in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Application Control - Whitelists for Controlling Malware

There is news that security vendors are beginning to rethink their philosophy on how to protect computers.  The current practice is for security vendors to create blacklists of software that is not allowed to run on a computer.  This protects computer users from the installation of malicious software.  The problem with such a strategy is that the rate of malicious software being created is quite high, so the blacklisting in question will not be comprehensive.  Plus, there is the additional problem that malicious software has to be identified as such; if it’s not detected, it will not be placed on the blacklist.

 

Because instances of malicious software is growing at higher rates than the release of legitimate software, security vendors are beginning to think that maybe blacklisting is the wrong approach.  There is talk in the industry of using a white list, i.e., a list of legitimate software that can be run on computers.  Such a list would include the usual suspects such as Microsoft Word or Adobe Acrobat.  If it’s not on the list, it cannot be used.

 

One problem with such an approach, of course, is how to include peripheral yet non-malicious software.  For example, I have quite a significant list of freeware that I use in my personal computer at home.  And remember, this white list is being managed by the security vendors, in software offered by companies such as Symantec or McAfee.  Since all companies have to coordinate their efforts, an “approval committee” of industry heavyweights will probably be created.  Critics say that problems might appear in the form of delays, since there’ll only be so many people to judge the legitimacy of hundreds of thousands, perhaps millions of programs.  The free programs on my PC might not make the cut, or at least not right away.

 

Due to the problems posed to end-users, I would imagine that the end-user would have the ability to approve the use of any software that they own that is not yet part of the vendor’s white list, a flexible white list, if you will.  If one wanted to be truly comprehensive, a combination of a flexible white list and a blacklist could be used: allow the end-user to add software programs to the white list in question, but not if it matches something that is placed on a black list.  This probably will be much harder to implement, but it would protect the accusers from approving any software nilly-willy.

 

Thankfully, the use of white lists in a business is not as complicated.  The number of software programs with a legitimate use is quite limited.  They might be different from company to company, but within a company itself, the list of approved software doesn’t change that often.  Application control, another way of saying “white list,” is a feature offered by AlertBoot, along with other disk security and data protection features, such as full disk encryption and file encryption.  They even offer port control to ensure that unapproved devices cannot be hooked up to a computer (say, like an iPod, which could be used to steal digital files).

 

While the big guys are debating whether this change in philosophy is a right path to take, your business can proceed forward with a white list strategy if you choose to do so today.

 

For total security, however, you’d also want to combine the above with the proper encryption solutions such as full disk encryption or content encryption to ensure that your data is protected if the entire computer is lifted from the office.  Malware is not the only threats to your data, after all.

 
<Previous Next>

A Mobile Office Requires Endpoint Security

Here's Why All Data Should Be Encrypted - Regardless Of What The Official Policies Are

Comments

AlertBoot Endpoint Security said:

A couple of months back , antivirus companies such as Symantec proposed the use of white lists and black

January 4, 2008 1:10 PM
 

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.