Google Security Engineer Urges Hackers To Focus Less on Anti-Virus and Intrusion Products

Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection and instead focus on more meaningful defenses such as whitelisting applications. From a report on The Register:The incident responder from Google's Sydney office, who is charged with researching very advanced attacks including the 2009 Operation Aurora campaign, decried many existing tools as ineffective "magic" that engineers are forced to install for the sake of compliance but at the expense of real security. "Please no more magic," he told the Kiwicon hacking conference in Wellington, New Zealand today. "We need to stop investing in those things we have shown do not work. And sure you are going to have to spend some time on things like intrusion detection systems because that's what the industry has decided is the plan, but allocate some time to working on things that actually genuinely help. [...] Antivirus does some useful things, but in reality it is more like a canary in the coal mine. It is worse than that. It's like we are standing around the dead canary saying 'Thank god it inhaled all the poisonous gas'," he said.

Antivirus isn't entirely useless

[penguinoid]

An antivirus may not protect against a new attack, but it sure can reduce the value of an existing exploit (thus increasing R&D costs for script kiddies while reducing their profits). Though it is rather amusing how some "antivirus" comes bundled with, or is itself, malware -- but much less amusing that it is legal.

Fake apps and "fake" news

[fustakrakich]

See the pattern? Selling a locked down machine will become much easier with just a little FUD. However a user should have the option of whitelisting, works on spam also.