Just as network anomaly detection devices don't eliminate the use of signatures, whitelisting solutions can still make use of several mechanisms for avoiding bad stuff.
It is the complete RELIANCE on signatures that is troublesome. Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of viable alternatives at the moment... *ASB *(My Bio via About.Me <http://about.me/Andrew.S.Baker/bio>) *Exploiting Technology for Business Advantage...* * * On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott <[email protected]>wrote: > Unless you’re going to white-list every doc/jpg/pdf/mp3 you’re going to > open, that’s not a panacea either. Documents = 1’s and 0’s = code. The only > difference is what layer its executed at. Assume you white-list > AdobeReader.exe. The next time a flaw is found that is exploited through a > malformed PDF, it will march right through your white-list. > > > > *From:* Michael B. Smith [mailto:[email protected]] > *Sent:* Wednesday, January 26, 2011 1:38 PM > > *To:* NT System Admin Issues > *Subject:* RE: Intel developing security 'game-changer' > > > > I’m still of the opinion that the only real solution is white-listing. > > > > But that raises its own set of issues. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Wednesday, January 26, 2011 2:35 PM > *To:* NT System Admin Issues > *Subject:* Re: Intel developing security 'game-changer' > > > > Since a whole lot of allegedly legitimate software acts just like malware, > they'd have their work cut out for them. > > > > Try installing a host-based IPS on your system in monitoring mode, and look > at what it would block -- and why. > > > > There are certain classes of zero-day that can be blocked by software or > hardware. There are others that cannot be, simply because of what passes > for functionality these days. > > > > Oh, and I agree with Ben and Jonathan... > > > > *ASB *(My Bio via About.Me <http://about.me/Andrew.S.Baker/bio>) > *Exploiting Technology for Business Advantage...* > > > > > > On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin <[email protected]> > wrote: > > Most important statement.... > > > > "*If Intel has hardware technology that can reliably stop zero-day > attacks, that would be a huge win in the war against malware," Olds said. > **"The key is that it's reliable. It has to have the ability to discern > legit software from malware**. But if they can pull this off, it would > give them quite a competitive advantage **vs. > AMD*<http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_> > *."* > > > > - Sean > > > > On Wed, Jan 26, 2011 at 9:37 AM, David Lum <[email protected]> wrote: > > What say you, Alex, et all. > > > > > http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 > > > > Hype? > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 503.548.5229 *// *(Cell) 503.267.9764 > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
