Re: What's wrong with application whitelisting?

[Russell Fulton <r.fulton () AUCKLAND AC NZ>]

As Joel says there is nothing wrong with whitelisting and we are looking at it for our labs (at least those where 
students are not doing program development) and for our administrative systems.  It is the old case of horses for 
courses.

I also agree that it is complementary to traditional AV not a substitute.

As others have pointed out whitelisting works well in static environments -- where the corporate desktop rules :)  for 
your average academic or grad student it is largely unworkable since they are forever trying out new stuff or actually 
doing development.   Needing outside intervention to install something would really interfere with legitimate activity.

I have one question about whitelisting since I have never actually worked with any of the systems:  How do they deal 
with apps written in interpretive languages?  If they just white list the interpreter then this seems like a big 
loophole -- thinking of the perl based botnets in the UNIX world...

Russell