These are all forms of signatures, most particularly the hash. I suppose it's a question of nomenclature.
Alex -----Original Message----- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Friday, May 07, 2010 7:20 PM To: NT System Admin Issues Subject: Re: Sunbelt, McAfee, Symantec - now Clam Application whitelisting doesn't necessarily use signatures. Microsoft's AppLocker and it's predecessor, Software Restriction Policies, can whitelist based on: * folder paths * file name * file hashes * executables signed by with a software publisher's X.509 code-signing certificate Alex Eckelberry wrote: > Not sure about that. What happens when the whitelisting vendor screws > up a dat file, and you can't run any of your programs at all because > they are not "allowed"? The problem is compounded by the fact that > there are far more legitimate files released daily than there are > malicious files, so whitelisting applications need to update even more > than blacklisting apps. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
