Listen Up Whitelist Vendors
With the recent discussion about the apparent failure of Anti-Virus and other signature based technologies many have floated the idea of using Whitelists on the desktop to better protect users from Malware.
On the surface this sounds like a good idea as it is basically the same security 101 concept of removing all except necessary access. But when you sit down and think about what applications would be on this whitelist the concept gets a little sketchy. For example:
Microsoft Office Suite
So just like the concept of your firewall is forcing me to hack you over TCP80. Desktop whitelisting will leave the attacks focused on a subset of software that has already proven to be a great attack vector.
Hell, I can think of a few ways to use your email program and your word processing program in completely legitimate ways (granted would require tricking the user into opening the file) to steal or alter data on your machine.
While I think whitelisting makes sense, I do think that the vendors need to think long and hard about how they implement it and exactly what protections are in place. Perhaps they should look at a hybrid of whitelist + anomaly + signatures. Oh wait, those other two are supposed to be dead. 😛