What luck do the rest of us have?


Delete your antivirus, says ex-Firefox developer — who claims it’s worthless.

Ex-Mozilla developer Robert O’Callahan has gone so far as to say that anyone running the latest version of Windows 10 should delete it, as it risks creating more vulnerabilities than it protects against.

Ex top Mozilla dev to Windows users: Ditch all antivirus except Microsoft's Defender.

O'Callahan, a Mozilla veteran who departed the non-profit last year, says there's little evidence non-Microsoft AV improves PC security, while recent bugs discovered by Google's Project Zero team show that many widely-used AV products create a greater surface for attackers to exploit.

However, more researchers are prodding antivirus software, in part because its processes run with high privileges, but also because product features can undermine browser security features.

One reason such products can create risks, according to O'Callahan, is that antivirus vendors don't follow standard security practices and sometimes break browser code designed to protect users from exploits, such as when Mozilla introduced Address Space Layout Randomization for Firefox on Windows.

"Many AV vendors broke it by injecting their own ASLR-disabled DLLs into our processes," O'Callahan said.

Experts’ and non-experts’ top 5 security practices.

More broadly, our findings highlight fundamental misunderstandings about basic online security practices. Software updates, for example, are the seatbelts of online security; they make you safer, period. And yet, many non-experts not only overlook these as a best practice, but also mistakenly worry that software updates are a security risk.