[sdw2003] Whitelisting discussion?

Thaddeus Braun Thaddeus.Braun at taylorguitars.com
Tue Jan 19 15:34:06 PST 2010 

So it's more of a "corporate IT departments don't have a good idea of
what software is running on all the computers within the corporation,
and don't want the administrative overhead of managing all the change
requests..." kind of thing. I hear you.

I've seen the Bit9 stuff, and I am impressed. I believe it's the old
Okina whitelisting guys (they sold their stuff to Cisco). I've used
Okina's stuff before, and I can say the management of it all -in the
beginning- was a lot of "make this work for execs, make that work for
marketing", but after a 1-2month period, it somewhat died down to a
stable set of apps that were allowed to run. Everything else was
blocked, and users could not just click away the screen. It had to be
brought to IT's attention and a discussion would be held before a
decision was made. Apps like IE were troublesome since they called so
many other apps, but even that was able to be managed. The hardest part
were the updates every month from Microsoft, Adobe, etc. I believe the
newer WL systems now allow you to spec out a clean system and create a
profile that can be immediately pushed to all PC's; that allows you to
handle hundreds of systems at once, a real big plus come Microsoft Patch
Day.

I see Faronics has a new version of their stuff out too. Who are the
other players in this space?

Is anyone running whitelist software out there?

-----Original Message-----
From: sdw2003-bounces at mattware.com [mailto:sdw2003-bounces at mattware.com]
On Behalf Of Tracy Reed
Sent: Tuesday, January 19, 2010 3:22 PM
To: San Diego Windows 2003 User Group
Subject: Re: [sdw2003] Whitelisting discussion?

On Tue, Jan 19, 2010 at 03:09:36PM -0800, Thaddeus Braun spake thusly:
> Tracy brings up a very good point. Who is running any whitelisting
> software out there, and how do you like it so far? Tracy, can you
expand
> a little on your thoughts about whitelisting not being ready for prime
> time? 

I haven't used any but Bruce Schneier discusses it here:

http://www.schneier.com/blog/archives/2009/11/is_antivirus_de.html

saying:

    Certainly security would be improved if people used whitelisting
    programs such as Bit9 Parity and Savant Protection -- and I
    personally recommend Malwarebytes' Anti-Malware -- but a lot of
    users are going to have trouble with this. The average user will
    probably just swat away the "you're trying to run a program not on
    your whitelist" warning message or -- even worse -- wonder why his
    computer is broken when he tries to run a new piece of
    software. The average corporate IT department doesn't have a good
    idea of what software is running on all the computers within the
    corporation, and doesn't want the administrative overhead of
    managing all the change requests. And whitelists aren't a panacea,
    either: they don't defend against malware that attaches itself to
    data files (think Word macro viruses), for example.

Anyone interested in security should have his blog on their RSS
feed. He has many very good insights. His thoughts on whitelisting
mirror my own.

-- 
Tracy Reed
http://tracyreed.org
_______________________________________________
sdw2003 mailing list
sdw2003 at mattware.com
http://lists.mattware.com/mailman/listinfo/sdw2003

More information about the sdw2003 mailing list