Security

Antivirus tools are a useless box-ticking exercise says Google security chap

Advocates whitelists and other tools that 'genuinely help' security

By Darren Pauli

122 SHARE

Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection to instead research more meaningful defences such as whitelisting applications.

The incident responder from Google's Sydney office, who is charged with researching very advanced attacks including the 2009 Operation Aurora campaign, decried many existing tools as ineffective "magic" that engineers are forced to install for the sake of compliance but at the expense of real security.

"Please no more magic," he told the Kiwicon hacking conference in Wellington, New Zealand today.

"We need to stop investing in those things we have shown do not work."

"And sure you are going to have to spend some time on things like intrusion detection systems because that's what the industry has decided is the plan, but allocate some time to working on things that actually genuinely help."

Bilby wants security types to focus on tools such as whitelisting, hardware security keys and dynamic access rights efforts like Google's Beyond Corp internal project.

"Antivirus does some useful things, but in reality it is more like a canary in the coal mine. It is worse than that. It's like we are standing around the dead canary saying 'Thank god it inhaled all the poisonous gas'," he said.

The Google hacker also argued that networks are not a security defence because users are so easily able to use mobile networks to upload data to cloud services, bypassing all traditional defences.

Advice on safe internet use is "horrible", he added. Telling users not to click on phishing links and to download strange executables effectively shifts blame to them and away from those who manufactured hardware and software that is not secure enough to be used online.

"We are giving people systems that are not safe for the internet and we are blaming the user."

Referring to the 314 remote code execution holes disclosed in Adobe Flash last year alone, he compared the strategy to patch those holes to a car yard which sells vehicles that catch on fire every other week. ®

Sign up to our NewsletterGet IT in your inbox daily

122 Comments

More from The Register

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

Get patching after team gets under the skin of OpenEMR

NSA boss: Trump won't pull trigger for Russia election hack retaliation

And Uncle Sam's limp-cock response means Putin will keep on meddling with our affairs

VoIP bods Fuze defuse triple whammy of portal security vulnerabilities

Researchers using the service found a bunch of flaws

Russian spies used Kaspersky AV to hack NSA staffer, swipe exploit code – new claim

Не делай из мухи слона, говорит Евгений

7 NSA hack tool wielding follow-up worm oozes onto scene: Hello, no need for any phish!

Why can't you be like a cheerful HHGTTG dolphin overlord?

Former NSA top hacker names the filthy four of nation-state hacking

DEF CON Carefully omits to mention the Land of the Free

Facebook's security boss is offski. Not to worry, it has 'embedded security' in all divisions

Alex Stamos's replacement not yet announced

NSA had NFI about opsec: 2016 audit found laughably bad security

Unlocked racks. No 2FA. No access control lists. No wonder Snowden got away with it

NSA sought data on 534 MILLION phone calls in 2017

Compared to 151 million in 2016, perhaps due to dupes rather than spy boom

Johnny Hacker hauls out NSA-crafted Server Message Block exploits, revamps 'em

Yep, vulns of WannaCry infamy. Why haven't you patched yet?