No one here has suggested panacea, but consider how effective it would be in a white-listing environment to add most apps to the list in the event of a zero-day to an EXISTING app. You wouldn't have to do anything for an app that wasn't already allowed in your environment.
It is akin to the change in firewall rule-set made in ages gone by from Allowed-by-Default to Denied-by-Default. Likewise, look at all the environments that have moved towards some form of locked down user desktop and see how much of a benefit has resulted. Reducing problems by 50-80% off the bat, with little overhead, is always desirable. *ASB *(My Bio via About.Me <http://about.me/Andrew.S.Baker/bio>) *Exploiting Technology for Business Advantage...* * * On Wed, Jan 26, 2011 at 5:03 PM, Crawford, Scott <[email protected]>wrote: > My point is that neither signatures, nor white-listing are a panacea. The > fact that we’ve been sig based for so long while malware continues to be > effective leads many to think that white-listing would solve all our woes. > I’m simply saying that many **current** vulnerabilities circumvent a > white-list so it can’t be a panacea…unless of course you white-list each > individual data file. > > > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Wednesday, January 26, 2011 1:55 PM > > *To:* NT System Admin Issues > *Subject:* Re: Intel developing security 'game-changer' > > > > Just as network anomaly detection devices don't eliminate the use of > signatures, whitelisting solutions can still make use of several mechanisms > for avoiding bad stuff. > > > > It is the complete RELIANCE on signatures that is troublesome. > > > > Oh, and btw, I try to avoid Adobe Acrobat altogether. There are plenty of > viable alternatives at the moment... > > > > *ASB *(My Bio via About.Me <http://about.me/Andrew.S.Baker/bio>) > *Exploiting Technology for Business Advantage...* > > > > > > On Wed, Jan 26, 2011 at 2:51 PM, Crawford, Scott <[email protected]> > wrote: > > Unless you’re going to white-list every doc/jpg/pdf/mp3 you’re going to > open, that’s not a panacea either. Documents = 1’s and 0’s = code. The only > difference is what layer its executed at. Assume you white-list > AdobeReader.exe. The next time a flaw is found that is exploited through a > malformed PDF, it will march right through your white-list. > > > > *From:* Michael B. Smith [mailto:[email protected]] > *Sent:* Wednesday, January 26, 2011 1:38 PM > > > *To:* NT System Admin Issues > > *Subject:* RE: Intel developing security 'game-changer' > > > > I’m still of the opinion that the only real solution is white-listing. > > > > But that raises its own set of issues. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Andrew S. Baker [mailto:[email protected]] > > *Sent:* Wednesday, January 26, 2011 2:35 PM > > *To:* NT System Admin Issues > > *Subject:* Re: Intel developing security 'game-changer' > > > > Since a whole lot of allegedly legitimate software acts just like malware, > they'd have their work cut out for them. > > > > Try installing a host-based IPS on your system in monitoring mode, and look > at what it would block -- and why. > > > > There are certain classes of zero-day that can be blocked by software or > hardware. There are others that cannot be, simply because of what passes > for functionality these days. > > > > Oh, and I agree with Ben and Jonathan... > > > > *ASB *(My Bio via About.Me <http://about.me/Andrew.S.Baker/bio>) > *Exploiting Technology for Business Advantage...* > > > > > > On Wed, Jan 26, 2011 at 1:47 PM, Sean Martin <[email protected]> > wrote: > > Most important statement.... > > > > "*If Intel has hardware technology that can reliably stop zero-day > attacks, that would be a huge win in the war against malware," Olds said. > **"The key is that it's reliable. It has to have the ability to discern > legit software from malware**. But if they can pull this off, it would > give them quite a competitive advantage **vs. > AMD*<http://www.computerworld.com/s/article/9204580/AMD_could_better_fight_Intel_with_new_CEO_> > *."* > > > > - Sean > > > > On Wed, Jan 26, 2011 at 9:37 AM, David Lum <[email protected]> wrote: > > What say you, Alex, et all. > > > > > http://www.computerworld.com/s/article/9206366/Intel_developing_security_game_changer_?taxonomyId=85 > > > > Hype? > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 503.548.5229 *// *(Cell) 503.267.9764 > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
