Re: Whitelisting Pros & Cons?

[Rankin, James R]

Defense in depth, the layered approach is the only way. White/greylisting is 
much more effective but in the end having multiple layers is the only way to be 
truly secure. However application management CAN reduce your reliance (and 
therefore performance and management overhead) on realtime AV scanning. As more 
servers, apps and desktops become virtual, performance is key. Switching to 
scheduled scans only is the next step.

But you must always have multiple layers. Its not a duplication of effort when 
you are faced with adapting and evolving threats.

Sent from my SR-71 Blackbird

-Original Message-
From: "Crawford, Scott" 
Date: Thu, 17 Nov 2011 19:58:50 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: Whitelisting Pros & Cons?

"In the end if white listing replaced anti-virus then attackers would simply 
raise the bar and make sure that their vulnerability exploits did not simply 
download and directly execute executable code. They would do behaviors in 
memory to simply defeat and bypass white listing technology."

This is the point I've been trying (with mixed success) to make. My suggestion 
has been to also add blacklisting to look for malicious signatures within the 
pdf, jpg, etc.  It seems to me that any given application vulnerability will be 
exploitable through a relatively easy to identify signature. Obviously, the 
payload could be any number of things, but the actual exploitation should be 
much easier to identify than the plethora of AV signatures that continually 
mutate. One could further reduce the number of signatures to keep on hand by 
only looking for exploits in recent versions of applications.

From: Marc Maiffret [mailto:mmaiff...@eeye.com]
Sent: Wednesday, November 16, 2011 11:01 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

Thoughts on AV, white listing, and endpoint security futures... and yes in my 
classic terrible grammar, stream of conscious, style of writing... sorry 
NTSYSADMIN'ers! :)

Anti-virus does an amazing job for what it was originally created for: The 
prevention of known bad files.

The problem is that most malware these days is highly dynamic and as such we 
are increasingly living in a world of unknown malware and AV was not made to 
prevent unknown malware.

Anti-virus vendors are trying to Band-Aid their signature problem by having new 
systems that hopefully generate signatures faster. This is all the stuff the AV 
companies advertise around their cloud information sharing systems etc... AV 
still requires some level of companies to be compromised to know there is a new 
piece of malware that needs a signature. The "cloud stuff" (I forget everyone's 
marketing terms) helps to make it so that AV can create a signature but 
hopefully with less companies compromised and in a shorter amount of time.

White listing can help prevent unknown malware because it can prevent unknown 
executable code from executing.

This is of course not without time to manage, configure, and make sure all your 
legitimate apps at first deployment, and over the course of time, are properly 
white listed. But we will skip the management aspect for now and focus on what 
works prevention wise and what the limitations are.

Stepping back from a solution perspective let's look at the problem: Systems 
being compromised and infected with malware.

The majority of malware infections happen from one of two ways:

1.   User exploitation - User simply runs a piece of malicious code 
(web/usb/email/etc) and no exploit is involved, only trickery.

2.   Vulnerability exploitation - User is either targeted or through normal 
web browsing, and is infected with malware via an exploit leveraging an unknown 
or unpatched software vulnerability.

User Exploitation - This is a very common reason that malware ends up on 
systems. Think of all of the times you have had to clean up systems with fake 
anti-virus type of software etc... This is an area where anti-virus is simply 
failing because when the malware is delivered to one of your users it is being 
handed off by a server that is doing automated morphing of the executable in a 
way as to evade anti-virus signatures. I.E. The malicious executable has the 
exact same behavior on every system but the signature of that executable is 
different for every system it is delivered to. White listing is very helpful in 
preventing this type of malware because essentially it is a user running an 
unknown program and by virtue of white listing your blocking all unknown 
programs. This is why you will hear people talk about having installed these 
solutions and their level of malware has simply gone down.

Vulnerability Exploitation - The other way systems are compromised is not by 
users just clicking on things but by attackers actively leveraging unknown or 
unpatched software vulnerabilities. In this case what ends up

RE: Whitelisting Pros & Cons?

[Crawford, Scott]

"In the end if white listing replaced anti-virus then attackers would simply 
raise the bar and make sure that their vulnerability exploits did not simply 
download and directly execute executable code. They would do behaviors in 
memory to simply defeat and bypass white listing technology."

This is the point I've been trying (with mixed success) to make. My suggestion 
has been to also add blacklisting to look for malicious signatures within the 
pdf, jpg, etc.  It seems to me that any given application vulnerability will be 
exploitable through a relatively easy to identify signature. Obviously, the 
payload could be any number of things, but the actual exploitation should be 
much easier to identify than the plethora of AV signatures that continually 
mutate. One could further reduce the number of signatures to keep on hand by 
only looking for exploits in recent versions of applications.

From: Marc Maiffret [mailto:mmaiff...@eeye.com]
Sent: Wednesday, November 16, 2011 11:01 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

Thoughts on AV, white listing, and endpoint security futures... and yes in my 
classic terrible grammar, stream of conscious, style of writing... sorry 
NTSYSADMIN'ers! :)

Anti-virus does an amazing job for what it was originally created for: The 
prevention of known bad files.

The problem is that most malware these days is highly dynamic and as such we 
are increasingly living in a world of unknown malware and AV was not made to 
prevent unknown malware.

Anti-virus vendors are trying to Band-Aid their signature problem by having new 
systems that hopefully generate signatures faster. This is all the stuff the AV 
companies advertise around their cloud information sharing systems etc... AV 
still requires some level of companies to be compromised to know there is a new 
piece of malware that needs a signature. The "cloud stuff" (I forget everyone's 
marketing terms) helps to make it so that AV can create a signature but 
hopefully with less companies compromised and in a shorter amount of time.

White listing can help prevent unknown malware because it can prevent unknown 
executable code from executing.

This is of course not without time to manage, configure, and make sure all your 
legitimate apps at first deployment, and over the course of time, are properly 
white listed. But we will skip the management aspect for now and focus on what 
works prevention wise and what the limitations are.

Stepping back from a solution perspective let's look at the problem: Systems 
being compromised and infected with malware.

The majority of malware infections happen from one of two ways:

1.   User exploitation - User simply runs a piece of malicious code 
(web/usb/email/etc) and no exploit is involved, only trickery.

2.   Vulnerability exploitation - User is either targeted or through normal 
web browsing, and is infected with malware via an exploit leveraging an unknown 
or unpatched software vulnerability.

User Exploitation - This is a very common reason that malware ends up on 
systems. Think of all of the times you have had to clean up systems with fake 
anti-virus type of software etc... This is an area where anti-virus is simply 
failing because when the malware is delivered to one of your users it is being 
handed off by a server that is doing automated morphing of the executable in a 
way as to evade anti-virus signatures. I.E. The malicious executable has the 
exact same behavior on every system but the signature of that executable is 
different for every system it is delivered to. White listing is very helpful in 
preventing this type of malware because essentially it is a user running an 
unknown program and by virtue of white listing your blocking all unknown 
programs. This is why you will hear people talk about having installed these 
solutions and their level of malware has simply gone down.

Vulnerability Exploitation - The other way systems are compromised is not by 
users just clicking on things but by attackers actively leveraging unknown or 
unpatched software vulnerabilities. In this case what ends up happening is a 
user will receive something like a PDF document via email or will be served 
malicious javascript/html/etc via a website and in either case there will be an 
exploit that leverages a vulnerability within some software you have installed 
on the system. When the exploit takes place it will start to leverage a 
software vulnerability typically to run malicious code within the memory space 
of the vulnerable software.

I.E. A user is browsing a website, embedded javascript spawns a window with an 
Adobe PDF files, the PDF file automatically loads, exploit code leverages a 
vulnerability within the PDF, exploit code starts running malicious "shellcode" 
within that Adobe program, that exploit shellcode then delivers its payload.

The payload is typically the exploit downlo

RE: Whitelisting Pros & Cons?

[Marc Maiffret]

n chasing the symptom (malware) 
and not the cause (vulnerability). In essence you should have a combination of 
signatures, application control, and vulnerability/exploit prevention to make 
sure you are properly protecting from user exploitation and vulnerability 
exploitation.

I know some of you have heard me preach the importance of vulnerability/exploit 
prevention before as that is something we do in our Blink product line and 
something Cisco Security Agent use to do also. It really does take a 
combination of things to be successful and anyone trying to sell the idea that 
you only need signatures or only need white listing, is simply selling you 
smoke and mirrors.

-Marc

BTW, If you want to run a scan of your environment to understand how many 
vulnerabilities you have that have existing exploits (attack tools) for them 
you should check out our free community edition of Retina CS (eEye's 
vulnerability management platform). Retina CS has mapping of vulnerabilities to 
exploits for Metasploit, Core Impact, and in the wild exploits that myself and 
my research team track. And more than just knowing where you are vulnerable it 
also includes free third party application patching for things like Microsoft, 
Adobe and Mozilla. This is all free for up to 128 assets. 
http://go.eeye.com/LP=68

Signed,
Marc Maiffret
Founder/CTO
eEye Digital Security
TWITTER: www.twitter.com/marcmaiffret<http://www.twitter.com/marcmaiffret>
BLOG: http://blog.eeye.com
WEB: www.eEye.com<http://www.eEye.com>


From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, November 14, 2011 8:15 AM
To: NT System Admin Issues
Subject: Whitelisting Pros & Cons?

Guys, I am writing an article for WServerNews, and would like your public input.

What is your experience with Whitelisting, which products you tried/use, and
what experience you are having with this, likes and hates are all welcome !!

Warm regards,

Stu


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Whitelisting Pros & Cons?

[Kurt Buff]

McAfee has done a bit of that in the past couple of years - witness their
pickup of the Sidewinder firewall line with the purchase of Secure
Computing a couple of years ago, along with WebWasher, SnapGear and
IronMail.

Kurt

On Tue, Nov 15, 2011 at 11:09, Stu Sjouwerman wrote:

> Oh, this an acquisition, that is why it’s having such a high score!   LOL
> 
>
> ** **
>
> *From:* Doug Hampshire [mailto:dhampsh...@gmail.com]
> *Sent:* Tuesday, November 15, 2011 1:13 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Clearly these results are flawed if McAfee Anything gets higher than a -3
> in any category. :-)
>
> On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
> wrote:
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
>  
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
>  
>
>  
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*****
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
>  
>
>  
>
>  
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
>  
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
>  
>
>  
>
> ** **
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listman

RE: Whitelisting Pros & Cons?

[Stu Sjouwerman]

Oh, this an acquisition, that is why it's having such a high score!   LOL

From: Doug Hampshire [mailto:dhampsh...@gmail.com]
Sent: Tuesday, November 15, 2011 1:13 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Clearly these results are flawed if McAfee Anything gets higher than a -3 in 
any category. :-)
On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?

http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?


Bit9 Parity Suite 5.01

10

8

9

9

10

9.4
EXCELLENT


30%

15%

25%

10%

20%

CoreTrace Bouncer 5

9

9

9

8

9

8.9
VERY GOOD


30%

15%

25%

10%

20%

Lumension Application Control

8

9

8

9

9

8.5
VERY GOOD


30%

15%

25%

10%

20%

McAfee Application Control 5.0

9

9

9

8

8

8.7
VERY GOOD


30%

15%

25%

10%

20%

SignaCert Enterprise Trust Services 3.0




From: Micheal Espinola Jr 
[mailto:michealespin...@gmail.com<mailto:michealespin...@gmail.com>]
Sent: Monday, November 14, 2011 5:10 PM

To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi



On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu

-Original Message-
From: Matthew W. Ross 
[mailto:mr...@ephrataschools.org<mailto:mr...@ephrataschools.org>]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com<mailto:s...@sunbelt-software.com>]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?
> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send a

Re: Whitelisting Pros & Cons?

[Doug Hampshire]

Clearly these results are flawed if McAfee Anything gets higher than a -3
in any category. :-)

On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman
wrote:

> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
> ** **
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
> ** **
>
> ** **
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
> ** **
>
> ** **
>
>
>
> 
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> 
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** *

Re: Whitelisting Pros & Cons?

[Andrew S. Baker]

The greater the flexibility of the tool, the less tools you need to manage
your security.

Relying on 1 tool is not wise, but having to manage 12 slightly overlapping
tools is its own nightmare.

Getting it down to 3 or 4 tools is useful.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Nov 15, 2011 at 10:46 AM, Joseph Heaton  wrote:

> Would it be better to have a tool that only does whitelisting, or a
> software more like Viewfinity, where you can do both white and black lists,
> and also elevate permissions for applications that aren't on either list,
> but are needed by a few people, which wouldn't warrant putting it on the
> whitelist?
>
> >>> Stu Sjouwerman  11/14/2011 2:16 PM >>>
>
>  Thanks Micheal. Anyone experience with any of the Whitelisting products
> in this InfoWorld Review?
>
> ** **
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
> ** **
>
> ** **
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
> ** **
>
> ** **
>
>
>
> 
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu****
>
>
> -----Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> 
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Whitelisting Pros & Cons? - Lumension

[James Rankin]

Can't believe that AppSense AM isn't in there as one of the test subjects.
I think the issue is that most people use them for the Environment Manager
(EM) feature of the suite so AppSense are treated more as a competitor in
the UEM (User Environment Management) market rather than against other
applications that do whitelisting, but the whitelisting product is (IMHO)
their strongest. If they were willing to run the rule over AppLocker for
that survey, then AM should surely have been included - most people who
work with Application Manager brand it as "AppLocker on steroids", which is
slightly unfair seeing though it can do a lot more feature-wise.

On 15 November 2011 16:07, Stu Sjouwerman  wrote:

> 
>
> Anyone experience with Lumension? This seems to be one of the bigger
> players.
>
> Did some testing with this perhaps?
>
> ** **
>
> Warm regards,
>
> ** **
>
> Stu 
>
> ** **
>
> *From:* Joseph Heaton [mailto:jhea...@dfg.ca.gov]
> *Sent:* Tuesday, November 15, 2011 10:47 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Whitelisting Pros & Cons?
>
> ** **
>
> Would it be better to have a tool that only does whitelisting, or a
> software more like Viewfinity, where you can do both white and black lists,
> and also elevate permissions for applications that aren't on either list,
> but are needed by a few people, which wouldn't warrant putting it on the
> whitelist?
>
> >>> Stu Sjouwerman  11/14/2011 2:16 PM >>>
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
> ** **
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
> ** **
>
> ** **
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
> ** **
>
> ** **
>
> ** **
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public inp

RE: Whitelisting Pros & Cons? - Lumension

[Stu Sjouwerman]

Anyone experience with Lumension? This seems to be one of the bigger players.
Did some testing with this perhaps?

Warm regards,

Stu

From: Joseph Heaton [mailto:jhea...@dfg.ca.gov]
Sent: Tuesday, November 15, 2011 10:47 AM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

Would it be better to have a tool that only does whitelisting, or a software 
more like Viewfinity, where you can do both white and black lists, and also 
elevate permissions for applications that aren't on either list, but are needed 
by a few people, which wouldn't warrant putting it on the whitelist?

>>> Stu Sjouwerman 
>>> mailto:s...@sunbelt-software.com>> 11/14/2011 
>>> 2:16 PM >>>
Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?

http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?


Bit9 Parity Suite 5.01

10

8

9

9

10

9.4
EXCELLENT


30%

15%

25%

10%

20%

CoreTrace Bouncer 5

9

9

9

8

9

8.9
VERY GOOD


30%

15%

25%

10%

20%

Lumension Application Control

8

9

8

9

9

8.5
VERY GOOD


30%

15%

25%

10%

20%

McAfee Application Control 5.0

9

9

9

8

8

8.7
VERY GOOD


30%

15%

25%

10%

20%

SignaCert Enterprise Trust Services 3.0




From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Monday, November 14, 2011 5:10 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi



On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu

-Original Message-
From: Matthew W. Ross 
[mailto:mr...@ephrataschools.org<mailto:mr...@ephrataschools.org>]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com<mailto:s...@sunbelt-software.com>]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?
> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubsc

RE: Whitelisting Pros & Cons?

[Joseph Heaton]

Would it be better to have a tool that only does whitelisting, or a software 
more like Viewfinity, where you can do both white and black lists, and also 
elevate permissions for applications that aren't on either list, but are needed 
by a few people, which wouldn't warrant putting it on the whitelist?

>>> Stu Sjouwerman  11/14/2011 2:16 PM >>>

Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?
 
http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
 
 

Bit9 Parity Suite 5.01
10
8
9
9
10
9.4
EXCELLENT

30%
15%
25%
10%
20%

CoreTrace Bouncer 5
9
9
9
8
9
8.9
VERY GOOD

30%
15%
25%
10%
20%

Lumension Application Control
8
9
8
9
9
8.5
VERY GOOD

30%
15%
25%
10%
20%

McAfee Application Control 5.0
9
9
9
8
8
8.7
VERY GOOD

30%
15%
25%
10%
20%

SignaCert Enterprise Trust Services 3.0

 
 
 
From:Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Monday, November 14, 2011 5:10 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?
 
Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi
 
 



On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman  
wrote:
I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues

Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com] 
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com] 
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/ 
> or send an email to listmana...@lyris.sunbeltsoftware.com 
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin

 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons?

[Ziots, Edward]

+1 for Bit9 parity, I will give a negative for the Mcafee Solidcore..

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Monday, November 14, 2011 5:16 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

 

Thanks Micheal. Anyone experience with any of the Whitelisting products
in this InfoWorld Review?

 

http://www.infoworld.com/d/security-central/test-center-review-whitelist
ing-security-offers-salvation-835?

 

 

Bit9 Parity Suite 5.01

10

8

9

9

10

9.4

EXCELLENT

30%

15%

25%

10%

20%


CoreTrace Bouncer 5

9

9

9

8

9

8.9

VERY GOOD

30%

15%

25%

10%

20%


Lumension Application Control

8

9

8

9

9

8.5

VERY GOOD

30%

15%

25%

10%

20%


McAfee Application Control 5.0

9

9

9

8

8

8.7

VERY GOOD

30%

15%

25%

10%

20%


SignaCert Enterprise Trust Services 3.0



 

 

 

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Monday, November 14, 2011 5:10 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

 

Whitelisting is the future IMHO.  You cant trust anything anymore.
Faith doesnt cut it.  You have to protect yourself and your assets, and
whitelisting is the best way to do it.

--
Espi

 

 

 

On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman <
s...@sunbelt-software.com> wrote:

I'm referring to Whitelisting in the context of security.  About 10
years ago, the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that
scenario, it makes
sense to keep the bad code out. But over the last 10 years, with
automated malware
variant generation, the tables have turned, and there is actually more
malware than
good code out there. So in -that- scenario it might make sense to only
allow "good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues

Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some
other type of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?

> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and
hates are all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Whitelisting Pros & Cons?

[Andrew S. Baker]

I've done some limited testing with an earlier version of Bit9.

I'm planning to do some updated testing in Q1 2012...

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman
wrote:

> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
> ** **
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
> ** **
>
> ** **
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
> ** **
>
> ** **
>
>
>
> 
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> 
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-softw

RE: Whitelisting Pros & Cons?

[Stu Sjouwerman]

Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?

http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?


Bit9 Parity Suite 5.01

10

8

9

9

10

9.4
EXCELLENT


30%

15%

25%

10%

20%

CoreTrace Bouncer 5

9

9

9

8

9

8.9
VERY GOOD


30%

15%

25%

10%

20%

Lumension Application Control

8

9

8

9

9

8.5
VERY GOOD


30%

15%

25%

10%

20%

McAfee Application Control 5.0

9

9

9

8

8

8.7
VERY GOOD


30%

15%

25%

10%

20%

SignaCert Enterprise Trust Services 3.0




From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Monday, November 14, 2011 5:10 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi




On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu

-Original Message-
From: Matthew W. Ross 
[mailto:mr...@ephrataschools.org<mailto:mr...@ephrataschools.org>]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com<mailto:s...@sunbelt-software.com>]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?

> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Whitelisting Pros & Cons?

[Micheal Espinola Jr]

Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
doesnt cut it.  You have to protect yourself and your assets, and
whitelisting is the best way to do it.

--
Espi





On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman
wrote:

> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons? - Application Control - Pros & Cons

[Phil Brutsche]

I haven't used the fancier tools people are talking about here, but I've used 
Software Restrictions in XP and newer with awesome results.

There's a 150-seat private school here in Omaha that has almost *no* anti-virus 
software in it - the only people with AV are the ones with Software 
Restrictions turned off, and there are only 4 of those stations.

In the last 2 or 3 years that they've been running with Software Restrictions 
set for default deny they've had absolutely NO virus infestations, and numerous 
attempts.

-- 

Phil Brutsche
p...@optimumdata.com


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Monday, November 14, 2011 1:23 PM
To: NT System Admin Issues
Subject: WAS: Whitelisting Pros & Cons? - Application Control - Pros & Cons

OK, so I'm clarifying the subject. Whitelisting is also called Application 
Control.
See is as an additional security layer that allows you to just ALLOW a limited 
amount of approved applications. It's the ultimate lockdown.  Also, you could 
switch off your antivirus Real Time protection and only use it for removal. 

Anyone use this in their domain?  Experience with this??

Warm regards,

Stu 


-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Monday, November 14, 2011 1:02 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I am a huge fan of this tactic and I suspect the day will come when we 
seriously consider doing it for email and web surfing also. We were a full 
Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in 
audit mode for a few monthscreated the rules and whitelists and put it in 
deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount 
of malware that does not require admin rights...that hits the users profile 
folders. I cried when they discontinued it.

I think anything that is going to work and be manageable has to be modeled 
after how Cisco did it. It was extremely detailed and granular yet still easy 
to configure. You could allow a process to hit a certain registry key when only 
run by a certain user on Tuesdays IF they had on blue underwear. It was that 
granular.


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, November 14, 2011 11:48 AM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio "Good code" versus malware was perhaps 90 good 10 bad.  In that 
scenario, it makes sense to keep the bad code out. But over the last 10 years, 
with automated malware variant generation, the tables have turned, and there is 
actually more malware than good code out there. So in -that- scenario it might 
make sense to only allow "good code"
and implement application control. Only that which is allowed, will run. 

I'd like your feedback - input - discussion on this !

Warm regards,

Stu 

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your 
> public input.
> 
> What is your experience with Whitelisting, which products you 
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
> 
> Warm regards,
> 
> Stu
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: uns

Re: Whitelisting Pros & Cons?

[Andrew S. Baker]

It's one of the better products that Cisco purchased...

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Mon, Nov 14, 2011 at 3:31 PM, Ziots, Edward  wrote:

> Too bad its retired now… 
>
> ** **
>
> CSA was defintely good when it was setup, but the amount of rules you
> needed to write to allow crap software to run, basically turns a lot of
> HIPS into swiss cheese after a while. ( But it also shows you how bad code
> is written) 
>
>
> Z
>
> ** **
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Security Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org
>
> Cell:401-639-3505
>
> [image: CISSP_logo]
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Monday, November 14, 2011 2:19 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Whitelisting Pros & Cons?
>
> ** **
>
> I’ve used Cisco’s CSA. It’s a little fiddly to get set up at first, but
> after that – no problems and it does a great job.
>
> ** **
>
> Regards,
>
> ** **
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
> ** **
>
> *From:* Stu Sjouwerman 
> [mailto:s...@sunbelt-software.com]
>
> *Sent:* Monday, November 14, 2011 11:15 AM
> *To:* NT System Admin Issues
> *Subject:* Whitelisting Pros & Cons?
>
> ** **
>
> Guys, I am writing an article for WServerNews, and would like your public
> input.
>
> ** **
>
> What is your experience with Whitelisting, which products you tried/use,
> and 
>
> what experience you are having with this, likes and hates are all welcome
> !!
>
> ** **
>
> Warm regards,
>
> ** **
>
> Stu
>
> ** **
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Whitelisting Pros & Cons?

[Ziots, Edward]

Too bad its retired now... 

 

CSA was defintely good when it was setup, but the amount of rules you
needed to write to allow crap software to run, basically turns a lot of
HIPS into swiss cheese after a while. ( But it also shows you how bad
code is written) 


Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Monday, November 14, 2011 2:19 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

 

I've used Cisco's CSA. It's a little fiddly to get set up at first, but
after that - no problems and it does a great job.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Monday, November 14, 2011 11:15 AM
To: NT System Admin Issues
Subject: Whitelisting Pros & Cons?

 

Guys, I am writing an article for WServerNews, and would like your
public input.

 

What is your experience with Whitelisting, which products you tried/use,
and 

what experience you are having with this, likes and hates are all
welcome !!

 

Warm regards,

 

Stu

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: WAS: Whitelisting Pros & Cons? - Application Control - Pros & Cons

[Rankin, James R]

AppSense AM also blocks nastiness in URLs and some executable elements of web 
pages, PDFs, office documents and much more besides. Watching it operate in the 
Audit Only mode truly opens your eyes to the tons of executable content users 
are running every day.

Sent from my SR-71 Blackbird

-Original Message-
From: Stu Sjouwerman 
Date: Mon, 14 Nov 2011 14:22:52 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: WAS: Whitelisting Pros & Cons? 
- Application Control - Pros & Cons

OK, so I'm clarifying the subject. Whitelisting is also called Application 
Control.
See is as an additional security layer that allows you to just ALLOW a limited
amount of approved applications. It's the ultimate lockdown.  Also, you could 
switch off your antivirus Real Time protection and only use it for removal. 

Anyone use this in their domain?  Experience with this??

Warm regards,

Stu 


-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Monday, November 14, 2011 1:02 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I am a huge fan of this tactic and I suspect the day will come when we 
seriously consider doing it for email and web surfing also. We were a full 
Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in 
audit mode for a few monthscreated the rules and whitelists and put it in 
deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount 
of malware that does not require admin rights...that hits the users profile 
folders. I cried when they discontinued it.

I think anything that is going to work and be manageable has to be modeled 
after how Cisco did it. It was extremely detailed and granular yet still easy 
to configure. You could allow a process to hit a certain registry key when only 
run by a certain user on Tuesdays IF they had on blue underwear. It was that 
granular.


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, November 14, 2011 11:48 AM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio "Good code" versus malware was perhaps 90 good 10 bad.  In that 
scenario, it makes sense to keep the bad code out. But over the last 10 years, 
with automated malware variant generation, the tables have turned, and there is 
actually more malware than good code out there. So in -that- scenario it might 
make sense to only allow "good code"
and implement application control. Only that which is allowed, will run. 

I'd like your feedback - input - discussion on this !

Warm regards,

Stu 

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your 
> public input.
> 
> What is your experience with Whitelisting, which products you 
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
> 
> Warm regards,
> 
> Stu
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.s

Re: WAS: Whitelisting Pros & Cons? - Application Control - Pros & Cons

[Rankin, James R]

Turned off AV realtime in my last job because it was serving no purpose. 
AppSense AM caught huge amounts of malware before it even could execute. Trend 
was literally doing nothing. However, we had to crank up the monitoring through 
SCOM to ensure the AM service never went down.

Sent from my SR-71 Blackbird

-Original Message-
From: Stu Sjouwerman 
Date: Mon, 14 Nov 2011 14:22:52 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: WAS: Whitelisting Pros & Cons? 
- Application Control - Pros & Cons

OK, so I'm clarifying the subject. Whitelisting is also called Application 
Control.
See is as an additional security layer that allows you to just ALLOW a limited
amount of approved applications. It's the ultimate lockdown.  Also, you could 
switch off your antivirus Real Time protection and only use it for removal. 

Anyone use this in their domain?  Experience with this??

Warm regards,

Stu 


-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Monday, November 14, 2011 1:02 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I am a huge fan of this tactic and I suspect the day will come when we 
seriously consider doing it for email and web surfing also. We were a full 
Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in 
audit mode for a few monthscreated the rules and whitelists and put it in 
deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount 
of malware that does not require admin rights...that hits the users profile 
folders. I cried when they discontinued it.

I think anything that is going to work and be manageable has to be modeled 
after how Cisco did it. It was extremely detailed and granular yet still easy 
to configure. You could allow a process to hit a certain registry key when only 
run by a certain user on Tuesdays IF they had on blue underwear. It was that 
granular.


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, November 14, 2011 11:48 AM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio "Good code" versus malware was perhaps 90 good 10 bad.  In that 
scenario, it makes sense to keep the bad code out. But over the last 10 years, 
with automated malware variant generation, the tables have turned, and there is 
actually more malware than good code out there. So in -that- scenario it might 
make sense to only allow "good code"
and implement application control. Only that which is allowed, will run. 

I'd like your feedback - input - discussion on this !

Warm regards,

Stu 

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your 
> public input.
> 
> What is your experience with Whitelisting, which products you 
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
> 
> Warm regards,
> 
> Stu
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to li

WAS: Whitelisting Pros & Cons? - Application Control - Pros & Cons

[Stu Sjouwerman]

OK, so I'm clarifying the subject. Whitelisting is also called Application 
Control.
See is as an additional security layer that allows you to just ALLOW a limited
amount of approved applications. It's the ultimate lockdown.  Also, you could 
switch off your antivirus Real Time protection and only use it for removal. 

Anyone use this in their domain?  Experience with this??

Warm regards,

Stu 


-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Monday, November 14, 2011 1:02 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I am a huge fan of this tactic and I suspect the day will come when we 
seriously consider doing it for email and web surfing also. We were a full 
Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in 
audit mode for a few monthscreated the rules and whitelists and put it in 
deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount 
of malware that does not require admin rights...that hits the users profile 
folders. I cried when they discontinued it.

I think anything that is going to work and be manageable has to be modeled 
after how Cisco did it. It was extremely detailed and granular yet still easy 
to configure. You could allow a process to hit a certain registry key when only 
run by a certain user on Tuesdays IF they had on blue underwear. It was that 
granular.


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, November 14, 2011 11:48 AM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio "Good code" versus malware was perhaps 90 good 10 bad.  In that 
scenario, it makes sense to keep the bad code out. But over the last 10 years, 
with automated malware variant generation, the tables have turned, and there is 
actually more malware than good code out there. So in -that- scenario it might 
make sense to only allow "good code"
and implement application control. Only that which is allowed, will run. 

I'd like your feedback - input - discussion on this !

Warm regards,

Stu 

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your 
> public input.
> 
> What is your experience with Whitelisting, which products you 
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
> 
> Warm regards,
> 
> Stu
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons?

[Michael B. Smith]

I've used Cisco's CSA. It's a little fiddly to get set up at first, but after 
that - no problems and it does a great job.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, November 14, 2011 11:15 AM
To: NT System Admin Issues
Subject: Whitelisting Pros & Cons?

Guys, I am writing an article for WServerNews, and would like your public input.

What is your experience with Whitelisting, which products you tried/use, and
what experience you are having with this, likes and hates are all welcome !!

Warm regards,

Stu


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons?

[Maglinger, Paul]

That's not where you're supposed to put the antenna.

-Original Message-
From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Monday, November 14, 2011 12:06 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

Personally, I found the underwear sensor uncomfortable.

-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Monday, November 14, 2011 1:02 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I am a huge fan of this tactic and I suspect the day will come when we
seriously consider doing it for email and web surfing also. We were a
full Cisco CAS shop here, districtwide 3000 desktops. It was wonderful.
Ran it in audit mode for a few monthscreated the rules and
whitelists and put it in deny mode. Very smooth and worked wonderfully.
It stopped a tremendous amount of malware that does not require admin
rights...that hits the users profile folders. I cried when they
discontinued it.

I think anything that is going to work and be manageable has to be
modeled after how Cisco did it. It was extremely detailed and granular
yet still easy to configure. You could allow a process to hit a certain
registry key when only run by a certain user on Tuesdays IF they had on
blue underwear. It was that granular.


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, November 14, 2011 11:48 AM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I'm referring to Whitelisting in the context of security.  About 10
years ago, the ratio "Good code" versus malware was perhaps 90 good 10
bad.  In that scenario, it makes sense to keep the bad code out. But
over the last 10 years, with automated malware variant generation, the
tables have turned, and there is actually more malware than good code
out there. So in -that- scenario it might make sense to only allow "good
code"
and implement application control. Only that which is allowed, will run.


I'd like your feedback - input - discussion on this !

Warm regards,

Stu 

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some
other type of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your 
> public input.
> 
> What is your experience with Whitelisting, which products you 
> tried/use, and what experience you are having with this, likes and
hates are all welcome !!
> 
> Warm regards,
> 
> Stu
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons?

[Mayo, Bill]

Personally, I found the underwear sensor uncomfortable.

-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Monday, November 14, 2011 1:02 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I am a huge fan of this tactic and I suspect the day will come when we
seriously consider doing it for email and web surfing also. We were a
full Cisco CAS shop here, districtwide 3000 desktops. It was wonderful.
Ran it in audit mode for a few monthscreated the rules and
whitelists and put it in deny mode. Very smooth and worked wonderfully.
It stopped a tremendous amount of malware that does not require admin
rights...that hits the users profile folders. I cried when they
discontinued it.

I think anything that is going to work and be manageable has to be
modeled after how Cisco did it. It was extremely detailed and granular
yet still easy to configure. You could allow a process to hit a certain
registry key when only run by a certain user on Tuesdays IF they had on
blue underwear. It was that granular.


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, November 14, 2011 11:48 AM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I'm referring to Whitelisting in the context of security.  About 10
years ago, the ratio "Good code" versus malware was perhaps 90 good 10
bad.  In that scenario, it makes sense to keep the bad code out. But
over the last 10 years, with automated malware variant generation, the
tables have turned, and there is actually more malware than good code
out there. So in -that- scenario it might make sense to only allow "good
code"
and implement application control. Only that which is allowed, will run.


I'd like your feedback - input - discussion on this !

Warm regards,

Stu 

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some
other type of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your 
> public input.
> 
> What is your experience with Whitelisting, which products you 
> tried/use, and what experience you are having with this, likes and
hates are all welcome !!
> 
> Warm regards,
> 
> Stu
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons?

[Kennedy, Jim]

I am a huge fan of this tactic and I suspect the day will come when we 
seriously consider doing it for email and web surfing also. We were a full 
Cisco CAS shop here, districtwide 3000 desktops. It was wonderful. Ran it in 
audit mode for a few monthscreated the rules and whitelists and put it in 
deny mode. Very smooth and worked wonderfully. It stopped a tremendous amount 
of malware that does not require admin rights...that hits the users profile 
folders. I cried when they discontinued it.

I think anything that is going to work and be manageable has to be modeled 
after how Cisco did it. It was extremely detailed and granular yet still easy 
to configure. You could allow a process to hit a certain registry key when only 
run by a certain user on Tuesdays IF they had on blue underwear. It was that 
granular.


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Monday, November 14, 2011 11:48 AM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware 
variant generation, the tables have turned, and there is actually more malware 
than 
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run. 

I'd like your feedback - input - discussion on this !

Warm regards,

Stu 

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your 
> public input.
> 
> What is your experience with Whitelisting, which products you 
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
> 
> Warm regards,
> 
> Stu
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons?

[Stu Sjouwerman]

I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware 
variant generation, the tables have turned, and there is actually more malware 
than 
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run. 

I'd like your feedback - input - discussion on this !

Warm regards,

Stu 

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your 
> public input.
> 
> What is your experience with Whitelisting, which products you 
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
> 
> Warm regards,
> 
> Stu
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Whitelisting Pros & Cons?

[James Rankin]

I swear by AppSense Application Manager, great product, extremely granular,
does a lot more than just whitelisting. It does device control for
licensing (MS allow AM to manage licenses on Terminal Servers for the likes
of Project and Visio, rather than buying thousands of licenses even though
fifty users only need it). It can also control user rights policies,
control panel applets, it can elevate users (or de-elevate them) from
groups without logging off, produce reports, and a vast lot more besides.
.
AppLocker isn't anywhere in the same league, but it's free and a good
improvement on the old Software Restriction Policies.

But as far as I am concerned, AppSense is the leader in this field. AM
renders AV almost redundant when set up properly. It isn't really
whitelisting - it's greylisting. Anything installed by an admin onto the
local drive can automatically execute. But anything a user drops on a local
drive can't execute. it does this by maintaining a list of Trusted Owners.
On the other hand, everything on network drives is untrusted by default and
has to be allowed to run. You can base the trigger value around a vast
array of configurable options, not just user or group.

It can be a bit pricey for some, but especially when you see what else you
get (Environment Management and Performance Management, both good products)
in your licenses, I wouldn't do without it.

YMMV, etc


On 14 November 2011 16:14, Stu Sjouwerman  wrote:

> Guys, I am writing an article for WServerNews, and would like your public
> input.
>
> ** **
>
> What is your experience with Whitelisting, which products you tried/use,
> and 
>
> what experience you are having with this, likes and hates are all welcome
> !!
>
> ** **
>
> Warm regards,
>
> ** **
>
> Stu
>
> 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

** IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself and
destroy your computer (not necessarily in that order). Once you have taken
this action, please contact us.. no, sorry, you can't use your computer,
because you just destroyed it, and possibly also committed suicide
afterwards, but I am starting to digress.. *

* The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way it's a
pretty dull legal query and frankly one I'm not going to dwell on. But
should you have nothing better to do, please feel free to ruminate on it,
and please pass on any concrete conclusions should you find them. However,
if you pass them on via email, be sure to include a disclaimer regarding
liability for transmission.
*

* In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will immediately
refund you exactly half of what you paid for the can of Whiskas you bought
when you went to Pets** ** At Home yesterday. *

* We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit or
implied, for any damage you may or may not incur as a result of receiving,
or not, as the case may be, from time to time, notwithstanding all
liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *

* The comments and opinions expressed herein are my own and NOT those of my
employer, who, if he knew I was sending emails and surfing the seamier side
of the Internet, would cut off my manhood and feed it to me for afternoon
tea. *

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.su

RE: Whitelisting Pros & Cons?

[Ziots, Edward]

I can comment offline for you Stu... feel free to email me accordingly. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Monday, November 14, 2011 11:15 AM
To: NT System Admin Issues
Subject: Whitelisting Pros & Cons?

 

Guys, I am writing an article for WServerNews, and would like your
public input.

 

What is your experience with Whitelisting, which products you tried/use,
and 

what experience you are having with this, likes and hates are all
welcome !!

 

Warm regards,

 

Stu

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Whitelisting Pros & Cons?

[Matthew W. Ross]

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your public
> input.
> 
> What is your experience with Whitelisting, which products you tried/use, and
> what experience you are having with this, likes and hates are all welcome !!
> 
> Warm regards,
> 
> Stu
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Whitelisting Pros & Cons?

[Stu Sjouwerman]

Guys, I am writing an article for WServerNews, and would like your public input.

What is your experience with Whitelisting, which products you tried/use, and
what experience you are having with this, likes and hates are all welcome !!

Warm regards,

Stu

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin