Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Security Engineer Urges Hackers To Focus Less on Anti-Virus and Intrusion Products (theregister.co.uk)

Posted by msmash on from the controversial-things dept.

Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection and instead focus on more meaningful defenses such as whitelisting applications. From a report on The Register:The incident responder from Google's Sydney office, who is charged with researching very advanced attacks including the 2009 Operation Aurora campaign, decried many existing tools as ineffective "magic" that engineers are forced to install for the sake of compliance but at the expense of real security. "Please no more magic," he told the Kiwicon hacking conference in Wellington, New Zealand today. "We need to stop investing in those things we have shown do not work. And sure you are going to have to spend some time on things like intrusion detection systems because that's what the industry has decided is the plan, but allocate some time to working on things that actually genuinely help. [...] Antivirus does some useful things, but in reality it is more like a canary in the coal mine. It is worse than that. It's like we are standing around the dead canary saying 'Thank god it inhaled all the poisonous gas'," he said.

12 of 54 comments (clear)

  1. Antivirus isn't entirely useless by penguinoid · · Score: 4, Interesting

    An antivirus may not protect against a new attack, but it sure can reduce the value of an existing exploit (thus increasing R&D costs for script kiddies while reducing their profits). Though it is rather amusing how some "antivirus" comes bundled with, or is itself, malware -- but much less amusing that it is legal.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  2. Re:I'm an actual Google Security Engineer by Pseudonymous+Powers · · Score: 5, Funny

    Fuck this guy.

    Back off. I'm an actual Google Pornography Engineer, and I say when to fuck this guy.

  3. Whitelisting renders your computer useless... by Dr_Barnowl · · Score: 4, Insightful

    Well, as a computer, that is. The great strength of a general purpose computer is just that - it can do anything.

    Once you have a whitelisting "solution" on it, it can only do what the IT Dept. explicitly approves of, which now means that it's about as useful as an iPhone - only files that have been explicitly whitelisted are allowed to be executed.

    A whitelisting client that actually locks things down properly won't even allow you to use the shell, well, it won't allow you to run .BAT files. Running the individual commands may still be allowed!

    It might provide security, but at the cost of stifling the ability of "power users" (ie - programmers of limited ability - or indeed, any ability).

    My last job installed one on the developer's computers... and gave us the permissions to override it. Pressing "OK" after every single build to be allowed to run it was... special.

    1. Re:Whitelisting renders your computer useless... by Dr_Barnowl · · Score: 2

      It also stifles the ability of your organization to change it's software - our IT department demanded a £5,000 fee for every program to be whitelisted so it could go through a security audit!

    2. Re:Whitelisting renders your computer useless... by RonVNX · · Score: 3, Insightful

      And it creates a security risk because it means you trust those apps no matter what they turn out to be doing.

  4. Easier said than done by Junta · · Score: 5, Insightful

    Advice on safe internet use is "horrible", he added. Telling users not to click on phishing links and to download strange executables effectively shifts blame to them and away from those who manufactured hardware and software that is not secure enough to be used online.

    The alternative is horribly locked down appliances that can't do what the user asks it to do. It means distrusting the owner of the device. There are scenarios where that can make sense where the role of the device is very well defined (ATMs, Point of Sale equipment, etc), but personal computers are by their very nature empower their users to do things the vendor would not have necessarily conceived of.

    I agree that anti virus measures are not that good, but it just means that user education is all the *more* important, unless you don't want to let the users do anything or you don't have any users doing creative technical work.

    --
    XML is like violence. If it doesn't solve the problem, use more.
    1. Re:Easier said than done by 110010001000 · · Score: 3, Funny

      "unless you don't want to let the users do anything"

      All Google wants is for you to consume content so they can get you to view ads. They don't care about empowering users.

    2. Re:Easier said than done by Junta · · Score: 2

      As I said, "There are scenarios where that can make sense where the role of the device is very well defined (ATMs, Point of Sale equipment, etc)", which would include the IoT category. Note that no one is suggesting deploying antivirus onto those platforms, it would be a ridiculous concept.

      Anti virus only makes sense on platforms that are open ended. To the extent you have more special purpose applications (document editors), then yes, the vendor should be held accountable for lazily allowing things that never made sense.

      But for a general purpose computing device (personal desktops), at some point the user is going to make a decision to run or not run an application. The user needs to be educated to make the right call. If you say you shouldn't be in a situation where the users call could *possibly* be wrong, that means you aren't allowing the user to run applications they want.

      --
      XML is like violence. If it doesn't solve the problem, use more.
  5. Dangerous by 110010001000 · · Score: 3, Funny

    What Google means is "only allow Google Approved" software to run on your locked down device. That is what "whitelisting" means. Meanwhile Android is the biggest malware laden piece of shit on the planet when it gets deployed to real devices and Googles Ad network is a vector for drive by exploits. So fuck you Google.

  6. Fake apps and "fake" news by fustakrakich · · Score: 4, Interesting

    See the pattern? Selling a locked down machine will become much easier with just a little FUD. However a user should have the option of whitelisting, works on spam also.

    --
    “He’s not deformed, he’s just drunk!”
  7. Re:wow, talk about tone-deaf by 110010001000 · · Score: 2, Funny

    I agree...that does look pretty racist. All those lawn jockeys are white. Where is the diversity?

  8. We need a new law by RandomSurfer314 · · Score: 2

    There should be a law that states that any computer ("PC", "laptop") needs to be fully configurable by the end user by default. Every aspect of it needs to be controllable by the end user, network settings, which applications can run, which operating system can be installed, which BIOS or EFIS can be flashed, etc. If that's not the case, then the company should be forced to put a huge red warning sticker on it that clearly states "NOT A GENERAL COMPUTING DEVICE".