funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: "Alex Shipp \(elist\)" <elist-alex () starlabs net>
Date: Wed, 16 Jul 2008 17:08:45 +0100
-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of David Harley To be fair, the issue isn't really Word macro viruses: it's the fact that they represent a class of objects where executable code is found in places less obvious than a .EXE. A whitelisting solution that doesn't take them into account is obviously less effective.
Whitelisting is fine as part of the solution, but it is obviously not appropriate for documents. Since the majority of industrial espionage attacks (via email) involve documents which exploit some bug in the executable which processes them, some other component is needed to cover this hole. No doubt there are also many other holes, which makes me wonder if the bank has really thought this through. Alex ----------------------------------------------- Alex Shipp Imagineer _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Chris Blask (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Florian Weimer (Jul 22)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 22)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 22)
- Message not available
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Shipp (elist) (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 16)