John Viega: "Why Anti-Virus sucks, and how to fix it"


Wednesday, October 8, 2008, 12:00pm to 1:30pm


Maxwell Dworkin 2nd Floor Lounge Area

CRCS Privacy and Security Lunch Seminar

Date: Wednesday, October 8, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 2nd Floor Lounge Area

Speaker: John Viega

Title: Why Anti-Virus sucks, and how to fix it

Abstract: Anti-virus software (AV) is found on most Windows desktops (well over 90%). Many people are amazed that it is so ubiquitous, because it is so widely reviled. Technical people will often claim that AV “doesn’t work”, and that it “causes stability problems”. And almost everyone will claim that it “slows your machine down”. While there is a lot of truth in the above statement, there are also a lot of misconceptions about how AV works, and why it fails.

In this talk, I’ll give an overview of AV technology, the challenges the industry has faced, and the solutions that the industry has been exploring to address those issues, including virtualization, herd technology, application whitelisting, and reputation systems.

Bio: John Viega is the CEO of Stonewall Software. Previously, he was Vice President, Chief Security Architect at McAfee, where he worked on technical strategy and M+A (SiteAdvisor, Onigma) and ran a large development organization that included SiteAdvisor and McAfee’s core anti-virus and anti-spyware technologies. John was also founder and CTO of Secure Software, which was acquired by Fortify. John advises several security companies, including Fortify.

John is a frequent pundit and speaker in the space. He co-author of five books on security, including Building Secure Software, the OpenSSL book, the Secure Programming Cookbook and the 19 Deadly Sins of Software Security. He has done extensive standards work in the IEEE and IETF, and co-invented GCM, a cryptographic algorithm that NIST has standardized.