Antivirus software

Antivirus apps don’t work

Pro
(Image: Stockfresh)

29 November 2016

A senior security engineer at Google has told a hacker conference that traditional antivirus apps that emply intrusion detection are useless and companies should switch to meaningful methods such as whitelisting applications.

At Kiwicon X, the New Zealand equivalent of the US Black Hat conference, Darren Bilby called many existing tools ineffective “magic” that engineers are forced to install for the sake of compliance but at the expense of real security.

“Please no more magic,” he said. “We need to stop investing in those things we have shown do not work.”

“Antivirus does some useful things, but in reality it is more like a canary in the coal mine. It is worse than that. It’s like we are standing around the dead canary saying, ‘Thank God it inhaled all the poisonous gas,'” he said.

The antivirus blacklist technology, referred to as definitions by antivirus vendors, is basically a catalogue of known viruses that are used to check against unknown apps or code on the computer.

The inherent problem with that is you do not know what you do not know, so a new virus is not readily recognised against the current definitions until antivirus vendors get a sample and make a definition to detect it. Some of the better antivirus products have what are called heuristic detection, which looks for suspicious code and lets you isolate it and submit it for testing. This is how unknown or undiscovered viruses are sometimes caught.

Focus on whitelisting
Bilby wants security types to focus on tools such as whitelisting, hardware security keys and dynamic access rights efforts like Google’s Beyond Corp internal project. Whitelisting is the opposite of how antivirus apps work. It only allows apps to run from a list of approved apps. Anything else is denied execution.

Whitelisting has been around for a while, but it was not practical before ubiquitous internet connections and before cloud apps. Back in the 1990s when the shareware market was healthy, there were all kinds of obscure apps on PCs. Trying to keep a whitelist of all the shareware/freeware on places such as Tucows would have been a nightmare.

These days, though, everything is on the Web or in the cloud, and many have hardly anything except major apps such as Microsoft Office installed, so whitelisting seems at least feasible.

Bilby argued that safe internet use is a “horrible” idea, and telling users not to click on phishing links or download strange executables effectively shifts responsibility to them and away from those who manufactured hardware and software that is not secure enough to be used online.

“We are giving people systems that are not safe for the Internet, and we are blaming the user,” he said.

Not everyone might agree with that stance. This appears to be absolving the user of responsibility. Security hardware and software will not catch every phishing attack, and users need some common sense when it comes to an email from an unknown source that has a link in it. A driver must know the basics of running an automobile and how not to be a menace on the road, why should computer use be any different?

 

 

IDG News Service

Read More:


Back to Top ↑

TechCentral.ie