RE: Internet security moving toward "white list"

["Richard M. Smith" <rms () computerbytesman com>]

An important part of the solution to buffer overflows is for folks to ditch
the C and C++ program languages.

Too bad the designers of the C language never thought about building a safe
string data type into the language in the first place.  A safe string data
type could have also been added natively to the language 20 years ago when
the problem of string buffer overflows was recognized.

Richard 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Larry Seltzer
Sent: Wednesday, September 19, 2007 9:41 AM
To: funsec () linuxbox org
Subject: RE: [funsec] Internet security moving toward "white list"

Not sure I get the Zone Alarm connection. 

And another gap in the white list idea is that the code in the PDF file that
causes a buffer overflow in Acrobat runs in the permitted context of
Acrobat. This isn't strictly a flaw in whitelisting, but it shows that you
still need a full IPS and perhaps a signature model for it.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Gadi Evron
Sent: Wednesday, September 19, 2007 9:16 AM
To: Richard M. Smith
Cc: funsec () linuxbox org
Subject: Re: [funsec] Internet security moving toward "white list"

Can we say Zone Alarm?

On Wed, 19 Sep 2007, Richard M. Smith wrote:

> http://www.cbc.ca/news/background/tech/privacy/white-list.html
>
> Internet security is headed toward a major reversal in philosophy, 
> where a "white list" which allows only benevolent programs to run on a

> computer will replace the current "black list" system, which logs and 
> blocks an ever-growing list of malevolent applications, internet 
> security giant Symantec Corp. says.
>
> The number of malicious software attacks, including viruses, Trojans, 
> worms and spam, is rising exponentially, dwarfing the number of new 
> benevolent programs being developed, making it increasingly difficult 
> for security firms to keep up.
>
> The solution, according to Symantec's Canadian vice-president and 
> general manager, Michael Murphy, is to reverse how protection against 
> such attacks is provided. Under the current system, a security firm 
> discovers a new threat, adds it to its black-list database and updates
its customers'
> anti-virus software to combat the problem. A "white list" would 
> instead compile every known legitimate software program, including 
> applications such as Microsoft Word and Adobe Acrobat, and add new
ones as they are developed.
> Every program not on the list would simply not be allowed to be 
> function on a computer.
>
> ...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.