Google engineer compared antivirus with a dead canary

Darren Bilby, a security professional at Google. Photo: Darren Pauli, The Register



Until now, many users naively think that antivirus is a mandatory attribute of any personal computer. Thanks to this misconception, antivirus software worth billions of dollars is sold in the world.



There are experts who do not agree. Among them, the leading developer of Google information security Darren Bilby (Darren Bilby). He spoke about the futility of antivirus software in the introduction to his report at the conference, where everyone present knows about the futility of antiviruses at the hacker conference Kiwicon X. That is, Darren just started a report from the well-known (in narrow circles) fact, which is not accepted to advertise for the general public.



At Google, Bilby manages the Platform Integrity security team in Sydney, which is part of the Enterprise Infrastructure Protection Group. Over the past ten years, he has performed various jobs at Google, including being the technical manager of the Global Incident Response group for responding to hacks in the corporate network, manager of the European Intrusion Detection Department, and before that, a software developer and software tester. Prior to joining Google, he specialized in information security consulting. This person knows what he is talking about.

')

Darren Bilby’s big talk is called “ Gibson Protection in the Age of Enlightenment ” and was devoted not only to the antivirus software file, but also to other useless methods of information security. This became especially obvious in 2016, when hacked mailboxes became the key topic of pre-election presidential debates, ransomware Trojans encrypt files on corporate computers, and “toasters control large parts of the Internet” (perhaps, by “toasters”, Darren means surveillance cameras, which recently zaddosili one of the largest DNS providers on the Internet ).



There are new vectors of effective attacks, as they say at conferences. Even on Youtube, you can find video tutorials on how to put the Trojan on a Windows computer, if the victim does not have the latest security updates installed. Not to mention the different methods of social engineering.



And what does the fat industry with computer security worth $ 81 billion oppose to these cyber attacks? Nothing new, all the same miserable and inefficient old tools, says Bilby. In his opinion, the sellers of such solutions simply “push magic” by hanging noodles on the ears of naive buyers. Among the deceived - and corporate clients, and ordinary users. The problem is even worse. Security professionals in companies often have to install inefficient security systems in order to comply with regulatory requirements.



It is possible that, referring to the "magic", Bilby referred to the article by James Miekens from Microsoft. He compared the situation in computer security with a binary system of this type:



Protection from the girl who climbs into your account?

Strong password



Protection from an organized criminal group that is trying to access your information?

Strong password and common sense (that is, do not click on phishing links, do not install other people's flash drives, update software, etc.)



Mossad protection?

Magic amulets?

Simulate death, escape on a submarine?

BUT MOSSAD EVERYTHING IS EQUAL TO YOU WILL FIND



That is, there is binary logic: either we simply need a strong password and common sense, or we use magic amulets.



“Please don't need any more magic,” calls a security specialist from Google. “We need to stop wasting energy on this nonsense, which obviously does not work.”



Among the ineffective "magic" Bilby calls and intrusion detection systems, and anti-virus programs. Instead, he suggests focusing on firewalls on whitelists, hardware keys and dynamic rights control systems, as in Google’s internal project BeyondCorp .



In principle, the point of view of Barren Bilby is not new. Security experts have long talk about the ineffectiveness of antiviruses. A normal user doesn’t need an antivirus, because he is smart enough not to go to questionable sites and do not open files from unverified sources, so typical ways of infection do not work for them, and these ways are the focus of antivirus attention.



Antiviruses are often useless for corporate users as well. The reason is that if someone really sets a goal to attack a company, he will check his method in advance on most anti-virus products and make sure that they do not detect threats. There is a convenient site VirusTotal , which allows you to check your malicious file with all popular antiviruses.



“Yes, the antivirus does something useful, but in reality it looks like a canary in a coal mine. Even worse. It’s like we gathered around a dead canary and said with relief: "Thank God she breathed in all the poisonous gas."