Welcome, Guest. Please login or register.
December 01, 2009, 10:04:59 AM

Login with username, password and session length

339055 Posts
37533 Topics
85147 Members

Latest Member: jimf54

Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Learn about Computer Security and Interact with Security Experts
| |-+  HIPS (Host Intrusion Prevention Systems)
| | |-+  White listing or black listing?
« previous next »
Pages: [1] 2 3 4 Go Down Print
Author Topic: White listing or black listing?  (Read 14089 times)
solcroft
Comodo Loves me
****
Offline Offline

Posts: 146


« on: April 08, 2008, 07:55:29 PM »

Comodo is of the new breed of security firms; any post on Wilders about what Comodo can or cannot do is irrelevant and inconsequential.
 Angry
It's a new breed of security firm all right, considering how the quality of CAVS has yet to climb out of the sewer after all this time.

Take a look at PC Tools' antivirus product, for instance. They're new, and they're improving quickly. Which is a hell lot more than I can say for Comodo.
Logged
panic
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 7541


... and I say to myself, "What a wonderful world"


« Reply #1 on: April 08, 2008, 08:19:15 PM »

G'day solcroft,

Glad to see you stick your head round the door again.

Gotta agree - the detection rate of CAVS2 Beta has never been the best. I can't see it getting any better than it curently is as the primary develoment focus is now on CAVS3.

Just in case you were just about to say "LOL. Couldn't finish V3 and have started on V3" or similar, Comodo realised, after the release of CFP V3, that they needed to re-architect the CAVS product line to be able to co-operate with the new architecture used in CFP V3. As a consequence, the CAVS V3 development team has been greatly expanded and development work on CAVS V2 pretty much ground to a halt.

CAVS V3 is slated for a public beta towards the end of this month or early next month and should be worth at least a closer look.

[tongue in cheek mode on]
I'll get someone who's allowed to register at Wilders to let you know when it's out. Wink (Only kidding, every attempt I've ever made to register at Wilders has failed for one reason ro another. Now, I just don't bother, but I do read there a lot.)
[/tongue in cheek mode off]

cheers,
Ewen :-)




Quote
It's a new breed of security firm all right, considering how the quality of CAVS has yet to climb out of the sewer after all this time.

Take a look at PC Tools' antivirus product, for instance. They're new, and they're improving quickly. Which is a hell lot more than I can say for Comodo.
Logged

As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you don't like it, don't use the forum.
solcroft
Comodo Loves me
****
Offline Offline

Posts: 146


« Reply #2 on: April 08, 2008, 09:13:15 PM »

Glad to see you stick your head round the door again.
I stick around every now and then and pay attention. Hey, I'd be a happy user too if Comodo decides to get its act together and release a useable product.
Logged
axl
Comodo's Hero
*****
Offline Offline

Posts: 427


Keep your friends close, and your enemies closer..


« Reply #3 on: April 08, 2008, 09:14:59 PM »

Which is a hell lot more than I can say for Comodo.
You may not have that much to say on this topic, but I have long been well aware of how much you have to say on other topics relating to Comodo, solcroft.

Regards,
axl.
Logged
axl
Comodo's Hero
*****
Offline Offline

Posts: 427


Keep your friends close, and your enemies closer..


« Reply #4 on: April 08, 2008, 09:28:26 PM »

Gotta agree - the detection rate of CAVS2 Beta has never been the best. I can't see it getting any better than it curently is as the primary develoment focus is now on CAVS3.
Given a recent thread started by Melih, something about "If you have CFP 3, why do you need an AV", I was under the impression that Comodo believed blacklisting to have severe limitations compared to whitelisting, and this would explain why CAV has been on the backburner...

Is my impression incorrect, panic?
 Huh
Logged
solcroft
Comodo Loves me
****
Offline Offline

Posts: 146


« Reply #5 on: April 08, 2008, 09:29:58 PM »

You may not have that much to say on this topic
Actually, I do, but I just can't be bothered nowadays that its common knowledge.
Logged
panic
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 7541


... and I say to myself, "What a wonderful world"


« Reply #6 on: April 08, 2008, 10:55:08 PM »

Given a recent thread started by Melih, something about "If you have CFP 3, why do you need an AV", I was under the impression that Comodo believed blacklisting to have severe limitations compared to whitelisting, and this would explain why CAV has been on the backburner...

Is my impression incorrect, panic?
 Huh

Yes with an "if", no with a "but".

There are pros and cons to both sides of the blacklist / whitelist argument. Comodo have decided that the whitelisting is the better way to go and I'm inclined to agree with them. This is akin to saying trust no-one other than those I know (which is pretty much how real world security works).

The biggest downside to whitelisting is that everything is considered black unitl it is proven to be white. Who does the proving, and what are their credentials?

A lot of it comes down to trust. Some will, some won't. And I"ll bet you won't get them to agree. Wink

Cheers,
Ewen :-)
Logged

As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you don't like it, don't use the forum.
axl
Comodo's Hero
*****
Offline Offline

Posts: 427


Keep your friends close, and your enemies closer..


« Reply #7 on: April 08, 2008, 11:16:13 PM »

The Achilles heel of blacklisting is the reliance on a database; it can only get larger going forward.
Every AV has to keep signatures of viruses ten, fifteen years old, while the number of malwares grows exponentially.
Right now, both sides are somewhat balanced, so the debate regarding whitelisting vs blacklisting is sustainable, but the future of blacklisting as a defense mechanism is doomed.

AVs are dead, but they don't even know it yet.

Or maybe the AV companies do know it, but they are just not letting their customers know until they can find a viable alternative.

IMO users like solcroft are stuck in the past.
Logged
solcroft
Comodo Loves me
****
Offline Offline

Posts: 146


« Reply #8 on: April 09, 2008, 12:51:29 AM »

The Achilles heel of blacklisting is the reliance on a database; it can only get larger going forward.
Every AV has to keep signatures of viruses ten, fifteen years old, while the number of malwares grows exponentially.
Right now, both sides are somewhat balanced, so the debate regarding whitelisting vs blacklisting is sustainable, but the future of blacklisting as a defense mechanism is doomed.
Sure. If we can't keep the blacklist current, let's try whitelisting instead, and try to keep up-to-date with a database at least a thousand times as large (and that's an optimistic estimate at best).

IMO some users are so keen to defend their biases that logic and facts take a back seat to the rhetoric they've been spoon-fed with.  Thinking
Logged
panic
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 7541


... and I say to myself, "What a wonderful world"


« Reply #9 on: April 09, 2008, 12:57:06 AM »

Sure. If we can't keep the blacklist current, let's try whitelisting instead, and try to keep up-to-date with a database at least a thousand times as large (and that's an optimistic estimate at best).

IMO some users are so keen to defend their biases that logic and facts take a back seat to the rhetoric they've been spoon-fed with.  Thinking

What if the local whitelist database, rather than containing every whitelisted app known to man (and would indeed be a thousand times larger), only contained the known whitelisted apps that pre-existed on that particular PC? Then, as new apps got added to that PC, there was a lookup which cold add that app to the local whitelist DB. This would constrain the local DB down to the minimum size required to service the apps on that PC.

What think?
Ewen :-)
Logged

As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you don't like it, don't use the forum.
axl
Comodo's Hero
*****
Offline Offline

Posts: 427


Keep your friends close, and your enemies closer..


« Reply #10 on: April 09, 2008, 01:03:18 AM »

Sure. If we can't keep the blacklist current, let's try whitelisting instead, and try to keep up-to-date with a database at least a thousand times as large (and that's an optimistic estimate at best).

IMO some users are so keen to defend their biases that logic and facts take a back seat to the rhetoric they've been spoon-fed with.  Thinking
solcroft, when I say whitelisting I am talking about behavior monitoring.
Any kind of database is ridiculous unless it is maintained by Microsoft, which is why I never use Comodo's trusted app database.
Get a grip.
« Last Edit: April 09, 2008, 01:06:09 AM by axl » Logged
solcroft
Comodo Loves me
****
Offline Offline

Posts: 146


« Reply #11 on: April 09, 2008, 01:07:21 AM »

What if the local whitelist database, rather than containing every whitelisted app known to man (and would indeed be a thousand times larger), only contained the known whitelisted apps that pre-existed on that particular PC? Then, as new apps got added to that PC, there was a lookup which cold add that app to the local whitelist DB. This would constrain the local DB down to the minimum size required to service the apps on that PC.

What think?
Ewen :-)

I think there's no such thing as a "local whitelist".

A whitelist contains programs that have been approved by either the vendor or the user. If it is to be approved by the vendor, then the vendor has no choice but to whitelist every app known to man, unless they don't care about identification mistakes made by their software, or if their users only use a very limited subset of other software. And if the whitelist is to be approved by the end user, I think the problems are obvious.

And I think it's useless to debate the concepts of whitelisting and behavior monitoring with some users who clearly don't have a clue.
Logged
axl
Comodo's Hero
*****
Offline Offline

Posts: 427


Keep your friends close, and your enemies closer..


« Reply #12 on: April 09, 2008, 01:10:38 AM »

What if the local whitelist database, rather than containing every whitelisted app known to man (and would indeed be a thousand times larger), only contained the known whitelisted apps that pre-existed on that particular PC? Then, as new apps got added to that PC, there was a lookup which cold add that app to the local whitelist DB. This would constrain the local DB down to the minimum size required to service the apps on that PC.

What think?
Ewen :-)

The entire database concept is ridiculous.
This is all because of the poor design of Windows.
I wouldn't be surprised given the current Vista fiasco that Microsoft makes a clean break with backward compability with the next version, ala Apple with OS/X.
Then the entire database argument will be moot, because we will finally have a properly functioning OS, and people like solcroft will understand why things are the way they are.
« Last Edit: April 09, 2008, 01:12:36 AM by axl » Logged
axl
Comodo's Hero
*****
Offline Offline

Posts: 427


Keep your friends close, and your enemies closer..


« Reply #13 on: April 09, 2008, 01:16:32 AM »

And I think it's useless to debate the concepts of whitelisting and behavior monitoring with some users who clearly don't have a clue.
I guess that's why you are still waiting to exhale looking for AV solutions, while after having not had an infection in almost a decade I am wondering why I am still running one and looking to ditch AVs permanently....
« Last Edit: April 09, 2008, 01:18:20 AM by axl » Logged
panic
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 7541


... and I say to myself, "What a wonderful world"


« Reply #14 on: April 09, 2008, 02:10:34 AM »


I think there's no such thing as a "local whitelist".

A whitelist contains programs that have been approved by either the vendor or the user. If it is to be approved by the vendor, then the vendor has no choice but to whitelist every app known to man, unless they don't care about identification mistakes made by their software, or if their users only use a very limited subset of other software. And if the whitelist is to be approved by the end user, I think the problems are obvious.


What I meant was - the vendor, remotely creates the "master" whitelist DB. When the application that's going to utilise this DB is installed, part of the installation process is to determine what apps are already on the PC. This "apps list" is then processed against the remote vendors master whitelist DB. The resulting matches then form the local whitelist DB which is what is downloaded to the local PC. As new apps are installed or executed, they are again compared to the remote master whitelist and subsequent matches are pushed back to the local PC to be incorporated into the local whitelist DB.

Please bear in mind the above is not a declaration of what categorically be included in a future Comodo release.

Quote
And I think it's useless to debate the concepts of whitelisting and behavior monitoring with some users who clearly don't have a clue.

Debates and discussions are encouraged on these forums, but disparaging, derogatory or personal remarks are not.

All users are supposed to treat all other users with the same respect and courtesy they expect to be shown to themselves. Please, everyone, every now and again, re-read the forum policies.

Ewen :-)

« Last Edit: April 09, 2008, 02:15:30 AM by panic » Logged

As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you don't like it, don't use the forum.
Tags:
Pages: [1] 2 3 4 Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.046 seconds with 16 queries.
Powered by SMF 1.1.10 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by 7dana.com