On Sun, Apr 15, 2012 at 21:50, Ken Schaefer <[email protected]> wrote: > For the SOHO end user, the vast bulk of infections are either: > a) exploits in existing applications (Acrobat Reader, Adobe Flash, Java > runtime, Internet Explorer) > b) social engineering attacks, where the user is convinced to run/install > some malware that they shouldn't. Despite code signing, users are still doing > this. > > How will whitelisting help the above type of user? I can't see how it does - > they > will always have the ability to override whatever recommendation the AV (or > protection application) provides.
Simple - they won't have to worry about "file.doc.exe" (or VBS|JS|JAR|DLL|etc) embedded in their emails, or the random executables from the various web sites either are deliberately set up, or have been subverted, to issue malware. Those are actually the larger threat, AFAICT. > For corporate users, does whitelisting help significantly? I believe it can, and should. > I'm not sure that large organisations have the necessary processes in place > to implement whitelisting. I'm sure they don't. It's a skill they have to learn, if they want to protect themselves. > Whitelisting will slow application development/deployment even more, and will > just > result in more applications like Access and Excel that provide a semi-IDE to > the > end user that allows them to develop their own code/functionality. And > resulting opportunities for code exploit. Bummer for them. Opportunity for those who can, and who can help them. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
