bit9 and kaspersky offer this new service. Companies should make use of it.
On Sun, Nov 23, 2008 at 10:05 PM, Bipin Gautam <[EMAIL PROTECTED]>wrote: > On 11/23/08, Mike C <[EMAIL PROTECTED]> wrote: > > >> Of course, blindly thwacking people / dragging them to HR by the hair > >> when they're really just trying to do their jobs is > >> counter-productive. The calls also show us where we, security, are > >> falling down. Perhaps it's poor awareness training (if the user didn't > >> know that they shouldn't run unapproved software, or why we have that > >> rule, or how to get a new app approved); or could be that the official > >> route is being seen as too slow or bureaucratic, in which case it > >> needs fixing. And so on. > >> > > > > All I hope is we can fix the issue. Hopefully in the near future. > > > > > Yeah! > Here is my prospective to a possible solution that wouldn't compromise > usability. > > But, first lets all agree on "banning execution of any binary from > removable media" is the only straightforward solution this decades old > problem of virus infection/propagation from removable media. > > See, if a web-page tries to install an activeX / browser plugin, your > browser (non intrusively) waits for user interaction with a security > warning message on "if you really intend to install the plugin (Which > may be harmful!)" or .......may choose to ignore the dialog and > continue browsing. > > Here, it is assumed "user understands" the security impact of > executing untrusted programs from internet and let the execution > decision left to the end user with manual interaction. If the plugin > installation behavior is not intended user can simply ignore the > manual interaction request for execution and instead continue. > > In similar way, anti virus company or Microsoft should create similar > for "My Computer Zone" where the first execution of a binary "from > removable media" is denied by default and prompt for user interaction > to execute, white list&execute or terminate/ban the request for > execution from removable media like the way internet explorer (non > intrusively) handles installation of activeX like in IE. Binary > execution from removable media should be treated that way ( untrusted > ! ) > > Pen drive / SD have unique serial numbers which can be used to > identify and permanently whitelist or blacklist the media from > execution. > > Windows already has a feature for prompting if user tries to execute > binary from intranet/shared folder or execution of binary marked as > downloaded from "Internet Zone" > > Why not have similar for binary execution from removable media as well!? > > What better could be the solution to stopping virus to propagate from > removable medias with (default) FAT file system. (lacking ACL's) > > For corporate environment let there be feature to sync these white > listed/blacklisted hashes of executable or removable media UID from > anti virus server/domain controller to anti virus clients/related > service running in user end. > > Will this work :)? > > -thanks, > bipin > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com/ http://www.jewelerslounge.com/luxury-insurance
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/