Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- George Orwell
March 22, 2007, 4:20 pm
rate this thread
The whitelisting companies Savant Protection, AppSense, SecureWave and
Bit9 are the heroes of the antivirus situation because they have
technology which actually does stop malware effectively. They simply
keep an inventory of the software that is allowed to run and stop
everything else from running or, if the user is trusted, run new
software in a sandbox that prevents it from breeding or doing damage,
if it is a virus. CA HIPS [Host-based Intrusion Prevention System]
http://snipurl.com/1dpvx is a product that also does this, so it now
gets to be on the list of heroes.
CA joining the whitelisting companies is, in my view, the beginning of
a sea change. Whitelisting is no longer a niche security technology. I
have heard a very credible rumor that one of the big three AV companies
(Symantec, McAfee and Trend Micro) intends to do the same
thing—possibly this year. You know that it's over for AV if one of the
big three turns to whitelisting.
So it is roughly the first anniversary of the AntiVirus-is-Dead
campaign and after only a year it looks as though it is starting to
work. I guess it was only necessary to get the word out. I have played
a pretty constant drum beat to that effect for a year. I will carry on
for maybe another year. I have lots more information to publish on this
and I'll not stop until the AV vendors start to melt away and sanity
returns to the world of IT security.
(2) George Orwell
Current antivirus is OK for catching old junk that some punk left on a
web page, but that's about it.
Re: Current antivirus sucks big time - solution: whitelisting
No, they don't.
To stop malware you must prevent it from reaching your network - filtering
content at the SMTP, FTP, HTTP, HTTPS levels will do that, and it's proven
Not everyone at the office needs internet access, get use to it.
White listing is not going to work because sooner or later one on the list
will be compromised.
email@example.com (remove 999 for proper email address)