funsec mailing list archives

Re: Texas Bank Dumps Antivirus for Whitelisting

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 22 Jul 2008 13:57:21 -0500

Digitally signed malware is easy to spot of course. ;-)  However a whitelist
should only contain trusted vendors.  Accepting any digital signed piece of
software isn't a good idea.

Richard

-----Original Message-----
From: Alex Eckelberry [mailto:AlexE () sunbelt-software com] 
Sent: Tuesday, July 22, 2008 10:10 AM
To: Florian Weimer
Cc: Richard M. Smith; funsec
Subject: RE: [funsec] Texas Bank Dumps Antivirus for Whitelisting

* Florian Weimer:

You should insist on AuthentiCode signatures from your vendors.  
After that, you only need to maintain a list of vendors.


I've seen a fair amount of malware that is digitally signed.  I just
don't buy the AuthentiCode argument. 

Alex

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 15)
  - Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)
  - Re: Texas Bank Dumps Antivirus for Whitelisting Chris Blask (Jul 15)
  - Re: Texas Bank Dumps Antivirus for Whitelisting Florian Weimer (Jul 22)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 22)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 22)
- Message not available
  - Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 15)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Alex Shipp (elist) (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)

(Thread continues...)