funsec mailing list archives
RE: Internet security moving toward "white list"
From: "Young, Keith" <Keith.Young () montgomerycountymd gov>
Date: Wed, 19 Sep 2007 08:52:58 -0400
Internet security is headed toward a major reversal in philosophy,
where a "white list" which allows only benevolent programs to run on a computer...
Hardly a new idea of course. I've been hearing this for many years
from many vendors. And even longer from Dr. Solly, Marcus Ranum, etc....
But for home computers this just won't work. They'll never have an
adequate list and
people will insist on installing what's in front of them. And how are they going to identify programs for consumers? They could
use code
signatures, but even at the high end developers bitch and moan about
that. If they
use some sort of checksum then they need to monitor every valid build
of every program. The Ubuntu trusted software repository model, along with an enforcement application like SELinux, puts this almost within reach today. Grannyx anyone? --Keith Keith Young, Security Official Department of Technology Services Montgomery County, Maryland phone - (240) 777-2955 ________________________________ From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Wednesday, September 19, 2007 8:25 AM To: funsec () linuxbox org Subject: RE: [funsec] Internet security moving toward "white list"
Internet security is headed toward a major reversal in philosophy,
where a "white list" which allows only benevolent programs to run on a computer... Hardly a new idea of course. I've been hearing this for many years from many vendors. It's an OK idea for a business network where IT can reasonably say "you can't run anything on your computer that we don't give you to run." And where the administration can show the security software what the valid programs are for proper identification, perhaps with IT even code-signing them. But for home computers this just won't work. They'll never have an adequate list and people will insist on installing what's in front of them. And how are they going to identify programs for consumers? They could use code signatures, but even at the high end developers bitch and moan about that. If they use some sort of checksum then they need to monitor every valid build of every program. I'll believe this when I see it. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <blocked::http://security.eweek.com/> http://blogs.eweek.com/cheap_hack/ <http://blog.eweek.com/blogs/larry_seltzer/> <http://blog.ziffdavis.com/seltzer> Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Internet security moving toward "white list" Richard M. Smith (Sep 19)
- RE: Internet security moving toward "white list" Larry Seltzer (Sep 19)
- RE: Internet security moving toward "white list" Young, Keith (Sep 19)
- Re: Internet security moving toward "white list" Gadi Evron (Sep 19)
- RE: Internet security moving toward "white list" Larry Seltzer (Sep 19)
- RE: Internet security moving toward "white list" Richard M. Smith (Sep 19)
- Re: Internet security moving toward "white list" der Mouse (Sep 19)
- RE: Internet security moving toward "white list" Larry Seltzer (Sep 19)
- RE: Internet security moving toward "white list" Larry Seltzer (Sep 19)
- Re: Internet security moving toward "white list" Drsolly (Sep 19)