RE: Whitelisting Pros Cons?
In the end if white listing replaced anti-virus then attackers would simply raise the bar and make sure that their vulnerability exploits did not simply download and directly execute executable code. They would do behaviors in memory to simply defeat and bypass white listing technology. This is the point I've been trying (with mixed success) to make. My suggestion has been to also add blacklisting to look for malicious signatures within the pdf, jpg, etc. It seems to me that any given application vulnerability will be exploitable through a relatively easy to identify signature. Obviously, the payload could be any number of things, but the actual exploitation should be much easier to identify than the plethora of AV signatures that continually mutate. One could further reduce the number of signatures to keep on hand by only looking for exploits in recent versions of applications. From: Marc Maiffret [mailto:mmaiff...@eeye.com] Sent: Wednesday, November 16, 2011 11:01 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? Thoughts on AV, white listing, and endpoint security futures... and yes in my classic terrible grammar, stream of conscious, style of writing... sorry NTSYSADMIN'ers! :) Anti-virus does an amazing job for what it was originally created for: The prevention of known bad files. The problem is that most malware these days is highly dynamic and as such we are increasingly living in a world of unknown malware and AV was not made to prevent unknown malware. Anti-virus vendors are trying to Band-Aid their signature problem by having new systems that hopefully generate signatures faster. This is all the stuff the AV companies advertise around their cloud information sharing systems etc... AV still requires some level of companies to be compromised to know there is a new piece of malware that needs a signature. The cloud stuff (I forget everyone's marketing terms) helps to make it so that AV can create a signature but hopefully with less companies compromised and in a shorter amount of time. White listing can help prevent unknown malware because it can prevent unknown executable code from executing. This is of course not without time to manage, configure, and make sure all your legitimate apps at first deployment, and over the course of time, are properly white listed. But we will skip the management aspect for now and focus on what works prevention wise and what the limitations are. Stepping back from a solution perspective let's look at the problem: Systems being compromised and infected with malware. The majority of malware infections happen from one of two ways: 1. User exploitation - User simply runs a piece of malicious code (web/usb/email/etc) and no exploit is involved, only trickery. 2. Vulnerability exploitation - User is either targeted or through normal web browsing, and is infected with malware via an exploit leveraging an unknown or unpatched software vulnerability. User Exploitation - This is a very common reason that malware ends up on systems. Think of all of the times you have had to clean up systems with fake anti-virus type of software etc... This is an area where anti-virus is simply failing because when the malware is delivered to one of your users it is being handed off by a server that is doing automated morphing of the executable in a way as to evade anti-virus signatures. I.E. The malicious executable has the exact same behavior on every system but the signature of that executable is different for every system it is delivered to. White listing is very helpful in preventing this type of malware because essentially it is a user running an unknown program and by virtue of white listing your blocking all unknown programs. This is why you will hear people talk about having installed these solutions and their level of malware has simply gone down. Vulnerability Exploitation - The other way systems are compromised is not by users just clicking on things but by attackers actively leveraging unknown or unpatched software vulnerabilities. In this case what ends up happening is a user will receive something like a PDF document via email or will be served malicious javascript/html/etc via a website and in either case there will be an exploit that leverages a vulnerability within some software you have installed on the system. When the exploit takes place it will start to leverage a software vulnerability typically to run malicious code within the memory space of the vulnerable software. I.E. A user is browsing a website, embedded javascript spawns a window with an Adobe PDF files, the PDF file automatically loads, exploit code leverages a vulnerability within the PDF, exploit code starts running malicious shellcode within that Adobe program, that exploit shellcode then delivers its payload. The payload is typically the exploit downloading a malicious executable from another website
Re: Whitelisting Pros Cons?
Defense in depth, the layered approach is the only way. White/greylisting is much more effective but in the end having multiple layers is the only way to be truly secure. However application management CAN reduce your reliance (and therefore performance and management overhead) on realtime AV scanning. As more servers, apps and desktops become virtual, performance is key. Switching to scheduled scans only is the next step. But you must always have multiple layers. Its not a duplication of effort when you are faced with adapting and evolving threats. Sent from my SR-71 Blackbird -Original Message- From: Crawford, Scott crawfo...@evangel.edu Date: Thu, 17 Nov 2011 19:58:50 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Whitelisting Pros Cons? In the end if white listing replaced anti-virus then attackers would simply raise the bar and make sure that their vulnerability exploits did not simply download and directly execute executable code. They would do behaviors in memory to simply defeat and bypass white listing technology. This is the point I've been trying (with mixed success) to make. My suggestion has been to also add blacklisting to look for malicious signatures within the pdf, jpg, etc. It seems to me that any given application vulnerability will be exploitable through a relatively easy to identify signature. Obviously, the payload could be any number of things, but the actual exploitation should be much easier to identify than the plethora of AV signatures that continually mutate. One could further reduce the number of signatures to keep on hand by only looking for exploits in recent versions of applications. From: Marc Maiffret [mailto:mmaiff...@eeye.com] Sent: Wednesday, November 16, 2011 11:01 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? Thoughts on AV, white listing, and endpoint security futures... and yes in my classic terrible grammar, stream of conscious, style of writing... sorry NTSYSADMIN'ers! :) Anti-virus does an amazing job for what it was originally created for: The prevention of known bad files. The problem is that most malware these days is highly dynamic and as such we are increasingly living in a world of unknown malware and AV was not made to prevent unknown malware. Anti-virus vendors are trying to Band-Aid their signature problem by having new systems that hopefully generate signatures faster. This is all the stuff the AV companies advertise around their cloud information sharing systems etc... AV still requires some level of companies to be compromised to know there is a new piece of malware that needs a signature. The cloud stuff (I forget everyone's marketing terms) helps to make it so that AV can create a signature but hopefully with less companies compromised and in a shorter amount of time. White listing can help prevent unknown malware because it can prevent unknown executable code from executing. This is of course not without time to manage, configure, and make sure all your legitimate apps at first deployment, and over the course of time, are properly white listed. But we will skip the management aspect for now and focus on what works prevention wise and what the limitations are. Stepping back from a solution perspective let's look at the problem: Systems being compromised and infected with malware. The majority of malware infections happen from one of two ways: 1. User exploitation - User simply runs a piece of malicious code (web/usb/email/etc) and no exploit is involved, only trickery. 2. Vulnerability exploitation - User is either targeted or through normal web browsing, and is infected with malware via an exploit leveraging an unknown or unpatched software vulnerability. User Exploitation - This is a very common reason that malware ends up on systems. Think of all of the times you have had to clean up systems with fake anti-virus type of software etc... This is an area where anti-virus is simply failing because when the malware is delivered to one of your users it is being handed off by a server that is doing automated morphing of the executable in a way as to evade anti-virus signatures. I.E. The malicious executable has the exact same behavior on every system but the signature of that executable is different for every system it is delivered to. White listing is very helpful in preventing this type of malware because essentially it is a user running an unknown program and by virtue of white listing your blocking all unknown programs. This is why you will hear people talk about having installed these solutions and their level of malware has simply gone down. Vulnerability Exploitation - The other way systems are compromised is not by users just clicking on things but by attackers actively leveraging unknown or unpatched software vulnerabilities
RE: Whitelisting Pros Cons?
Thoughts on AV, white listing, and endpoint security futures... and yes in my classic terrible grammar, stream of conscious, style of writing... sorry NTSYSADMIN'ers! :) Anti-virus does an amazing job for what it was originally created for: The prevention of known bad files. The problem is that most malware these days is highly dynamic and as such we are increasingly living in a world of unknown malware and AV was not made to prevent unknown malware. Anti-virus vendors are trying to Band-Aid their signature problem by having new systems that hopefully generate signatures faster. This is all the stuff the AV companies advertise around their cloud information sharing systems etc... AV still requires some level of companies to be compromised to know there is a new piece of malware that needs a signature. The cloud stuff (I forget everyone's marketing terms) helps to make it so that AV can create a signature but hopefully with less companies compromised and in a shorter amount of time. White listing can help prevent unknown malware because it can prevent unknown executable code from executing. This is of course not without time to manage, configure, and make sure all your legitimate apps at first deployment, and over the course of time, are properly white listed. But we will skip the management aspect for now and focus on what works prevention wise and what the limitations are. Stepping back from a solution perspective let's look at the problem: Systems being compromised and infected with malware. The majority of malware infections happen from one of two ways: 1. User exploitation - User simply runs a piece of malicious code (web/usb/email/etc) and no exploit is involved, only trickery. 2. Vulnerability exploitation - User is either targeted or through normal web browsing, and is infected with malware via an exploit leveraging an unknown or unpatched software vulnerability. User Exploitation - This is a very common reason that malware ends up on systems. Think of all of the times you have had to clean up systems with fake anti-virus type of software etc... This is an area where anti-virus is simply failing because when the malware is delivered to one of your users it is being handed off by a server that is doing automated morphing of the executable in a way as to evade anti-virus signatures. I.E. The malicious executable has the exact same behavior on every system but the signature of that executable is different for every system it is delivered to. White listing is very helpful in preventing this type of malware because essentially it is a user running an unknown program and by virtue of white listing your blocking all unknown programs. This is why you will hear people talk about having installed these solutions and their level of malware has simply gone down. Vulnerability Exploitation - The other way systems are compromised is not by users just clicking on things but by attackers actively leveraging unknown or unpatched software vulnerabilities. In this case what ends up happening is a user will receive something like a PDF document via email or will be served malicious javascript/html/etc via a website and in either case there will be an exploit that leverages a vulnerability within some software you have installed on the system. When the exploit takes place it will start to leverage a software vulnerability typically to run malicious code within the memory space of the vulnerable software. I.E. A user is browsing a website, embedded javascript spawns a window with an Adobe PDF files, the PDF file automatically loads, exploit code leverages a vulnerability within the PDF, exploit code starts running malicious shellcode within that Adobe program, that exploit shellcode then delivers its payload. The payload is typically the exploit downloading a malicious executable from another website and then running that malicious executable which then Trojans a system etc... The problem is that the exploit code does not have to download another executable and rather it could keep performing malicious operations within the vulnerable application (Adobe) and since no new executable code is created, the whitelisting security software does not come into play. The point being that white listing is helpful against a lot of today's vulnerability exploitation because the payload delivered by most vulnerability exploits is to download an unknown executable and run it, which white listing will obviously stop. In the end if white listing replaced anti-virus then attackers would simply raise the bar and make sure that their vulnerability exploits did not simply download and directly execute executable code. They would do behaviors in memory to simply defeat and bypass white listing technology. Vulnerability/exploit prevention is critical and is always missed in discussions because everyone gets caught up in chasing the symptom (malware) and not the
RE: Whitelisting Pros Cons?
Would it be better to have a tool that only does whitelisting, or a software more like Viewfinity, where you can do both white and black lists, and also elevate permissions for applications that aren't on either list, but are needed by a few people, which wouldn't warrant putting it on the whitelist? Stu Sjouwerman s...@sunbelt-software.com 11/14/2011 2:16 PM Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? Bit9 Parity Suite 5.01 10 8 9 9 10 9.4 EXCELLENT 30% 15% 25% 10% 20% CoreTrace Bouncer 5 9 9 9 8 9 8.9 VERY GOOD 30% 15% 25% 10% 20% Lumension Application Control 8 9 8 9 9 8.5 VERY GOOD 30% 15% 25% 10% 20% McAfee Application Control 5.0 9 9 9 8 8 8.7 VERY GOOD 30% 15% 25% 10% 20% SignaCert Enterprise Trust Services 3.0 From:Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Monday, November 14, 2011 5:10 PM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Whitelisting Pros Cons? - Lumension
Anyone experience with Lumension? This seems to be one of the bigger players. Did some testing with this perhaps? Warm regards, Stu From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, November 15, 2011 10:47 AM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? Would it be better to have a tool that only does whitelisting, or a software more like Viewfinity, where you can do both white and black lists, and also elevate permissions for applications that aren't on either list, but are needed by a few people, which wouldn't warrant putting it on the whitelist? Stu Sjouwerman s...@sunbelt-software.commailto:s...@sunbelt-software.com 11/14/2011 2:16 PM Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? Bit9 Parity Suite 5.01 10 8 9 9 10 9.4 EXCELLENT 30% 15% 25% 10% 20% CoreTrace Bouncer 5 9 9 9 8 9 8.9 VERY GOOD 30% 15% 25% 10% 20% Lumension Application Control 8 9 8 9 9 8.5 VERY GOOD 30% 15% 25% 10% 20% McAfee Application Control 5.0 9 9 9 8 8 8.7 VERY GOOD 30% 15% 25% 10% 20% SignaCert Enterprise Trust Services 3.0 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Monday, November 14, 2011 5:10 PM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.commailto:s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.orgmailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.commailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
Re: Whitelisting Pros Cons? - Lumension
Can't believe that AppSense AM isn't in there as one of the test subjects. I think the issue is that most people use them for the Environment Manager (EM) feature of the suite so AppSense are treated more as a competitor in the UEM (User Environment Management) market rather than against other applications that do whitelisting, but the whitelisting product is (IMHO) their strongest. If they were willing to run the rule over AppLocker for that survey, then AM should surely have been included - most people who work with Application Manager brand it as AppLocker on steroids, which is slightly unfair seeing though it can do a lot more feature-wise. On 15 November 2011 16:07, Stu Sjouwerman s...@sunbelt-software.com wrote: Anyone experience with Lumension? This seems to be one of the bigger players. Did some testing with this perhaps? ** ** Warm regards, ** ** Stu ** ** *From:* Joseph Heaton [mailto:jhea...@dfg.ca.gov] *Sent:* Tuesday, November 15, 2011 10:47 AM *To:* NT System Admin Issues *Subject:* RE: Whitelisting Pros Cons? ** ** Would it be better to have a tool that only does whitelisting, or a software more like Viewfinity, where you can do both white and black lists, and also elevate permissions for applications that aren't on either list, but are needed by a few people, which wouldn't warrant putting it on the whitelist? Stu Sjouwerman s...@sunbelt-software.com 11/14/2011 2:16 PM Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? ** ** http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? ** ** ** ** *Bit9 Parity Suite 5.01* *10* *8* *9* *9* *10* *9.4* *EXCELLENT* *30%* *15%* *25%* *10%* *20%* *CoreTrace Bouncer 5* *9* *9* *9* *8* *9* *8.9* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *Lumension Application Control* *8* *9* *8* *9* *9* *8.5* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *McAfee Application Control 5.0* *9* *9* *9* *8* *8* *8.7* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *SignaCert Enterprise Trust Services 3.0* ** ** ** ** ** ** *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Monday, November 14, 2011 5:10 PM *To:* NT System Admin Issues *Subject:* Re: Whitelisting Pros Cons? ** ** Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi ** ** ** ** ** ** On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com
Re: Whitelisting Pros Cons?
The greater the flexibility of the tool, the less tools you need to manage your security. Relying on 1 tool is not wise, but having to manage 12 slightly overlapping tools is its own nightmare. Getting it down to 3 or 4 tools is useful. * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Nov 15, 2011 at 10:46 AM, Joseph Heaton jhea...@dfg.ca.gov wrote: Would it be better to have a tool that only does whitelisting, or a software more like Viewfinity, where you can do both white and black lists, and also elevate permissions for applications that aren't on either list, but are needed by a few people, which wouldn't warrant putting it on the whitelist? Stu Sjouwerman s...@sunbelt-software.com 11/14/2011 2:16 PM Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? ** ** http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? ** ** ** ** *Bit9 Parity Suite 5.01* *10* *8* *9* *9* *10* *9.4* *EXCELLENT* *30%* *15%* *25%* *10%* *20%* *CoreTrace Bouncer 5* *9* *9* *9* *8* *9* *8.9* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *Lumension Application Control* *8* *9* *8* *9* *9* *8.5* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *McAfee Application Control 5.0* *9* *9* *9* *8* *8* *8.7* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *SignaCert Enterprise Trust Services 3.0* ** ** ** ** ** ** *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Monday, November 14, 2011 5:10 PM *To:* NT System Admin Issues *Subject:* Re: Whitelisting Pros Cons? ** ** Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi ** ** ** ** On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Whitelisting Pros Cons?
Clearly these results are flawed if McAfee Anything gets higher than a -3 in any category. :-) On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman s...@sunbelt-software.comwrote: Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? ** ** http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? ** ** ** ** *Bit9 Parity Suite 5.01* *10* *8* *9* *9* *10* *9.4* *EXCELLENT* *30%* *15%* *25%* *10%* *20%* *CoreTrace Bouncer 5* *9* *9* *9* *8* *9* *8.9* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *Lumension Application Control* *8* *9* *8* *9* *9* *8.5* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *McAfee Application Control 5.0* *9* *9* *9* *8* *8* *8.7* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *SignaCert Enterprise Trust Services 3.0* ** ** ** ** ** ** *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Monday, November 14, 2011 5:10 PM *To:* NT System Admin Issues *Subject:* Re: Whitelisting Pros Cons? ** ** Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi ** ** ** ** On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Whitelisting Pros Cons?
Oh, this an acquisition, that is why it's having such a high score! LOL From: Doug Hampshire [mailto:dhampsh...@gmail.com] Sent: Tuesday, November 15, 2011 1:13 PM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Clearly these results are flawed if McAfee Anything gets higher than a -3 in any category. :-) On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman s...@sunbelt-software.commailto:s...@sunbelt-software.com wrote: Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? Bit9 Parity Suite 5.01 10 8 9 9 10 9.4 EXCELLENT 30% 15% 25% 10% 20% CoreTrace Bouncer 5 9 9 9 8 9 8.9 VERY GOOD 30% 15% 25% 10% 20% Lumension Application Control 8 9 8 9 9 8.5 VERY GOOD 30% 15% 25% 10% 20% McAfee Application Control 5.0 9 9 9 8 8 8.7 VERY GOOD 30% 15% 25% 10% 20% SignaCert Enterprise Trust Services 3.0 From: Micheal Espinola Jr [mailto:michealespin...@gmail.commailto:michealespin...@gmail.com] Sent: Monday, November 14, 2011 5:10 PM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.commailto:s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.orgmailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.commailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE
Re: Whitelisting Pros Cons?
McAfee has done a bit of that in the past couple of years - witness their pickup of the Sidewinder firewall line with the purchase of Secure Computing a couple of years ago, along with WebWasher, SnapGear and IronMail. Kurt On Tue, Nov 15, 2011 at 11:09, Stu Sjouwerman s...@sunbelt-software.comwrote: Oh, this an acquisition, that is why it’s having such a high score! LOL ** ** *From:* Doug Hampshire [mailto:dhampsh...@gmail.com] *Sent:* Tuesday, November 15, 2011 1:13 PM *To:* NT System Admin Issues *Subject:* Re: Whitelisting Pros Cons? ** ** Clearly these results are flawed if McAfee Anything gets higher than a -3 in any category. :-) On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman s...@sunbelt-software.com wrote: Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? *Bit9 Parity Suite 5.01* *10* *8* *9* *9* *10* *9.4* *EXCELLENT* *30%* *15%* *25%* *10%* *20%* *CoreTrace Bouncer 5* *9* *9* *9* *8* *9* *8.9* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *Lumension Application Control* *8* *9* *8* *9* *9* *8.5* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *McAfee Application Control 5.0* *9* *9* *9* *8* *8* *8.7* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *SignaCert Enterprise Trust Services 3.0* *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Monday, November 14, 2011 5:10 PM *To:* NT System Admin Issues *Subject:* Re: Whitelisting Pros Cons? Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi ** ** On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
Re: Whitelisting Pros Cons?
Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Whitelisting Pros Cons?
I can comment offline for you Stu... feel free to email me accordingly. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, November 14, 2011 11:15 AM To: NT System Admin Issues Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg
Re: Whitelisting Pros Cons?
I swear by AppSense Application Manager, great product, extremely granular, does a lot more than just whitelisting. It does device control for licensing (MS allow AM to manage licenses on Terminal Servers for the likes of Project and Visio, rather than buying thousands of licenses even though fifty users only need it). It can also control user rights policies, control panel applets, it can elevate users (or de-elevate them) from groups without logging off, produce reports, and a vast lot more besides. . AppLocker isn't anywhere in the same league, but it's free and a good improvement on the old Software Restriction Policies. But as far as I am concerned, AppSense is the leader in this field. AM renders AV almost redundant when set up properly. It isn't really whitelisting - it's greylisting. Anything installed by an admin onto the local drive can automatically execute. But anything a user drops on a local drive can't execute. it does this by maintaining a list of Trusted Owners. On the other hand, everything on network drives is untrusted by default and has to be allowed to run. You can base the trigger value around a vast array of configurable options, not just user or group. It can be a bit pricey for some, but especially when you see what else you get (Environment Management and Performance Management, both good products) in your licenses, I wouldn't do without it. YMMV, etc On 14 November 2011 16:14, Stu Sjouwerman s...@sunbelt-software.com wrote: Guys, I am writing an article for WServerNews, and would like your public input. ** ** What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! ** ** Warm regards, ** ** Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ** IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. * * The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. * * In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets** ** At Home yesterday. * * We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! * * The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Whitelisting Pros Cons?
I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Whitelisting Pros Cons?
I am a huge fan of this tactic and I suspect the day will come when we seriously consider doing it for email and web surfing also. We were a full Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in audit mode for a few monthscreated the rules and whitelists and put it in deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount of malware that does not require admin rights...that hits the users profile folders. I cried when they discontinued it. I think anything that is going to work and be manageable has to be modeled after how Cisco did it. It was extremely detailed and granular yet still easy to configure. You could allow a process to hit a certain registry key when only run by a certain user on Tuesdays IF they had on blue underwear. It was that granular. -Original Message- From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, November 14, 2011 11:48 AM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Whitelisting Pros Cons?
Personally, I found the underwear sensor uncomfortable. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, November 14, 2011 1:02 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? I am a huge fan of this tactic and I suspect the day will come when we seriously consider doing it for email and web surfing also. We were a full Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in audit mode for a few monthscreated the rules and whitelists and put it in deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount of malware that does not require admin rights...that hits the users profile folders. I cried when they discontinued it. I think anything that is going to work and be manageable has to be modeled after how Cisco did it. It was extremely detailed and granular yet still easy to configure. You could allow a process to hit a certain registry key when only run by a certain user on Tuesdays IF they had on blue underwear. It was that granular. -Original Message- From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, November 14, 2011 11:48 AM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Whitelisting Pros Cons?
That's not where you're supposed to put the antenna. -Original Message- From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Monday, November 14, 2011 12:06 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? Personally, I found the underwear sensor uncomfortable. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, November 14, 2011 1:02 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? I am a huge fan of this tactic and I suspect the day will come when we seriously consider doing it for email and web surfing also. We were a full Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in audit mode for a few monthscreated the rules and whitelists and put it in deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount of malware that does not require admin rights...that hits the users profile folders. I cried when they discontinued it. I think anything that is going to work and be manageable has to be modeled after how Cisco did it. It was extremely detailed and granular yet still easy to configure. You could allow a process to hit a certain registry key when only run by a certain user on Tuesdays IF they had on blue underwear. It was that granular. -Original Message- From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, November 14, 2011 11:48 AM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Whitelisting Pros Cons?
I've used Cisco's CSA. It's a little fiddly to get set up at first, but after that - no problems and it does a great job. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, November 14, 2011 11:15 AM To: NT System Admin Issues Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Whitelisting Pros Cons?
Too bad its retired now... CSA was defintely good when it was setup, but the amount of rules you needed to write to allow crap software to run, basically turns a lot of HIPS into swiss cheese after a while. ( But it also shows you how bad code is written) Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, November 14, 2011 2:19 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? I've used Cisco's CSA. It's a little fiddly to get set up at first, but after that - no problems and it does a great job. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, November 14, 2011 11:15 AM To: NT System Admin Issues Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg
Re: Whitelisting Pros Cons?
It's one of the better products that Cisco purchased... * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Mon, Nov 14, 2011 at 3:31 PM, Ziots, Edward ezi...@lifespan.org wrote: Too bad its retired now… ** ** CSA was defintely good when it was setup, but the amount of rules you needed to write to allow crap software to run, basically turns a lot of HIPS into swiss cheese after a while. ( But it also shows you how bad code is written) Z ** ** Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 [image: CISSP_logo] ** ** *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Monday, November 14, 2011 2:19 PM *To:* NT System Admin Issues *Subject:* RE: Whitelisting Pros Cons? ** ** I’ve used Cisco’s CSA. It’s a little fiddly to get set up at first, but after that – no problems and it does a great job. ** ** Regards, ** ** Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ** ** *From:* Stu Sjouwerman [mailto:s...@sunbelt-software.coms...@sunbelt-software.com] *Sent:* Monday, November 14, 2011 11:15 AM *To:* NT System Admin Issues *Subject:* Whitelisting Pros Cons? ** ** Guys, I am writing an article for WServerNews, and would like your public input. ** ** What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! ** ** Warm regards, ** ** Stu ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg
RE: Whitelisting Pros Cons? - Application Control - Pros Cons
I haven't used the fancier tools people are talking about here, but I've used Software Restrictions in XP and newer with awesome results. There's a 150-seat private school here in Omaha that has almost *no* anti-virus software in it - the only people with AV are the ones with Software Restrictions turned off, and there are only 4 of those stations. In the last 2 or 3 years that they've been running with Software Restrictions set for default deny they've had absolutely NO virus infestations, and numerous attempts. -- Phil Brutsche p...@optimumdata.com -Original Message- From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, November 14, 2011 1:23 PM To: NT System Admin Issues Subject: WAS: Whitelisting Pros Cons? - Application Control - Pros Cons OK, so I'm clarifying the subject. Whitelisting is also called Application Control. See is as an additional security layer that allows you to just ALLOW a limited amount of approved applications. It's the ultimate lockdown. Also, you could switch off your antivirus Real Time protection and only use it for removal. Anyone use this in their domain? Experience with this?? Warm regards, Stu -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, November 14, 2011 1:02 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? I am a huge fan of this tactic and I suspect the day will come when we seriously consider doing it for email and web surfing also. We were a full Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in audit mode for a few monthscreated the rules and whitelists and put it in deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount of malware that does not require admin rights...that hits the users profile folders. I cried when they discontinued it. I think anything that is going to work and be manageable has to be modeled after how Cisco did it. It was extremely detailed and granular yet still easy to configure. You could allow a process to hit a certain registry key when only run by a certain user on Tuesdays IF they had on blue underwear. It was that granular. -Original Message- From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, November 14, 2011 11:48 AM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com
Re: Whitelisting Pros Cons?
Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.comwrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Whitelisting Pros Cons?
Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? Bit9 Parity Suite 5.01 10 8 9 9 10 9.4 EXCELLENT 30% 15% 25% 10% 20% CoreTrace Bouncer 5 9 9 9 8 9 8.9 VERY GOOD 30% 15% 25% 10% 20% Lumension Application Control 8 9 8 9 9 8.5 VERY GOOD 30% 15% 25% 10% 20% McAfee Application Control 5.0 9 9 9 8 8 8.7 VERY GOOD 30% 15% 25% 10% 20% SignaCert Enterprise Trust Services 3.0 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Monday, November 14, 2011 5:10 PM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.commailto:s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.orgmailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.commailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Whitelisting Pros Cons?
I've done some limited testing with an earlier version of Bit9. I'm planning to do some updated testing in Q1 2012... * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman s...@sunbelt-software.comwrote: Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? ** ** http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? ** ** ** ** *Bit9 Parity Suite 5.01* *10* *8* *9* *9* *10* *9.4* *EXCELLENT* *30%* *15%* *25%* *10%* *20%* *CoreTrace Bouncer 5* *9* *9* *9* *8* *9* *8.9* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *Lumension Application Control* *8* *9* *8* *9* *9* *8.5* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *McAfee Application Control 5.0* *9* *9* *9* *8* *8* *8.7* *VERY GOOD* *30%* *15%* *25%* *10%* *20%* *SignaCert Enterprise Trust Services 3.0* ** ** ** ** ** ** *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Monday, November 14, 2011 5:10 PM *To:* NT System Admin Issues *Subject:* Re: Whitelisting Pros Cons? ** ** Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi ** ** ** ** On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: Whitelisting Pros Cons?
+1 for Bit9 parity, I will give a negative for the Mcafee Solidcore.. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, November 14, 2011 5:16 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros Cons? Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? http://www.infoworld.com/d/security-central/test-center-review-whitelist ing-security-offers-salvation-835? Bit9 Parity Suite 5.01 10 8 9 9 10 9.4 EXCELLENT 30% 15% 25% 10% 20% CoreTrace Bouncer 5 9 9 9 8 9 8.9 VERY GOOD 30% 15% 25% 10% 20% Lumension Application Control 8 9 8 9 9 8.5 VERY GOOD 30% 15% 25% 10% 20% McAfee Application Control 5.0 9 9 9 8 8 8.7 VERY GOOD 30% 15% 25% 10% 20% SignaCert Enterprise Trust Services 3.0 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Monday, November 14, 2011 5:10 PM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman s...@sunbelt-software.com wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio Good code versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow good code and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros Cons? Are you asking about web content filtering, email filtering, or some other type of whitelisting? --Matt Ross Ephrata School District - Original Message - From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros Cons? Guys, I am writing an article for WServerNews, and would like your public input. What is your experience with Whitelisting, which products you tried/use, and what experience you are having with this, likes and hates are all welcome !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg