Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What's wrong with application whitelisting?

From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Mon, 5 Apr 2010 13:40:41 -0500
We're doing an early-stage POC with a whitelisting application.  

As to why there isn't a lot of uptake so far, I think that all of the "don't let users run as admin" discussion points 
apply, and there's probably more as well.

Also, it's not terribly cheap, and there's a fairly tight competition for the dollars that get multiplied out by 
largish user populations.

Plus, whitelisting may be very nice for institutionally-managed machines, but in HE we have a *lot* of 
non-institutionally-managed machines, so there may be a lot of folks looking at controls that apply across managed and 
unmanaged systems.

Others?

   -jml


"Watkins, Lewis" <LWATKINS () UTSYSTEM EDU> 2010-04-05 13:22 >>>

Colleagues,  Please help me understand something, that I have been trying to make sense of for awhile and just don't 
get.   What's wrong with "application whitelisting"?   As best I can tell, application whitelisting has very low 
penetration in higher education, and I simply do not understand this.   There must be issues and dynamics of which I am 
unaware to explain this.  

 [ snip ]_____________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: