Not sure I get the Zone Alarm connection. And another gap in the white list idea is that the code in the PDF file that causes a buffer overflow in Acrobat runs in the permitted context of Acrobat. This isn't strictly a flaw in whitelisting, but it shows that you still need a full IPS and perhaps a signature model for it.
Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gadi Evron Sent: Wednesday, September 19, 2007 9:16 AM To: Richard M. Smith Cc: [email protected] Subject: Re: [funsec] Internet security moving toward "white list" Can we say Zone Alarm? On Wed, 19 Sep 2007, Richard M. Smith wrote: > http://www.cbc.ca/news/background/tech/privacy/white-list.html > > Internet security is headed toward a major reversal in philosophy, > where a "white list" which allows only benevolent programs to run on a > computer will replace the current "black list" system, which logs and > blocks an ever-growing list of malevolent applications, internet > security giant Symantec Corp. says. > > The number of malicious software attacks, including viruses, Trojans, > worms and spam, is rising exponentially, dwarfing the number of new > benevolent programs being developed, making it increasingly difficult > for security firms to keep up. > > The solution, according to Symantec's Canadian vice-president and > general manager, Michael Murphy, is to reverse how protection against > such attacks is provided. Under the current system, a security firm > discovers a new threat, adds it to its black-list database and updates its customers' > anti-virus software to combat the problem. A "white list" would > instead compile every known legitimate software program, including > applications such as Microsoft Word and Adobe Acrobat, and add new ones as they are developed. > Every program not on the list would simply not be allowed to be > function on a computer. > > ... > > > > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
