WR there's a couple of others taking this cloud definition / hueristic behavioral approach and it's pretty spot on. From what I can tell, new variants hit a few users when they come out but then they are identified, hashed and added to the global definitions so the rest of us are immune.

    I know this guy worked for Mozilla for quite some time, but I doubt from this article how much of an expert in security a/v he is. I know the catch 22 here is that anyone who IS an expert in A/V typically works for an A/V company and so you can't trust their opinion as to whether it's rubbish or not, but my experience does not jive with what this guy is selling (or at least not buying).

    I think recommending anyone turn off or disable A/V is a really bad idea and a little irresponsible of whoever is saying that.

    Just my 2 cents.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like