Dailydave mailing list archives
Re: Hacking: As American as Apple Cider
From: Nick Drage <nickd () metastasis org uk>
Date: Wed, 14 Sep 2005 12:02:18 +0100
On Fri, Sep 09, 2005 at 06:15:25PM -0400, Kyle Quest wrote:
First of all, systems would be impractical and unusable. If you have an OS module or an AV that blocked everything that's not known to be good what would happen a person bought a software that the AV or the OS module didn't know about? It wouldn't work, right. It's not very likely that users would put up with that. Even if we look at the application white listing techniques used by the current host security software, what's the story? Well, we have an average user who gets this pop up asking if he/she wants to allow application xyz to run. In over 99% of the time the user says yes...
But you would hope that even that most inexperienced user can spot the different between software-i-just-installed.exe and never-heard-of-it.exe. Its not a perfect solution, but it helps.
It's somewhat similar if we look at network based security mechanisms. There are times when white listing works, but there are many times when it doesn't. Let's say you have a service provider that has who knows how many customers. Do you think they'd be able to get information about every single web, ftp, etc server to create a "Default Deny" policy? The task would be slightly easier if there was no dynamically generated content, but what if there was?
Whitelisting is not a perfect solution, but it helps ;) If the situation is unworkable, such as the one you've invented, then whitelisting isn't the solution. However in a lot of cases it can make a huge difference between being woken up at three in the morning for fifteen minutes to confirm to the customer that yes, the new worm is blocked by default, and staying up for a good few hours gathering information on how this week's problem works so the correct rules can be put in place. -- When the pin is pulled, Mr. Grenade is not our friend.
Current thread:
- Hacking: As American as Apple Cider Dave Aitel (Sep 09)
- RE: Hacking: As American as Apple Cider Paul Melson (Sep 09)
- Re: Hacking: As American as Apple Cider Isaac Dawson (Sep 09)
- <Possible follow-ups>
- RE: Hacking: As American as Apple Cider Kyle Quest (Sep 09)
- Re: Hacking: As American as Apple Cider Nick Drage (Sep 14)
- RE: Hacking: As American as Apple Cider Fergie (Paul Ferguson) (Sep 09)
- Re: Hacking: As American as Apple Cider Nate McFeters (Sep 09)
- RE: Hacking: As American as Apple Cider Kyle Quest (Sep 09)
- Re: Hacking: As American as Apple Cider Marcus J. Ranum (Sep 09)
- Re: Re: Hacking: As American as Apple Cider Dinis Cruz (Sep 11)
- Re: Re: Hacking: As American as Apple Cider Gadi Evron (Sep 11)
- Re: Re: Hacking: As American as Apple Cider Dustin D. Trammell (Sep 13)
- Re: Re: Hacking: As American as Apple Cider Barrie Dempster (Sep 14)
- Re: Re: Hacking: As American as Apple Cider Dinis Cruz (Sep 11)
- RE: Re: Hacking: As American as Apple Cider Kyle Quest (Sep 09)
- Re: Hacking: As American as Apple Cider Hackling, Matthew (AU - Melbourne) (Sep 11)
- RE: Hacking: As American as Apple Cider Paul Melson (Sep 09)