Is antivirus software actually necessary? A former developer at Mozilla gives a resounding NO.
Robert O'Callahan, recently of Mozilla Firefox, has indicated in his blog that antivirus software and the vendors that peddle them are, in his words, terrible.
Invasive AV Software
Mozilla Firefox and Google Chrome both experienced how invasive an antivirus software can be. O'Callahan recalls one particular moment when he was still employed as a developer for Mozilla in which he had to make sure ASLR (address-space layout randomisation) worked for Firefox on Windows. Before they were able to get things going, a number of AV vendors injected their own ASLR-disabled DLLs into Mozilla's processes. And one after another, the AV broke the ASLR.
Nicholas Nethercote of Mozilla Firefox's MemShrink project went a step further by naming the root of all AV evil. Nethercote stressed that "McAfee is killing us", in reference to one of the first AV software created by Intel Security which was founded by John McAfee. According to Nethercote, the McAfee software was occupying a large portion of memory making it difficult for Firefox to lessen its memory footprint.
Google Chrome Also Against AV Software
It seems like O'Callahan is not alone in his belief that antivirus software is not really necessary. The chief of security of Google Chrome, Justin Schuh, is also not a fan of the antivirus software. He went on record to say that the "single biggest impediment to shipping a secure browser" is the antivirus. He also mentioned that a certain antivirus software was the reason why the sandboxing of Win32 Flash was delayed for more than a year.
To AV Or Not To AV
O'Callahan insists that AV software is not necessary and may even be bad for computers. According to ARS Technica, Google's Project Zero discovered 25 bugs in AV products from Symantec/Norton. A number of vulnerabilities have also been uncovered by Project Zero as detailed by Tavis Ormandy, one of the project's researchers.
As it stands, O'Callahan is recommending that users just update their OS and software regularly instead of relying on AV to keep computers safe.