*>>I don’t understand how you can have an exploit in a data file resulting in anything else but code execution. *
Exactly. We've had epic battles about this very point on more than one occasion, however, so... * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Mon, Apr 16, 2012 at 10:19 AM, Alex Eckelberry <[email protected]>wrote: > >But, if we ever get to a world where whitelisting is the predominant**** > > >means of execution control, the bad guys will, out of necessity, be**** > > >relegated to exploiting flaws in applications through data files.**** > > ** ** > > I don’t understand how you can have an exploit in a data file resulting in > anything else but code execution. Data itself is harmless; it’s the > executables that cause harm. **** > > ** ** > > There will always be code executed, in some form or another (unless I’m > misunderstanding your point). **** > > ** ** > > Alex**** > > ** ** > > ** ** > > ** ** > > *From:* Crawford, Scott [mailto:[email protected]] > *Sent:* Monday, April 16, 2012 12:25 AM > > *To:* NT System Admin Issues > *Subject:* RE: Whitelisting**** > > ** ** > > Possibly...even probably. But, if we ever get to a world where > whitelisting is the predominant means of execution control, the bad guys > will, out of necessity, be relegated to exploiting flaws in applications > through data files. A scanner that looks for signatures of exploits in > files will be a useful tool. Assuming of course, all applications aren't > secure. > > > Sent from my Windows Phone**** > > ------------------------------ > > *From: *Andrew S. Baker > *Sent: *4/15/2012 1:08 PM > > *To: *NT System Admin Issues > *Subject: *Re: Whitelisting**** > > You can't. :) > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > > **** > > On Sat, Apr 14, 2012 at 1:24 PM, Rankin, James R <[email protected]> > wrote:**** > > How do you blacklist all possible bad data files?**** > > ------Original Message------ > From: Crawford, Scott > To: NT System Admin Issues**** > > ReplyTo: NT System Admin Issues > Subject: RE: Whitelisting > > Sent: 14 Apr 2012 18:02 > > A combination is needed. Whitelisting for traditional executable code and > blacklisting for data files that exploit vulnerable white listed > applications. > > -----Original Message----- > From: Alex Eckelberry [mailto:[email protected]] > Sent: Saturday, April 14, 2012 10:10 AM > To: NT System Admin Issues > Subject: Whitelisting > > I'm curious, what's the general feeling about about whitelisting? As a > former AV guy, I tend to prefer blacklisting, but I'm seeing signs things > might be changing. > > Thoughts?**** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
