Re: What's wrong with application whitelisting?

[Russell Fulton <r.fulton () AUCKLAND AC NZ>]

sent via Iron port test set up.  Please report any oddities :)



On 7/04/2010, at 12:55 AM, Brad Judy wrote:

> Application “whitelisting” doesn’t have to be a long list, but it does tie into removing admin rights.  If you use 
> the native software restriction policies in Windows GPOs, you can simply allow all applications residing in 
> C:\Windows\* and C:\Program Files\*, and allow link files from anywhere (for those shortcuts on the desktop and start 
> menu).  Naturally, if you have applications running from other locations, you’d have to add those paths too.  While 
> not as tightly locked down as hashes, it should be way easier to maintain and still address the core issues *if* 
> users do not have admin rights. 

Thanks Brad -- that is much fuller explanation.  This is what we are looking at for our labs.  In particular you should 
be able to stop things from running of USB drives not only will it slow down malware it will also slow down the gamers 
and folk running p2p filesharing of their usb drives that are against policy.

Russell