(WIP) The Case Against Anti-Virus Software
Anti-virus (AV) software is often criticized by the tech community for being poorly designed, and for frequently presenting us with false positives. This can lead to the malfunction of legitimate services and / or application features, all whilst having a measurable negative impact on system performance. In extreme cases, it’s even capable of deleting vital system components, preventing Windows from functioning correctly.
To make matters worse, prominent AV software vendors have on multiple occasions, proven that their business model primarily revolves around the gathering and re-selling personally identifiable information of its users.
In this article, we hope to clear up some misconceptions around the supposed security benefits and legitimacy of AV software, whilst explaining how it can actually damage your Windows installation and negatively impact your computing experience.
User Tracking
A joint investigation by Motherboard and PCMag, published in January of 2020, revealed leaked documents which outlined a secretive market for the sale of personally identifiable web browsing data. Its primary providers: AV software vendors like Avast.
In late 2019, it was widely publicized that Avast had been collecting and selling the entire web traffic of its 400 million users. Mozilla subsequently also removed all Avast plug-ins from its add-on store, a move other browsers, such as Opera, followed suit with shortly.
In December 2015, a similar story emerged around the anti-virus company “AVG”, in which the privacy policy of the AV software explicitly stated that personally identifiable information will be collected as part of the application's general usage. According to their policy, this collection includes, but is not limited to:
- Advertising ID associated with your device
- Browsing and search history, including metadata
- Internet service provider or mobile network you use to connect to our products
- Information regarding other applications you may have on your device and how they are used
Unstable and Malicious
As previously noted, AV software is notorious for being the primary suspected root-cause of many common issues users experience on the Windows platform; from issues with multi-player games, the malfunctioning of mundane Windows features, significant performance loss, all the way to the complete destruction of Windows installations following OS updates.
Problems with Games
Here is a (by no means, exhaustive) list of games made completely non-functional by the mere presence of an anti-virus program on the system:
Rage Multi-player: AV causes error System.ComponentModel.Win32Exception (0x80004005)
Source
Call of Duty: Infinite Warfare: AV blocks the multi-player executable, or causes a black screen on launch Source
Call of Duty: Black Ops 3: ABCD Error, the multi-player is non-functional. A recommended solution is to disable or uninstall any anti-virus software. Source
Assassin’s Creed IV: Black Flag: The game won't launch at all, the number one listed solution is to disable or uninstall any anti-virus software Source
Obsidian's Grounded: The game fails to launch, the number one listed solution is to disable or uninstall any anti-virus software Source
XCOM: Chimera Squad: The game fails to launch, the number one listed solution is to disable or uninstall any anti-virus software Source
Terraria: The game is blocked, anti-virus software detects it as a trojan: PDM:Trojan.Win32.Bazon.a
Source
Grand Theft Auto IV: The Complete Edition: AV deletes various game components from the application directory Source
This list is only a fraction of the issues AV software actively imposes on gamers and game developers, and should provide ample evidence that AV software will likely cause some sort of negative impact in your gaming experience.
Damaging Windows 10 System Components
According to Windows Central, a popular Microsoft news outlet and troubleshooting site, the number one issue incurred by people after Windows updates, relates to anti-virus software blocking or deleting vital Windows components.
Source - www.windowscentral.com
Picking an article covering issues after Windows updates from October 2020 at random, they detail:
“During the Windows 10 October 2020 Update installation using the Media Creation Tool or Update Assistant, the process may stop with error 0x8007042B 0x4000D or 0x800700B7 0x2000A.”
Their diagnosis reads:
“These errors happen because another process (usually from a third-party antivirus) in the background is interfering with the upgrade.”
Another issue details an error code 0x800F0923, which specifies a compatibility issue with a driver or app already installed on the computer.
Their diagnosis reads:
“it can also be triggered by […] third-party antivirus”
Most solutions they provide all indicate an anti-virus related issue being to blame, finally announcing half way through the article:
“Quick tip: If you're not sure the app is causing the problem, it's usually a third-party antivirus or an older piece of software.”
From personal experience, the overwhelming majority of problems relating to boot issues in Windows, specifically after an update, can be solved by booting into safe mode and if possible, uninstalling the anti-virus software, or if not, removing the software manually from the outside by deleting the relevant directories.
In a damming article by Ars Technica from 2017, they report on a publication from former Firefox developer Robert O'Callahan, slamming the use of anti-virus software and urging users to avoid it. He notes:
“When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that's how your product is … You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame.”
False Positives
As has just been detailed, many, if not all, anti-virus software report false-positive detections of supposed trojans or other potentially harmful threats at alarming rate. Besides often taking a scorched earth policy to removing these completely legitimate files, the mere detection and listing of them can give users a false sense of danger.
Relating to AME
As of release 2004, certain harmless files in an ameliorated system can be detected as threats by certain AV software. While this article strongly recommends that you avoid the use of such software altogether, we nevertheless would like to clarify that these are false positive detections.
The files in question are located at:
C:\Users\user\AppData\Local\Temp\nsmCAD9.tmp\Sibuia.dllC:\Users\user\AppData\Local\Temp\nss1A31.tmp\Sibuia.dllC:\Windows\System32\LogFiles\WMI\Diagtrack-Listener.etl.006
Both Sibuia.dll files are remnants of a silent install script we created for automatically deploying Oldnewexplorer, which otherwise requires manual intervention via GUI. These files are completely harmless and can be deleted, though their inclusion will have absolutely zero effect on the system.
Diagtrack-Listener.etl.006 is a system-related plain text log file, as indicated by its path. The file is completely harmless and will also have zero effect on the system. The related service has either been deleted or has had its functionality removed.
Performance Issues
Anti-virus software, through its constant scanning of system files and inefficient CPU utilization for a given task, has a negative, measurable and noticeable effect on system performance and responsiveness.
In a May 2020 video by popular YouTube tech channel Linus Tech Tips, they investigate the performance impact of anti-virus software on the system in myriad of performance tests. Their results indicate a negative 20-30% impact on system responsiveness, when measuring the launch speed of productivity software and other applications.
While these performance deltas seem small, when extrapolated to larger files and workloads, the differences can be tens of minutes or even hours.
Open Source Alternatives
While the issues with anti-virus software are pervasive and deeply concerning, there are undoubtedly use-cases for some sort of anti-virus protection. Luckily there are a few trustworthy open source solutions for Windows, which should be able to fill this role.
One of them is ClamWin AV, which is based on a server-side anti-virus solution for Linux simply titled ClamAV. Clamwin offers a minimal interface and gets out of your way, and integrates into the right-click context menu of Windows, allowing you to easily manually scan a directory for potential threats.