funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: Chris Blask <chris () blask org>
Date: Tue, 15 Jul 2008 20:15:37 -0700 (PDT)
--- On Tue, 7/15/08, Alex Eckelberry <AlexE () sunbelt-software com> wrote:
I dislike whitelisting. Certainly practical for data entry clerks and the like, but I suspect it becomes a royal PITA when you get into other types of users. Plus managing software updates, etc. Any other thoughts out there on this technology? I'm getting a bit tired of hearing the old "AV is dead" nonsense.
Hey man, The story has all the smells of a solution matching the customer needs, regardless of how effective it is or isn't. The technical merits of Symantec or anything else don't matter if it comes down to whether or not the customer can manage the solution. They have only a few IT folks, who have been spending more time being security admins than keeping the business apps up and improving, and for all that their users were shooting them in the ass by clicking "install" all day long. Personally I think that rich capabilities in the security components and flexibility in user capabilities on the desktop are both good infosec and good business. But if the customer can't manage it then all that is a debate at RSA rather than a solution for a small bank. Properly implemneted SIM (as I would define it) can give the customer enough space to use better weapons on the desktop, but that's still as rare as hen's teeth and beyond the scope of companies this size in almost all cases. I take their word that it was easier to just lock down the desktops and let the users whine, and their execs are probably less stressed since their IT folks can deliver more confidence (deservedly or not). Seems they were already living in PITA world, and at least for now have found a way out of it. -chris _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Chris Blask (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Florian Weimer (Jul 22)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 22)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 22)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 15)
- Message not available
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Shipp (elist) (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)