funsec mailing list archives
Re: standards status in the industry - opinion?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Sun, 08 Jan 2006 12:29:34 +0000
On Sat, 2006-01-07 at 23:52 -0800, Blue Boar wrote: <snip>
Whitelisting would be a huge help.
<snip> Yes it would and it's my preferred option. However, this technology already exists for the sysadmins in question, they have software restriction policies. The trouble is they just don't take the time to create a set of policies and maintain them. Most sysadmins I've asked about this say something a long the lines of: "If MS provided us signatures of all of their software and produced updated signatures when a product was updated, we might try handling the 3rd party stuff." Which makes sense. So if MS or another vendor (AV vendors have the means to do this) produced software that provided the sysadmin with white lists and they also provided a signature DB of common software, they would aid the sysadmins immensely as it would be a case of just picking the signatures to install/enable in their policies. At this point rather than asking clients why they don't use this technology I'd change my approach and strongly recommend they, giving them the "your networks going to be owned" look when they give me excuses. This isn't a new idea, anyone with a security background (AV related or not) should have come up with this the first time they thought about the virus problem, because it mirrors other ACL solutions and is a very obvious replacement to the current idiocy that is the signature DB. For the home user, like Nick says, it's a bit difficult to use this solution as they just don't have the expertise nor the willingness to use this. Also not enough vendors are willing to jump through the hoops MS would create in order to get their software on the "signed for home users list". You just have to look at the unsigned drivers that people ignore. Or the unsigned drivers that automatically click through the warning boxes for you ! -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: standards status in the industry - opinion?, (continued)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 07)
- Re: standards status in the industry - opinion? Blue Boar (Jan 07)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- Re: standards status in the industry - opinion? Drsolly (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- RE: standards status in the industry - opinion? Stephen Villano (Jan 08)
- RE: standards status in the industry - opinion? Drsolly (Jan 08)
- RE: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 08)
- Re: standards status in the industry - opinion? Valdis . Kletnieks (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 09)
- Re: standards status in the industry - opinion? James Kehl (Jan 09)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 09)
- Re: standards status in the industry - opinion? Drsolly (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re[2]: standards status in the industry - opinion? Pierre Vandevenne (Jan 07)
- Re[2]: standards status in the industry - opinion? Drsolly (Jan 07)