funsec mailing list archives
RE: Internet security moving toward "white list"
From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Wed, 19 Sep 2007 09:40:50 -0400
Not sure I get the Zone Alarm connection. And another gap in the white list idea is that the code in the PDF file that causes a buffer overflow in Acrobat runs in the permitted context of Acrobat. This isn't strictly a flaw in whitelisting, but it shows that you still need a full IPS and perhaps a signature model for it. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Gadi Evron Sent: Wednesday, September 19, 2007 9:16 AM To: Richard M. Smith Cc: funsec () linuxbox org Subject: Re: [funsec] Internet security moving toward "white list" Can we say Zone Alarm? On Wed, 19 Sep 2007, Richard M. Smith wrote:
http://www.cbc.ca/news/background/tech/privacy/white-list.html Internet security is headed toward a major reversal in philosophy, where a "white list" which allows only benevolent programs to run on a
computer will replace the current "black list" system, which logs and blocks an ever-growing list of malevolent applications, internet security giant Symantec Corp. says. The number of malicious software attacks, including viruses, Trojans, worms and spam, is rising exponentially, dwarfing the number of new benevolent programs being developed, making it increasingly difficult for security firms to keep up. The solution, according to Symantec's Canadian vice-president and general manager, Michael Murphy, is to reverse how protection against such attacks is provided. Under the current system, a security firm discovers a new threat, adds it to its black-list database and updates
its customers'
anti-virus software to combat the problem. A "white list" would instead compile every known legitimate software program, including applications such as Microsoft Word and Adobe Acrobat, and add new
ones as they are developed.
Every program not on the list would simply not be allowed to be function on a computer. ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Internet security moving toward "white list" Richard M. Smith (Sep 19)
- RE: Internet security moving toward "white list" Larry Seltzer (Sep 19)
- RE: Internet security moving toward "white list" Young, Keith (Sep 19)
- Re: Internet security moving toward "white list" Gadi Evron (Sep 19)
- RE: Internet security moving toward "white list" Larry Seltzer (Sep 19)
- RE: Internet security moving toward "white list" Richard M. Smith (Sep 19)
- Re: Internet security moving toward "white list" der Mouse (Sep 19)
- RE: Internet security moving toward "white list" Larry Seltzer (Sep 19)
- RE: Internet security moving toward "white list" Larry Seltzer (Sep 19)
- Re: Internet security moving toward "white list" Drsolly (Sep 19)