Premium Content

Access "Schneier-Ranum Face-Off on whitelisting and blacklisting"

Published: 18 Oct 2012

Point: Marcus Ranum In 2007, I wrote an article on execution control in which I explained why antivirus was a dead-end idea, and predicted an eventual switchover from blacklisting to whitelisting. I couldn't have been more wrong so I periodically catch myself wondering if I'm one of a small percentage of the people who "get it," and if the entire security world has its collective head where the sun doesn't shine. Obviously, malware is a big problem and there's not going to be a silver bullet solution to it, but the industry's response to system integrity continues to be ineffective, expensive and a wasteful of time and energy. To briefly recap: blacklisting is the oldest algorithm in computer security. Know what's bad, develop a pattern-matching system to detect it, and ring a bell when you detect the pattern. You can earn extra credit for detecting the bad thing just before it happens, and preventing it from happening. In a nutshell, that's what's behind many antivirus, intrusion prevention/detection systems, and spam filters. The whitelisting approach is ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Does Windows 8.1 meet the demands of the BYOD age?
    windows_shopping_8-1.png
    E-Handbook

    The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...

  • Application security policy after Heartbleed
    ISM_0914.png
    E-Zine

    Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...

  • Devising a security strategy for the modern network
    countering_cybercrime.png
    E-Handbook

    The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...