Didn't you release a whitelisting product for DOS/Win 3.1 back in the day? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drsolly Sent: Wednesday, July 16, 2008 4:42 AM To: Nick FitzGerald Cc: 'funsec' Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting
On Wed, 16 Jul 2008, Nick FitzGerald wrote: > Richard M. Smith to DrSolly (tho I didn't see Alan's response on the > list): > > > > Another one who hasn't heard of Word acro viruses and similar. > > > > You're showing your age. ;-) Word macro viruses haven't been much > > of a problem for 6 or 7 years ever since Microsoft went to signed > > VBA code in Office. > > That's Alan's standard, ill-considered, response to any suggestion of > using whitelisting (or various other integrity management-oriented > products) over blacklisting (aka "conventional known virus detection > enhanced, or not, with heuristics, behaviour analysis, etc, etc") > since a few days after his (former) conventional AV product included > proper handling of Word format files. > > It totally ignores that "proper" whitelisting implementations, _just > like_ proper blacklisting implementations, have to know how to locate > and indentify all kinds of code in all the kinds of files likely to be > encountered by the system one is trying to protect. > _IF_ it is a carte blanche argument against whitelisting, as Alan's > common use of it tends to suggest, then it is an equally damning > argument against blacklisting. > > Assuming that we think either (or both) types of "listing" may > reasonably survive despite Alan's reputedly telling blow, then > whitelisting certainly faces by far the less complex _technical_ > problem. Breaking down the hoary old mindset that has allowed the > patently stupid blacklisting approach to initially thrive, then > survive for so long, will be whitelisting's biggest challenge to > broader acceptability (and likely prevent it ever becoming widely used > in the least IT-literate parts of the market such as the SOHO and individual user segment). Nick's theory is that the reason why whitelisting isn't adopted universally, is that everyone is so stupid that they can't see what a good idea it is. My theory is that, although blacklisting isn't perfect (or, in some cases, really quite poor), it gets closer to solving the *real* problem that whiltelisting. The *real* problem is to minimise the cost of using computers in a world that includes viruses. The problem with whitelisting is only partly that "executables" are a lot more diverse than just exe files and word docs. The main problem with whitelisting, is the high cost of maintenance. Of course, a better solution is grannix :-) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
