Yes and no. If you have an app that requires it, and it is a mainline business app, there isn't a viable alternative.
On Wed, Jan 26, 2011 at 2:54 PM, Andrew S. Baker <[email protected]> wrote: > Just as network anomaly detection devices don't eliminate the use of > signatures, whitelisting solutions can still make use of several mechanisms > for avoiding bad stuff. > > It is the complete RELIANCE on signatures that is troublesome. > > Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of > viable alternatives at the moment... > > > *ASB *(My Bio via About.Me <http://about.me/Andrew.S.Baker/bio>) > *Exploiting Technology for Business Advantage...* > > * > * > > > > On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott > <[email protected]>wrote: > >> Unless you’re going to white-list every doc/jpg/pdf/mp3 you’re going to >> open, that’s not a panacea either. Documents = 1’s and 0’s = code. The only >> difference is what layer its executed at. Assume you white-list >> AdobeReader.exe. The next time a flaw is found that is exploited through a >> malformed PDF, it will march right through your white-list. >> >> >> >> *From:* Michael B. Smith [mailto:[email protected]] >> *Sent:* Wednesday, January 26, 2011 1:38 PM >> >> *To:* NT System Admin Issues >> *Subject:* RE: Intel developing security 'game-changer' >> >> >> >> I’m still of the opinion that the only real solution is white-listing. >> >> >> >> But that raises its own set of issues. >> >> >> >> Regards, >> >> >> >> Michael B. Smith >> >> Consultant and Exchange MVP >> >> http://TheEssentialExchange.com <http://theessentialexchange.com/> >> >> >> >> *From:* Andrew S. Baker [mailto:[email protected]] >> *Sent:* Wednesday, January 26, 2011 2:35 PM >> *To:* NT System Admin Issues >> *Subject:* Re: Intel developing security 'game-changer' >> >> >> >> Since a whole lot of allegedly legitimate software acts just like malware, >> they'd have their work cut out for them. >> >> >> >> Try installing a host-based IPS on your system in monitoring mode, and >> look at what it would block -- and why. >> >> >> >> There are certain classes of zero-day that can be blocked by software or >> hardware. There are others that cannot be, simply because of what passes >> for functionality these days. >> >> >> >> Oh, and I agree with Ben and Jonathan... >> >> >> >> *ASB *(My Bio via About.Me <http://about.me/Andrew.S.Baker/bio>) >> *Exploiting Technology for Business Advantage...* >> >> >> >> >> >> On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin <[email protected]> >> wrote: >> >> Most important statement.... >> >> >> >> "*If Intel has hardware technology that can reliably stop zero-day >> attacks, that would be a huge win in the war against malware," Olds said. >> **"The key is that it's reliable. It has to have the ability to discern >> legit software from malware**. But if they can pull this off, it would >> give them quite a competitive advantage **vs. >> AMD*<http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_> >> *."* >> >> >> >> - Sean >> >> >> >> On Wed, Jan 26, 2011 at 9:37 AM, David Lum <[email protected]> wrote: >> >> What say you, Alex, et all. >> >> >> >> >> http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 >> >> >> >> Hype? >> >> *David Lum** **// *SYSTEMS ENGINEER >> NORTHWEST EVALUATION ASSOCIATION >> (Desk) 503.548.5229 *// *(Cell) 503.267.9764 >> >> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
