Mozilla contemplates nuking McAfee

The makers of Firefox say that a popular McAfee security add-on is causing enormous performance problems. Now Mozilla is strongly considering forcibly blocking it.

The SiteAdvisor add-on for Firefox evaluates search results to let you know how safe a site is to visit before you go there, but one Mozilla engineer says that it drags down Firefox and causes huge memory leaks.

(Update: McAfee announced a fix for later next week, and Mozilla acknowledged it. See below.)

It's just the kind of problem that Mozilla doesn't want to be dealing with as it finds itself knee-deep in an ambitious development plan and surrounded by ever-tougher competition.

Mozilla engineer Nicholas Nethercote wrote a blog post early today in which he recommended that Firefox users disable the add-on immediately. He also wrote that Mozilla ought to actively block it until Intel, McAfee's owner, fixes the problem.

McAfee's SiteAdvisor became a popular add-on around five years ago because of its search result ratings and malicious site blocking. It's not the only one to do so, but it has a higher profile in this instance than others because of its longevity and the fact that memory-chip maker Intel now owns McAfee.

Nethercote found SiteAdvisor 3.4.1 to leak memory from every content compartment created and never reclaim it. That means that when you close an open tab, the memory that open tab had been using never gets freed up. The end result? It can cause enormous performance problems that people are likely to blame on the browser.

As Nethercote and the commenters on his blog reveal, there's strong sentiment for blocking the add-on outright until it gets fixed. In his initial post from yesterday, he noted that 75 percent of Firefox add-ons aren't officially approved, meaning that they're not available from the Mozilla Add-on Site.

Program reputation and officially-sanctioned software catalogs are getting popularized, thanks in large part to the security successes of Apple's iTunes App Store. It's extremely unlikely that Mozilla would ever go the route of such a restricted walled-off garden, but now that Apple has ported the concept to its upcoming Gatekeeper system, don't be surprised to find other software distribution networks and marketplaces taking a similar tack.

A McAfee representative provided the following statement:

McAfee is aware of a memory leak associated with SiteAdvisor 3.4.1 affecting some Firefox 10 users, resulting in a potentially slower than normal browsing experience. No data is at risk. The issue has been isolated and resolved, and fix deployment is targeted for the middle of next week.

And a Mozilla representative soon followed with a statement of its own:

We recently discovered a memory leak with McAfee SiteAdvisor, notified McAfee of the problem and they quickly responded to fix the problem for their next release.

Updated at 2:25 p.m. PT: Added Mozilla statement.

Updated at 2:19 p.m. PT: Added McAfee statement.