Google Security Engineer Urges Hackers To Focus Less on Anti-Virus and Intrusion Products

Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection and instead focus on more meaningful defenses such as whitelisting applications. From a report on The Register:The incident responder from Google's Sydney office, who is charged with researching very advanced attacks including the 2009 Operation Aurora campaign, decried many existing tools as ineffective "magic" that engineers are forced to install for the sake of compliance but at the expense of real security. "Please no more magic," he told the Kiwicon hacking conference in Wellington, New Zealand today. "We need to stop investing in those things we have shown do not work. And sure you are going to have to spend some time on things like intrusion detection systems because that's what the industry has decided is the plan, but allocate some time to working on things that actually genuinely help. [...] Antivirus does some useful things, but in reality it is more like a canary in the coal mine. It is worse than that. It's like we are standing around the dead canary saying 'Thank god it inhaled all the poisonous gas'," he said.

Re:I'm an actual Google Security Engineer

[Pseudonymous+Powers]

Fuck this guy.

Back off. I'm an actual Google Pornography Engineer, and I say when to fuck this guy.

Easier said than done

[Junta]

Advice on safe internet use is "horrible", he added. Telling users not to click on phishing links and to download strange executables effectively shifts blame to them and away from those who manufactured hardware and software that is not secure enough to be used online.

The alternative is horribly locked down appliances that can't do what the user asks it to do. It means distrusting the owner of the device. There are scenarios where that can make sense where the role of the device is very well defined (ATMs, Point of Sale equipment, etc), but personal computers are by their very nature empower their users to do things the vendor would not have necessarily conceived of.

I agree that anti virus measures are not that good, but it just means that user education is all the *more* important, unless you don't want to let the users do anything or you don't have any users doing creative technical work.