Author Topic: I am glad that Symantec is now waking up to the idea of Whitelisting!  (Read 14395 times)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
http://www.cbc.ca/news/background/tech/privacy/white-list.html

Well, it was only matter of time, before everyone started pulling in the right direction of whitelisting. I welcome Symantec making the right noises about this and I do hope they will continue on this premise and protect their users with technologies that work, using whitelists.

thanks
Melih

Offline Justin L.

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3124
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #1 on: September 24, 2007, 10:43:44 PM »
Well I didn't think they had a choice, they were losing too many costumers as the users discovered they weren't as protected as they thought they were.


Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5896
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #2 on: September 25, 2007, 02:46:44 AM »
"The bad guys are moving quickly and the good guys are moving quickly and the innovators are moving quickly. If the judges are taking months to judge things, then that's not fair to anybody," says Bill Munson, vice-president of the Information Technology Association of Canada. "That's not in the industry's or society's interest."

so how COMODO (and other security company) can handle this issue?


ganda

Offline twipley

  • Comodo Member
  • **
  • Posts: 36
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #3 on: September 25, 2007, 06:16:02 PM »
Thanks for sharing.

Virus are so easily created nowadays...
it's scary for me to run any executable file! :S

http://en.wikipedia.org/wiki/Antivirus_software

Offline sil

  • Newbie
  • *
  • Posts: 2
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #4 on: September 27, 2007, 04:54:20 PM »
Whitelisting is a joke. Its only a split second to modify an infectious/malicious binary and butcher up the registry to mimic a whitelisted program. .... What? You said a checksum? Sure, which one MD5? Collisions... SHA1? Collisions... In fact, thrown on a hypervisor backdoor, remodify settings and whitelisting is obsolete.

sil [at] infiltrated dot net

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11698
  • Linux is free only if your time is worthless.;-)
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #5 on: September 27, 2007, 05:58:35 PM »
Operating off the assumption that the whitelist is, in fact, stored in the registry, then you may have a point.

What if, regardless of the checksumming used, the whitelist is held in a proprietary, encrypted database, outside of the registry and only accessible by its associated application?

This would certainly make it much harder, not impossible, but certainly much harder.

Whitelisting, in your opinion, is a joke, but given the far greater propogation rate of malware when compared to legitimate software releases, where does this leave blacklisting?

IMHO, it makes much more sense to whitelist those apps I know and trust nothing else, rather than relying on a security vendor to
1) keep up with the daily tidal wave of malware releases
2) have sufficient resources to analyze and create solutions for each of these
and
3) have sufficient resources to host the relevant daily/hourly/minutely updates for God knows how many users trying to update their software.

Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline ~cat~

  • Comodo's Hero
  • *****
  • Posts: 969
  • CBO "...there is nothing better."
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #6 on: September 27, 2007, 09:22:46 PM »
Nice to see you pop in sil, welcome!
Parched dry and thirsty, knee deep in the river of life.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #7 on: September 27, 2007, 10:02:42 PM »
Whitelisting is a joke. Its only a split second to modify an infectious/malicious binary and butcher up the registry to mimic a whitelisted program. .... What? You said a checksum? Sure, which one MD5? Collisions... SHA1? Collisions... In fact, thrown on a hypervisor backdoor, remodify settings and whitelisting is obsolete.

sil  [ at ]  infiltrated dot net

I would like to see you collide the checksums we have for our whitelists :) lets see how easy/difficult it is to mount this kind of attack.

thanks
Melih

Offline qwerty

  • Comodo Loves me
  • ****
  • Posts: 155
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #8 on: September 28, 2007, 09:35:15 PM »
Hi Melih :)

In the final release of CPF3, will the user be able to interact with the whitelist in any way?
ie will we be able to "overwrite" our preferences over the whitelist?
Will there be any way for a user to review the whitelist, to see which processes are included?

for eg, suppose M$_process.exe is whitelisted, will I have the ability to block / restrict it if I wish to?

Coz I have to say, that would be my major concern about whitelisting, that someone else determines what processes are allowed to run on my pc, and that I cannot over-ride that decision. (except by uninstalling that product)

regards, qwerty :)
 

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #9 on: September 28, 2007, 11:12:34 PM »
Hi Melih :)

In the final release of CPF3, will the user be able to interact with the whitelist in any way?
ie will we be able to "overwrite" our preferences over the whitelist?
Will there be any way for a user to review the whitelist, to see which processes are included?

for eg, suppose M$_process.exe is whitelisted, will I have the ability to block / restrict it if I wish to?

Coz I have to say, that would be my major concern about whitelisting, that someone else determines what processes are allowed to run on my pc, and that I cannot over-ride that decision. (except by uninstalling that product)

regards, qwerty :)
 

sure. you have the ability to stop the safe listed apps from running in your machine.

thanks
Melih

Offline qwerty

  • Comodo Loves me
  • ****
  • Posts: 155
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #10 on: September 29, 2007, 05:06:37 AM »
Hi Melih, thanks for the speedy reply :)

 I'm glad to hear that, and looking forward to the final release!
Regards, qwerty

Offline wackysystems

  • Comodo Member
  • **
  • Posts: 37
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #11 on: October 14, 2007, 12:02:02 AM »
Whitelisting is much better than blacklisting. Plus, whitelisting is better than nothing, it's just another layer added for security.

Offline twipley

  • Comodo Member
  • **
  • Posts: 36
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #12 on: November 21, 2007, 08:50:53 PM »
What if, regardless of the checksumming used, the whitelist is held in a proprietary, encrypted database, outside of the registry and only accessible by its associated application?

This would certainly make it much harder, not impossible, but certainly much harder.
How come whitelisting is not an absolute-safety solution?
I've recently raved about potential whitelist leaks,

but the conception I'm making of whitelisting is that executable files can only modify the system after the file have been verified by a matching checksum (e.g. SHA-256), so how in the world can an executable file damage the system in such a whitelisting environment?

I'm curious: what is the flaw?

Offline disinter1

  • Comodo Loves me
  • ****
  • Posts: 133
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #13 on: November 29, 2007, 03:11:49 PM »
Hey Melih it's not just Norton now catching up on whitelisting, now kaspersky feels now it's important, here is the link...


http://www.bit9.com/news-events/press-release-details.php?id=65

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: I am glad that Symantec is now waking up to the idea of Whitelisting!
« Reply #14 on: November 29, 2007, 10:25:13 PM »
There simply is no other choice!!!!

You can't fight Malware with these Legacy AVs they get billions of dollars for every year!!!!

They all need A-VSMART architecture we have in v3!!!!

And yes I am glad that we are, once again, leading by example and pushing the bar and forcing all other security providers to raise the bar on malware! End users are the ultimate beneficiaries!

Melih

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek