Listen Up Whitelist Vendors

With the recent discussion about the apparent failure of Anti-Virus and other signature based technologies many have floated the idea of using Whitelists on the desktop to better protect users from Malware.

On the surface this sounds like a good idea as it is basically the same security 101 concept of removing all except necessary access.  But when you sit down and think about what applications would be on this whitelist the concept gets a little sketchy.  For example:

Microsoft Office Suite
Microsoft Outlook
Internet Explorer
Firefox
OpenOffice
RealPlayer
QuickTime
FlashPlayer
etc…

So just like the concept of your firewall is forcing me to hack you over TCP80.  Desktop whitelisting will leave the attacks focused on a subset of software that has already proven to be a great attack vector. 

Hell, I can think of a few ways to use your email program and your word processing program in completely legitimate ways (granted would require tricking the user into opening the file) to steal or alter data on your machine.

While I think whitelisting makes sense, I do think that the vendors need to think long and hard about how they implement it and exactly what protections are in place.  Perhaps they should look at a hybrid of whitelist + anomaly + signatures.  Oh wait, those other two are supposed to be dead.  😛

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: