funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Texas Bank Dumps Antivirus for Whitelisting

From: <Toralv_Dirro () McAfee com>
Date: Wed, 16 Jul 2008 07:29:00 +0100
You're showing your age. ;-)  Word macro viruses haven't been 
much of a problem for 6 or 7 years ever since Microsoft went 
to signed VBA code in Office.

However similar problems do existing with scripting code run 
by the Windows Scripting Host.  Perhaps WSH doesn't get whitelisted?


Currently the whitelisting solutions I'm aware of pretty much assume
that all evil comes with an MZ-Header.

I do regard whitelisting as a valid approach, but would hesitate to put
all my money on just whitelisting and I would definitely not go public
with such an announcement revealing details what soultion I chose. 

OTOH agreeing to a public announcement probably got them their solution
for free, so there's budget left to continue using other technology in
combination...


cheers,
Toralv






Firmensitz:     Muenchen 
Amtsgericht:     AG Muenchen 
Handelsregister:   HRB 144340 
Geschaeftsfuehrer:   Eric F. Brown, Anthony E. Ruiseal
Bankverbindung:   ABN-Amro Bank N.V. Konto 671 211 9006 
UST-ID:   DE168122444 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: