On Mon, Aug 22, 2022 at 3:31 PM 'Gopher-Insane' via golang-nuts < golang-nuts@googlegroups.com> wrote:
> So our security team has raised a concern with Go and malware. The link > that was sent to me was > https://securityboulevard.com/2021/09/behavior-based-detection-can-stop-exotic-malware/ > . > ISTM that the argument is that the existence of Go and other languages makes the ecosystem less secure, as it makes it harder to write malware detection software. I'd respond: 1. If that's so, all a malware author would have to do is do the same thing Go does in C (or whatever) and be safe from detection 2. I don't know if the overall tradeoff is correct. It seems doubtful to me, that the benefit for security from having memory safe languages which are easy to use is smaller than the detriment from harder malware detection. In particular, as the actual benefits from malware detection are, I think, relatively small. 3. Even if all of that's the case, it doesn't seem to have an actionable takeaway. The argument only concerns unknown binaries, so it doesn't actually affect usage by a company - any such usage will produce known binaries. And Go and all these other languages won't stop existing, so you don't have any influence over whether malware authors use it and send you unknown binaries. I don't really understand the argument made here. It certainly isn't in any sense an argument "against Go". As far as I can tell, it's really only relevant to authors of malware and malware detection software as something to take into account. > I reached out to Bill Kennedy on Twitter who disagreed that Go was a > problem. Said it was worth posting here to hear people's thoughts. > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/ed1966c2-675b-4030-911b-7fa618291985n%40googlegroups.com > <https://groups.google.com/d/msgid/golang-nuts/ed1966c2-675b-4030-911b-7fa618291985n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAEkBMfFNVvvnsC96Gg67-xMOEV-56%3DB0rmAHhmAZBHxg2Y4txw%40mail.gmail.com.
