Shostack + Friends Blog Archive


Dan Kaminsky on Sony and Anti-Virus

Read “Learning from Sony: An External Perspective” on Dan’s blog:

The incident represents much more than a black eye on the AV industry, which not only failed to manage Sony’s rootkit, but failed intentionally. The AV industry is faced with a choice. It has long been accused of being an unproductive use of system resources with an insufficient security return on investment. It can finally shed this reputation, or it can wait for the rest of the security industry to finish what Sony started. Is AV useful? The Sony incident is a distressingly strong sign that it is not.