funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Wed, 16 Jul 2008 10:13:50 -0400
Didn't you release a whitelisting product for DOS/Win 3.1 back in the day? -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Drsolly Sent: Wednesday, July 16, 2008 4:42 AM To: Nick FitzGerald Cc: 'funsec' Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting On Wed, 16 Jul 2008, Nick FitzGerald wrote:
Richard M. Smith to DrSolly (tho I didn't see Alan's response on the list):Another one who hasn't heard of Word acro viruses and similar.You're showing your age. ;-) Word macro viruses haven't been much of a problem for 6 or 7 years ever since Microsoft went to signed VBA code in Office.That's Alan's standard, ill-considered, response to any suggestion of using whitelisting (or various other integrity management-oriented products) over blacklisting (aka "conventional known virus detection enhanced, or not, with heuristics, behaviour analysis, etc, etc") since a few days after his (former) conventional AV product included proper handling of Word format files. It totally ignores that "proper" whitelisting implementations, _just like_ proper blacklisting implementations, have to know how to locate and indentify all kinds of code in all the kinds of files likely to be
encountered by the system one is trying to protect.
_IF_ it is a carte blanche argument against whitelisting, as Alan's common use of it tends to suggest, then it is an equally damning argument against blacklisting. Assuming that we think either (or both) types of "listing" may reasonably survive despite Alan's reputedly telling blow, then whitelisting certainly faces by far the less complex _technical_ problem. Breaking down the hoary old mindset that has allowed the patently stupid blacklisting approach to initially thrive, then survive for so long, will be whitelisting's biggest challenge to broader acceptability (and likely prevent it ever becoming widely used
in the least IT-literate parts of the market such as the SOHO and
individual user segment). Nick's theory is that the reason why whitelisting isn't adopted universally, is that everyone is so stupid that they can't see what a good idea it is. My theory is that, although blacklisting isn't perfect (or, in some cases, really quite poor), it gets closer to solving the *real* problem that whiltelisting. The *real* problem is to minimise the cost of using computers in a world that includes viruses. The problem with whitelisting is only partly that "executables" are a lot more diverse than just exe files and word docs. The main problem with whitelisting, is the high cost of maintenance. Of course, a better solution is grannix :-) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Shipp (elist) (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)