I haven't used the fancier tools people are talking about here, but I've used Software Restrictions in XP and newer with awesome results.
There's a 150-seat private school here in Omaha that has almost *no* anti-virus software in it - the only people with AV are the ones with Software Restrictions turned off, and there are only 4 of those stations. In the last 2 or 3 years that they've been running with Software Restrictions set for default deny they've had absolutely NO virus infestations, and numerous attempts. -- Phil Brutsche [email protected] -----Original Message----- From: Stu Sjouwerman [mailto:[email protected]] Sent: Monday, November 14, 2011 1:23 PM To: NT System Admin Issues Subject: WAS: Whitelisting Pros & Cons? - Application Control - Pros & Cons OK, so I'm clarifying the subject. Whitelisting is also called Application Control. See is as an additional security layer that allows you to just ALLOW a limited amount of approved applications. It's the ultimate lockdown. Also, you could switch off your antivirus Real Time protection and only use it for removal. Anyone use this in their domain? Experience with this?? Warm regards, Stu -----Original Message----- From: Kennedy, Jim [mailto:[email protected]] Sent: Monday, November 14, 2011 1:02 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros & Cons? I am a huge fan of this tactic and I suspect the day will come when we seriously consider doing it for email and web surfing also. We were a full Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in audit mode for a few months....created the rules and whitelists and put it in deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount of malware that does not require admin rights...that hits the users profile folders. I cried when they discontinued it. I think anything that is going to work and be manageable has to be modeled after how Cisco did it. It was extremely detailed and granular yet still easy to configure. You could allow a process to hit a certain registry key when only run by a certain user on Tuesdays IF they had on blue underwear. It was that granular. -----Original Message----- From: Stu Sjouwerman [mailto:[email protected]] Sent: Monday, November 14, 2011 11:48 AM To: NT System Admin Issues Subject: RE: Whitelisting Pros & Cons? I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio "Good code" versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow "good code" and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -----Original Message----- From: Matthew W. Ross [mailto:[email protected]] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros & Cons? Are you asking about web content filtering, email filtering, or some other type of "whitelisting?" --Matt Ross Ephrata School District ----- Original Message ----- From: Stu Sjouwerman [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros & Cons? > Guys, I am writing an article for WServerNews, and would like your > public input. > > What is your experience with Whitelisting, which products you > tried/use, and what experience you are having with this, likes and hates are > all welcome !! > > Warm regards, > > Stu > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
