The potential for an architecture company, like Intel, to say that they're now only allowing you to run code on their chips that's signed by their signing authority and you have to pay $(largenum) for the privilege of having your code evaluated, etc. Whitelisting is great when you can control it but not as much if it's imposed on you by an outside agency. Obviously this would be done out of "security concerns". In an ideal world this would be stopped either by the competitive market or a monopoly regulation but you never know.
---- Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: "Andrew S. Baker" <[email protected]<mailto:[email protected]>> Reply-To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Date: Wed, 26 Jan 2011 14:47:26 -0500 To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Subject: Re: Intel developing security 'game-changer' Why is it a slippery slope? ASB (My Bio via About.Me<http://about.me/Andrew.S.Baker/bio>) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 2:39 PM, Kramer, Jack <[email protected]<mailto:[email protected]>> wrote: Something like this is a step on the slippery slope to running signed software only as well – you can effectively guarantee you wouldn't have malicious software if you only run things that you've whitelisted on your system. Of course, you can do that today and it also won't save you if you've whitelisted something that turns out to be malicious – or if someone breaks your signing mechanism, etc. ---- Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: "Andrew S. Baker" <[email protected]<mailto:[email protected]>> Reply-To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Date: Wed, 26 Jan 2011 14:34:37 -0500 To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Subject: Re: Intel developing security 'game-changer' Since a whole lot of allegedly legitimate software acts just like malware, they'd have their work cut out for them. Try installing a host-based IPS on your system in monitoring mode, and look at what it would block -- and why. There are certain classes of zero-day that can be blocked by software or hardware. There are others that cannot be, simply because of what passes for functionality these days. Oh, and I agree with Ben and Jonathan... ASB (My Bio via About.Me<http://about.me/Andrew.S.Baker/bio>) Exploiting Technology for Business Advantage... On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin <[email protected]<mailto:[email protected]>> wrote: Most important statement.... "If Intel has hardware technology that can reliably stop zero-day attacks, that would be a huge win in the war against malware," Olds said. "The key is that it's reliable. It has to have the ability to discern legit software from malware. But if they can pull this off, it would give them quite a competitive advantage vs. AMD<http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_>." - Sean On Wed, Jan 26, 2011 at 9:37 AM, David Lum <[email protected]<mailto:[email protected]>> wrote: What say you, Alex, et all. http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 Hype? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
