funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: Drsolly <drsollyp () drsolly com>
Date: Wed, 16 Jul 2008 23:09:12 +0100 (BST)
Yes; the Antivirus Toolkit was *never* just a scanner. It also included an integrity checker; you got both of them (and both memory-resident versions too) included in the bundle. But what everyone actually wanted was the scanner, when they wanted site licences. For a long time, I also thought they were wrong. But then I thought, maybe their priorities aren't what I thought they were, and that's when I realised that maybe they weren't wrong. On Wed, 16 Jul 2008, Alex Eckelberry wrote:
Didn't you release a whitelisting product for DOS/Win 3.1 back in the day? -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Drsolly Sent: Wednesday, July 16, 2008 4:42 AM To: Nick FitzGerald Cc: 'funsec' Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting On Wed, 16 Jul 2008, Nick FitzGerald wrote:Richard M. Smith to DrSolly (tho I didn't see Alan's response on the list):Another one who hasn't heard of Word acro viruses and similar.You're showing your age. ;-) Word macro viruses haven't been much of a problem for 6 or 7 years ever since Microsoft went to signed VBA code in Office.That's Alan's standard, ill-considered, response to any suggestion of using whitelisting (or various other integrity management-oriented products) over blacklisting (aka "conventional known virus detection enhanced, or not, with heuristics, behaviour analysis, etc, etc") since a few days after his (former) conventional AV product included proper handling of Word format files. It totally ignores that "proper" whitelisting implementations, _just like_ proper blacklisting implementations, have to know how to locate and indentify all kinds of code in all the kinds of files likely to beencountered by the system one is trying to protect._IF_ it is a carte blanche argument against whitelisting, as Alan's common use of it tends to suggest, then it is an equally damning argument against blacklisting. Assuming that we think either (or both) types of "listing" may reasonably survive despite Alan's reputedly telling blow, then whitelisting certainly faces by far the less complex _technical_ problem. Breaking down the hoary old mindset that has allowed the patently stupid blacklisting approach to initially thrive, then survive for so long, will be whitelisting's biggest challenge to broader acceptability (and likely prevent it ever becoming widely usedin the least IT-literate parts of the market such as the SOHO andindividual user segment). Nick's theory is that the reason why whitelisting isn't adopted universally, is that everyone is so stupid that they can't see what a good idea it is. My theory is that, although blacklisting isn't perfect (or, in some cases, really quite poor), it gets closer to solving the *real* problem that whiltelisting. The *real* problem is to minimise the cost of using computers in a world that includes viruses. The problem with whitelisting is only partly that "executables" are a lot more diverse than just exe files and word docs. The main problem with whitelisting, is the high cost of maintenance. Of course, a better solution is grannix :-) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Toralv_Dirro (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Toralv_Dirro (Jul 16)