I've been making this point for some time, but you would be right to think I might be biased. Jake isn't.https://twitter.com/MalwareJake/status/964919935699857410 …
-
-
Where's your "it doesn't work" based on? AV is especially good at protecting people from their own mistakes (open certain email attachments etc), which is the kind of threat security people tend to ignore. It doesn't stop every single attack, no matter what marketing may say.
-
Imagine a bank that doesn't check ID's, but they have a list of every person ever convicted of fraud and will check if the person claiming to be you is on this list. This will catch real attacks, agreed? By your logic, this system works. Is your money safe in this bank?
- 3 more replies
New conversation -
-
-
Please explain to me why *browser* vendors take security more seriously than your industry, then I'll listen to your "stab vest" analogies.

-
I'm on the record saying the AV industry needs to take attacks against (or leveraging) AV more seriously, but I think things there are some differences with browsers:
- 23 more replies
New conversation -
-
-
I think I disagree here. That it doesn't work is a problem, because it makes people believe it's ok to build systems where you can click on things and run code, because we have antivirus. It needs to be highlighted that the whole approach is wrong & we need something better.
-
I wonder what kind of alternative system you have in mind. Most malware exploits features, not bugs. It does things we want (e.g. encrypt files, do CPU-heavy computations, upload data to the cloud) in a way we don't want. Not sure what kind of system can prevent that.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.