17 January 2017

Antivirus tools are not good enough, says Google’s senior security engineer

By Kavita Iyer 

Google’s senior security engineer and tech expert, Darren Bilby has told fellow hackers that the antivirus applications are actually useless and questioned the overall effectiveness of them, while speaking at the ‘Kiwicon’ hacking conference in Wellington on Thursday.

Referring tp a series of cyberattacks named ‘2009 Operation Aurora campaign’ that made several computers vulnerable to attacks, Bilby said there is no need of ‘magic’ through ineffective antivirus.

He further said, “We need to stop investing in those things we have shown do not work. Sure, you are going to have to spend some time on things like intrusion detection systems because that’s what the industry has decided is the plan, but allocate some time to working on things that actually genuinely help.

“Antivirus does some useful things, but in reality it is more like a canary in the coal mine. It is worse than that. It’s like we are standing around the dead canary saying ‘Thank god it inhaled all the poisonous gas’.”

While negative on antivirus software, Bilby urged his fellow hackers and security experts to concentrate on things such as intrusion detection systems that can make a real difference in an enterprise space and protect users even if they access malicious websites or open compromised documents.

“And sure you are going to have to spend some time on things like intrusion detection systems because that’s what the industry has decided is the plan, but allocate some time to working on things that actually genuinely help.”

Bilby told the conference that he thinks networks are not stable enough, as individuals can use mobile networks to upload data to various cloud services that are not adequately protected.

He concluded by giving advice to people in the workplace to practice safe internet was “horrible” as it shifts blame to the users themselves and away from those who manufactured hardware and software that is not secure enough to be used online.

“We are giving people systems that are not safe for the internet and we are blaming the user.”


No comments: