On Thu, Oct 8, 2009 at 12:48 AM, <[email protected]> wrote: > On Wed, 7 Oct 2009, Joseph Kern wrote: > >> Does anyone have experience with using application whitelisting on >> user workstations? This would be used instead of anti-virus. > > the problem with doing this _instead_ of AV is that many vunerabilities come > through 'data' files, and then go on to infect legitimate files.
*narrows eyes* are you sure about this? I thought the execution of all code had to be "vetted". This would include even errant chunks of overflows ... I thought. > so just whitelisting isn't going to be enough, you are going to also need to > do tamper detection (tripwire or equivalent) > > > you also are going to have to figure out how to deal with users wanting to > install things like browser toolbars and plugins. Users aren't allowed to anyway. So this isn't a problem. > > David Lang > >> Any help or opinions will be most welcome. I am interested in doing a >> few experiments, and comparing different products. I want to test the >> complexity and viability of using a whitelist on a single workstation >> instead of an AV product that needs updating. >> >> It seems to be hard even locating free demos of any software. I've >> been googling around a bit, but real opinions are more valuable than >> white papers. >> >> 1. What whitelisting applications have you tried? >> 2. What did you like? >> 3. What did you dislike? >> >> Thanks. >> >> -- Joseph Kern >> _______________________________________________ >> Discuss mailing list >> [email protected] >> http://lopsa.org/cgi-bin/mailman/listinfo/discuss >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> > _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
