Great questions. On Wed, Oct 7, 2009 at 11:42 PM, <[email protected]> wrote: > At what level do you intend to limit things? > Java/Javascript can be rather deadly malware piece as well. > They also tend to be at the heart of many web applications. > How are you going to maintain the whitelist? Is it a checksum > of the binary you are running? What happens on patch-Tuesday? > What happens when your web-app needs to be centrally updated?
To be honest ... I don't know. That's why I'm trying to do a little research. :-) But these are very good questions, and I'll steal them for my testing criteria. > I don't have the answers to any of those questions either, but > the maint of a whitelist has always seemed to me to be more effort > than AV products. Add a good web filter and/or proxy and email filter > that would block all exe files, pdf's with specific inclusions, flash, > and you are probably in much better shape than you are now. > Proxy and email fliters are in-place and working. I am looking for something that will not allow anything to run except the applications that have been installed by an admin. For example: Someone brings in a USB drive, I don't want them to execute any code from it, at all. > Whitelisting apps is great if you are running a kiosk style > service. Or trying to secure sensitive data :-) >Nothing on the machine, specific apps allowed to run. > Almost like running on a live-CD and anything malware just goes poof > on a reboot. > > > Joseph Kern made the following keystrokes: > >Does anyone have experience with using application whitelisting on > >user workstations? This would be used instead of anti-virus. > > > >Any help or opinions will be most welcome. I am interested in doing a > >few experiments, and comparing different products. I want to test the > >complexity and viability of using a whitelist on a single workstation > >instead of an AV product that needs updating. > > > >It seems to be hard even locating free demos of any software. I've > >been googling around a bit, but real opinions are more valuable than > >white papers. > > > >1. What whitelisting applications have you tried? > >2. What did you like? > >3. What did you dislike? > > > >Thanks. > > > >-- Joseph Kern > >_______________________________________________ > >Discuss mailing list > >[email protected] > >http://lopsa.org/cgi-bin/mailman/listinfo/discuss > >This list provided by the League of Professional System Administrators > > http://lopsa.org/ > _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
