During a hacking conference today, Google’s senior security engineer caused quite a hubbub due to a statement he gave.
Canary in a Coal Mine
Darren Bilby suggested that the anti-viruses are useless. He compared the anti virus software to a canary in a coal mine. The canary is used to detect if there are toxic fumes present in the coal mine or not. Darren said,
Antivirus does some useful things, but in reality, it is more like a canary in the coal mine. It is worse than that. It’s like we are standing around the dead canary saying ‘Thank god it inhaled all the poisonous gas’
Operation Aurora, 2009
He added more weight to his argument by mentioning a series of cyber attacks carried out in 2009. The attacks named ” 2009 Operation Aurora campaign” made a large number of computers vulnerable to potential cyber attacks by hackers with vested interests.
According to media reports the attacks were aimed at several big name companies including Yahoo, Symantec (The one that makes Norton antivirus), Adobe Systems, Juniper Networks and Rackspace.
Bilby said that there was no need for the “magic” through ineffective anti-viruses. He added,
We need to stop investing in those things we have shown do not work. We are giving people systems that are not safe for the internet and we are blaming the user.
Bad Advice for Internet Usage
Advice for safe internet usage is equally bad, according to Bilby. He urged the hackers present at Kiwicon to focus less on finding the right kind of anti virus which happens to be effective and instead focus more on researching better defenses against this issue, for example, whitelisting trusted applications through your firewall.
You should generally follow good advice about surfing the web safely. Avoid any download links that ask you to fill out a survey. Generally avoid links that offer you to download a pc cleaner of sorts or to clean up your pc of viruses, download games/music/movies for free etc.
As far as a regular internet user is concerned, you should always use antiviruses. While Bilby suggests that they are useless, he only cites a commercial cyber attack. Yes, antiviruses have a hard time against new viruses and offer little protection against a good hacker, they are still enough for the job in 99% of the situations.
Take this analogy for example, just because we can die from incurable diseases doesn’t mean we should stop taking medicine for the ones which are curable and can be prevented. The internet is full of such diseases (viruses) which can be defended against successfully, so why not protect yourself from those when you clearly can.