I am glad that Symantec is now waking up to the idea of Whitelisting!

http://www.cbc.ca/news/background/tech/privacy/white-list.html

Well, it was only matter of time, before everyone started pulling in the right direction of whitelisting. I welcome Symantec making the right noises about this and I do hope they will continue on this premise and protect their users with technologies that work, using whitelists.

thanks
Melih

Well I didn’t think they had a choice, they were losing too many costumers as the users discovered they weren’t as protected as they thought they were.

“The bad guys are moving quickly and the good guys are moving quickly and the innovators are moving quickly. If the judges are taking months to judge things, then that’s not fair to anybody,” says Bill Munson, vice-president of the Information Technology Association of Canada. “That’s not in the industry’s or society’s interest.”

so how COMODO (and other security company) can handle this issue?

ganda

Thanks for sharing.

Virus are so easily created nowadays…
it’s scary for me to run any executable file! :S

Whitelisting is a joke. Its only a split second to modify an infectious/malicious binary and butcher up the registry to mimic a whitelisted program. … What? You said a checksum? Sure, which one MD5? Collisions… SHA1? Collisions… In fact, thrown on a hypervisor backdoor, remodify settings and whitelisting is obsolete.

sil @ infiltrated dot net

Operating off the assumption that the whitelist is, in fact, stored in the registry, then you may have a point.

What if, regardless of the checksumming used, the whitelist is held in a proprietary, encrypted database, outside of the registry and only accessible by its associated application?

This would certainly make it much harder, not impossible, but certainly much harder.

Whitelisting, in your opinion, is a joke, but given the far greater propogation rate of malware when compared to legitimate software releases, where does this leave blacklisting?

IMHO, it makes much more sense to whitelist those apps I know and trust nothing else, rather than relying on a security vendor to

  1. keep up with the daily tidal wave of malware releases
  2. have sufficient resources to analyze and create solutions for each of these
    and
  3. have sufficient resources to host the relevant daily/hourly/minutely updates for God knows how many users trying to update their software.

Ewen :slight_smile:

Nice to see you pop in sil, welcome!

I would like to see you collide the checksums we have for our whitelists :slight_smile: lets see how easy/difficult it is to mount this kind of attack.

thanks
Melih

Hi Melih :slight_smile:

In the final release of CPF3, will the user be able to interact with the whitelist in any way?
ie will we be able to “overwrite” our preferences over the whitelist?
Will there be any way for a user to review the whitelist, to see which processes are included?

for eg, suppose M$_process.exe is whitelisted, will I have the ability to block / restrict it if I wish to?

Coz I have to say, that would be my major concern about whitelisting, that someone else determines what processes are allowed to run on my pc, and that I cannot over-ride that decision. (except by uninstalling that product)

regards, qwerty :slight_smile:

sure. you have the ability to stop the safe listed apps from running in your machine.

thanks
Melih

Hi Melih, thanks for the speedy reply :slight_smile:

I’m glad to hear that, and looking forward to the final release!
Regards, qwerty

Whitelisting is much better than blacklisting. Plus, whitelisting is better than nothing, it’s just another layer added for security.

How come whitelisting is not an absolute-safety solution?
I’ve recently raved about potential whitelist leaks,

but the conception I’m making of whitelisting is that executable files can only modify the system after the file have been verified by a matching checksum (e.g. SHA-256), so how in the world can an executable file damage the system in such a whitelisting environment?

I’m curious: what is the flaw?

Hey Melih it’s not just Norton now catching up on whitelisting, now kaspersky feels now it’s important, here is the link…

http://www.bit9.com/news-events/press-release-details.php?id=65

There simply is no other choice!!!

You can’t fight Malware with these Legacy AVs they get billions of dollars for every year!!!

They all need A-VSMART architecture we have in v3!!!

And yes I am glad that we are, once again, leading by example and pushing the bar and forcing all other security providers to raise the bar on malware! End users are the ultimate beneficiaries!

Melih

Just read a new article on this subject here:

http://blog.washingtonpost.com/securityfix/2008/06/redefining_antivirus_software.html

Wow! A reverence for Mr. Melih!
If I would be COMODO Ceo, I would be MAAADD, REALLY MAD!
Because now that Norton, Kaspersky and others are changing to whitelisting… then that means now its a real competition to sell COMODOs products.

But hey! who cares. COMODO CIS it has been always free. So there is nothing to loose.
In fact, only more happy customers. Norton will sell whitelists and COMODO give them for free (and even more mature whitelistings). This confirms again that COMODO protection its really protection itself. And also the good person Mr. Melih is.
You rock with your COMODO company! ;D

Any knowledge if symantec or karspersky added the whitelisting in their recent version?

We do not have any such trend in 2012 versions of KIS or NIS.

May be we see the effect in later versions.