funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Texas Bank Dumps Antivirus for Whitelisting

From: "Alex Shipp \(elist\)" <elist-alex () starlabs net>
Date: Wed, 16 Jul 2008 17:08:45 +0100
-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of David Harley

To be fair, the issue isn't really Word macro viruses: it's the fact that
they represent a class of objects where executable code is found in places
less obvious than a .EXE. A whitelisting solution that doesn't take them
into account is obviously less effective. 


Whitelisting is fine as part of the solution, but it is obviously 
not appropriate for documents. Since the majority of industrial espionage attacks
(via email) involve documents which exploit some bug in the executable 
which processes them, some other component is needed to cover this hole.

No doubt there are also many other holes, which makes me wonder if the 
bank has really thought this through.

Alex

-----------------------------------------------
Alex Shipp
Imagineer

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: