Re: standards status in the industry - opinion?

[Barrie Dempster <barrie () reboot-robot net>]

On Sat, 2006-01-07 at 23:52 -0800, Blue Boar wrote:
<snip>
> Whitelisting would be a huge help.
<snip>

Yes it would and it's my preferred option. However, this technology
already exists for the sysadmins in question, they have software
restriction policies. The trouble is they just don't take the time to
create a set of policies and maintain them. Most sysadmins I've asked
about this say something a long the lines of:

"If MS provided us signatures of all of their software and produced
updated signatures when a product was updated, we might try handling the
3rd party stuff."

Which makes sense. So if MS or another vendor (AV vendors have the means
to do this) produced software that provided the sysadmin with white
lists and they also provided a signature DB of common software, they
would aid the sysadmins immensely as it would be a case of just picking
the signatures to install/enable in their policies. At this point rather
than asking clients why they don't use this technology I'd change my
approach and strongly recommend they, giving them the "your networks
going to be owned" look when they give me excuses.

This isn't a new idea, anyone with a security background (AV related or
not) should have come up with this the first time they thought about the
virus problem, because it mirrors other ACL solutions and is a very
obvious replacement to the current idiocy that is the signature DB. 

For the home user, like Nick says, it's a bit difficult to use this
solution as they just don't have the expertise nor the willingness to
use this. Also not enough vendors are willing to jump through the hoops
MS would create in order to get their software on the "signed for home
users list". You just have to look at the unsigned drivers that people
ignore. Or the unsigned drivers that automatically click through the
warning boxes for you ! 
-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.