>But, if we ever get to a world where whitelisting is the predominant >means of execution control, the bad guys will, out of necessity, be
>relegated to exploiting flaws in applications through data files. I don't understand how you can have an exploit in a data file resulting in anything else but code execution. Data itself is harmless; it's the executables that cause harm. There will always be code executed, in some form or another (unless I'm misunderstanding your point). Alex From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, April 16, 2012 12:25 AM To: NT System Admin Issues Subject: RE: Whitelisting Possibly...even probably. But, if we ever get to a world where whitelisting is the predominant means of execution control, the bad guys will, out of necessity, be relegated to exploiting flaws in applications through data files. A scanner that looks for signatures of exploits in files will be a useful tool. Assuming of course, all applications aren't secure. Sent from my Windows Phone _____ From: Andrew S. Baker Sent: 4/15/2012 1:08 PM To: NT System Admin Issues Subject: Re: Whitelisting You can't. :) ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market. On Sat, Apr 14, 2012 at 1:24 PM, Rankin, James R <kz2...@googlemail.com> wrote: How do you blacklist all possible bad data files? ------Original Message------ From: Crawford, Scott To: NT System Admin Issues ReplyTo: NT System Admin Issues Subject: RE: Whitelisting Sent: 14 Apr 2012 18:02 A combination is needed. Whitelisting for traditional executable code and blacklisting for data files that exploit vulnerable white listed applications. -----Original Message----- From: Alex Eckelberry [mailto:a...@eckelberry.com] Sent: Saturday, April 14, 2012 10:10 AM To: NT System Admin Issues Subject: Whitelisting I'm curious, what's the general feeling about about whitelisting? As a former AV guy, I tend to prefer blacklisting, but I'm seeing signs things might be changing. Thoughts? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
