A former engineer at Mozilla has criticized third-party antivirus vendors in a blog post, and claimed that the software can "poison the software ecosystem". He asked users not to buy AV, or uninstall it if they have it already installed, and just use Microsoft's solution, Windows Defender.
He blames AV vendors for not following "standard security practices", unlike Microsoft whom he called "generally competent". He explained:
"AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security."
He also said that AV can cause breakage to other products such as browsers, which can lead people to believe that it's the latter's inefficiency. They can also block updates which could be important for users. He added:
"Several times AV software blocked Firefox updates, making it impossible for users to receive important security fixes. Major amounts of developer time are soaked up dealing with AV-induced breakage, time that could be spent making actual improvements in security."
An exchange between Chrome security engineer Justin Schuh and information security expert Dr. Vesselin is what drove O'Callahan to write the post:
For Windows 7 and below, which Microsoft asserts are not as secure as their contemporary, O'Callahan noted that "third party AV software might make you slightly less doomed." He also added that employees talking about these issues can create a PR nightmare for both the company and the employee, perhaps contributing to the rarity of public discourse on this topic.