Re: Texas Bank Dumps Antivirus for Whitelisting

[Chris Blask <chris () blask org>]

--- On Tue, 7/15/08, Alex Eckelberry <AlexE () sunbelt-software com> wrote:
> I dislike whitelisting.  Certainly practical for data entry
> clerks and the like, but I suspect it becomes a royal PITA when you
> get into other types of users.  Plus managing software updates, etc.
>
> Any other thoughts out there on this technology? I'm
> getting a bit tired of hearing the old "AV is dead" nonsense. 

Hey man,

The story has all the smells of a solution matching the customer needs, regardless of how effective it is or isn't.  
The technical merits of Symantec or anything else don't matter if it comes down to whether or not the customer can 
manage the solution.

They have only a few IT folks, who have been spending more time being security admins than keeping the business apps up 
and improving, and for all that their users were shooting them in the ass by clicking "install" all day long.

Personally I think that rich capabilities in the security components and flexibility in user capabilities on the 
desktop are both good infosec and good business.   But if the customer can't manage it then all that is a debate at RSA 
rather than a solution for a small bank.  Properly implemneted SIM (as I would define it) can give the customer enough 
space to use better weapons on the desktop, but that's still as rare as hen's teeth and beyond the scope of companies 
this size in almost all cases.

I take their word that it was easier to just lock down the desktops and let the users whine, and their execs are 
probably less stressed since their IT folks can deliver more confidence (deservedly or not).  Seems they were already 
living in PITA world, and at least for now have found a way out of it.

-chris

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.