.
Anyone who’s been around a computer for a while has probably been beaten over the head with the long-standing mantra to install and update their antivirus software regularly. AV software is an industry all on its own, and it’s long been seen as the safety net that keeps all our data from falling into the abyss of hackers and scammers. But a new report from a former Mozilla developer sheds a little light on things: not only is it supposedly not as important as the tech world would have us believe, in some cases it may be leaving us vulnerable rather than protecting us.
Robert O’Callahan wrote a blog post late last week and stated that those who run an up-to-date newer Windows OS have no need of any third-party AV installs, and that opting for one of those titles could actually be putting flawed software on your machine.
“At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google’s Project Zero. These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)”
O’Callahan goes on to cite a Twitter convo that highlighted a genuine problem: the people who are creating our mechanisms – like operating systems and web browsers – are actually hindered by the often-faulty code in antivirus software. When a third-party title attempts to block what it perceives as a threat, the browser developer never gets wind of it and therefore cannot strengthen the browser’s security capabilities.
The author’s recommendation? Run a Windows machine and keep its updates installed, then rely on Microsoft’s inherent security measures. You’ll be more likely to get your protection from the source rather than from what an outside company with a product-pushing agenda perceives to be harmful. That’s all well and good if you run a later Windows version or if you trust Microsoft not to meddle with your privacy, though, and that’s not something that critics of the Windows 10 forced rollout may be willing to do.
