Google’s senior security engineer Darren Bilby has stated virus scanners are pretty much useless and that the advice users receive on safe internet use is “horrible”. This statement he made during a presentation at the Kiwicon hacking conference in Wellington, New Zealand.
During his presentation he called for “to stop investing in those things we have shown do not work”. Those things, are according to Bilby, virus scanners and intrusion detection systems. Instead he wants “security types” to focus on whitelisting, hardware security keys and dynamic access rights
Advice on safe internet use is “horrible”, he added. Telling users not to click on phishing links and to download strange executables effectively shifts blame to them and away from those who manufactured hardware and software that is not secure enough to be used online.
“Antivirus does some useful things, but in reality it is more like a canary in the coal mine. It is worse than that. It’s like we are standing around the dead canary saying ‘Thank god it inhaled all the poisonous gas’,” he said.
Referring to the 314 remote code execution holes disclosed in Adobe Flash last year alone, he compared the strategy to patch those holes to a car yard which sells vehicles that catch on fire every other week.