Well, it was only matter of time, before everyone started pulling in the right direction of whitelisting. I welcome Symantec making the right noises about this and I do hope they will continue on this premise and protect their users with technologies that work, using whitelists.
Well I didn’t think they had a choice, they were losing too many costumers as the users discovered they weren’t as protected as they thought they were.
“The bad guys are moving quickly and the good guys are moving quickly and the innovators are moving quickly. If the judges are taking months to judge things, then that’s not fair to anybody,” says Bill Munson, vice-president of the Information Technology Association of Canada. “That’s not in the industry’s or society’s interest.”
so how COMODO (and other security company) can handle this issue?
Whitelisting is a joke. Its only a split second to modify an infectious/malicious binary and butcher up the registry to mimic a whitelisted program. … What? You said a checksum? Sure, which one MD5? Collisions… SHA1? Collisions… In fact, thrown on a hypervisor backdoor, remodify settings and whitelisting is obsolete.
Operating off the assumption that the whitelist is, in fact, stored in the registry, then you may have a point.
What if, regardless of the checksumming used, the whitelist is held in a proprietary, encrypted database, outside of the registry and only accessible by its associated application?
This would certainly make it much harder, not impossible, but certainly much harder.
Whitelisting, in your opinion, is a joke, but given the far greater propogation rate of malware when compared to legitimate software releases, where does this leave blacklisting?
IMHO, it makes much more sense to whitelist those apps I know and trust nothing else, rather than relying on a security vendor to
keep up with the daily tidal wave of malware releases
have sufficient resources to analyze and create solutions for each of these
and
have sufficient resources to host the relevant daily/hourly/minutely updates for God knows how many users trying to update their software.
In the final release of CPF3, will the user be able to interact with the whitelist in any way?
ie will we be able to “overwrite” our preferences over the whitelist?
Will there be any way for a user to review the whitelist, to see which processes are included?
for eg, suppose M$_process.exe is whitelisted, will I have the ability to block / restrict it if I wish to?
Coz I have to say, that would be my major concern about whitelisting, that someone else determines what processes are allowed to run on my pc, and that I cannot over-ride that decision. (except by uninstalling that product)
How come whitelisting is not an absolute-safety solution?
I’ve recently raved about potential whitelist leaks,
but the conception I’m making of whitelisting is that executable files can only modify the system after the file have been verified by a matching checksum (e.g. SHA-256), so how in the world can an executable file damage the system in such a whitelisting environment?
You can’t fight Malware with these Legacy AVs they get billions of dollars for every year!!!
They all need A-VSMART architecture we have in v3!!!
And yes I am glad that we are, once again, leading by example and pushing the bar and forcing all other security providers to raise the bar on malware! End users are the ultimate beneficiaries!
Wow! A reverence for Mr. Melih!
If I would be COMODO Ceo, I would be MAAADD, REALLY MAD!
Because now that Norton, Kaspersky and others are changing to whitelisting… then that means now its a real competition to sell COMODOs products.
But hey! who cares. COMODO CIS it has been always free. So there is nothing to loose.
In fact, only more happy customers. Norton will sell whitelists and COMODO give them for free (and even more mature whitelistings). This confirms again that COMODO protection its really protection itself. And also the good person Mr. Melih is.
You rock with your COMODO company! ;D
Any knowledge if symantec or karspersky added the whitelisting in their recent version?