Interesting take on AntiVirus. I hate AV software, he is right on when mentions that it hooks itself into everything on you computer making things sluggish. He even comes right out and says that AV software can even make your pc less secure as AV vendors don’t always patch their products as quickly as they should.
The problem, from the perspective of the browser makers, is that antivirus software is incredibly invasive. Antivirus, in an attempt to catch viruses before they can infect your system, forcibly hooks itself into other pieces of software on your computer, such as your browser, word processor, or even the OS kernel. O’Callahan gives one particularly egregious example: “Back when we first made sure ASLR was working for Firefox on Windows, many AV vendors broke it by injecting their own ASLR-disabled DLLs into our processes.” ASLR, or address-space layout randomisation, is one of the better protections against buffer overflow exploits.
Furthermore, because of the aforementioned knotweed-style rhizomes of antivirus programs, the AV software itself presents a very large attack surface. As in, without AV installed, a hacker might have to find a vulnerability in the browser or operating system—but if there’s AV present, the hacker can also look for a vulnerability there. This wouldn’t necessarily be a problem if AV makers made secure software, but for the most part they don’t (except for Windows Defender, because Microsoft is “generally competent,” according to O’Callahan).
