Re: Texas Bank Dumps Antivirus for Whitelisting

["Alex Eckelberry" <AlexE () sunbelt-software com>]

I dislike whitelisting.  Certainly practical for data entry clerks and
the like, but I suspect it becomes a royal PITA when you get into other
types of users.  Plus managing software updates, etc.

Any other thoughts out there on this technology? I'm getting a bit tired
of hearing the old "AV is dead" nonsense. 

Alex


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Richard M. Smith
Sent: Tuesday, July 15, 2008 12:37 PM
To: 'funsec'
Subject: [funsec] Texas Bank Dumps Antivirus for Whitelisting

http://www.darkreading.com/document.asp?doc_id=158750&WT.svl=news1_4

Brent Rickels, senior vice president at First National Bank of Bosque
County, had grown tired of dealing with antivirus software. He was tired
of regularly updating virus signatures, tired of hackers constantly
tweaking malware, and tired of worrying about what users had downloaded
onto their PCs. So Rickels dumped the bank's AV software for a
whitelisting product and in the process, become one of its first
commercial customers. 

First National Bank of Bosque County, which serves the Waco, Texas, area
and manages approximately $100 million in assets, had seen the volume of
spam and spyware it had to beat back increase tenfold in four years. So
when it was time for the bank to renew its Symantec AV license at the
end of 2006, the timing was right to make a change. 

"It seemed like the antivirus updates came out only after new malware
had already been released," Rickels says. Running a routine system scan
with hundreds of thousands of signatures was taking half an hour or
more. So the bank's tiny IT department of only a handful of employees
was spending more time maintaining its security software and less time
on business applications. 

The financial services firm decided to look for a different solution
that was simpler to maintain and more effective. It considered
GreenBorder, which quarantines any software downloaded via a user's
browser until someone moves it to the main system. But that option
appeared to still require a fair amount of manual intervention. 

FNB was intrigued by Lumension Security's Sanctuary Device and
Application Control systems, which offered theoretical rather than
proven benefits at the time. The tools let users run administratively
approved programs only and restricts any unknown and unauthorized
executables from springing to life. "We liked the product's basic
design; it is easier to contain a known universe than an unknown one,"
Rickels says. 

The software had other appealing features. Because user software was
restricted, there would be less administrative work, and Sanctuary
actually ran better than AV software because it was a lighter program.
And the final selling point was that the Lumension system cost about 30
percent less than the Symantec option. 
...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.