But don't infested document files install spyware .EXE files which will later be caught by a whitelist?
In addition, Vista will block document files which use buffer overflows to do their dirty work. Richard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Shipp (elist) Sent: Wednesday, July 16, 2008 12:09 PM To: funsec@linuxbox.org Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >Behalf Of David Harley > >To be fair, the issue isn't really Word macro viruses: it's the fact that >they represent a class of objects where executable code is found in places >less obvious than a .EXE. A whitelisting solution that doesn't take them >into account is obviously less effective. Whitelisting is fine as part of the solution, but it is obviously not appropriate for documents. Since the majority of industrial espionage attacks (via email) involve documents which exploit some bug in the executable which processes them, some other component is needed to cover this hole. No doubt there are also many other holes, which makes me wonder if the bank has really thought this through. Alex ----------------------------------------------- Alex Shipp Imagineer _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
