Access your Pro+ Content below.
Schneier-Ranum Face-Off on whitelisting and blacklisting
This article is part of the January/February 2011 issue of Information Security magazine
Point: Marcus Ranum In 2007, I wrote an article on execution control in which I explained why antivirus was a dead-end idea, and predicted an eventual switchover from blacklisting to whitelisting. I couldn't have been more wrong so I periodically catch myself wondering if I'm one of a small percentage of the people who "get it," and if the entire security world has its collective head where the sun doesn't shine. Obviously, malware is a big problem and there's not going to be a silver bullet solution to it, but the industry's response to system integrity continues to be ineffective, expensive and a wasteful of time and energy. To briefly recap: blacklisting is the oldest algorithm in computer security. Know what's bad, develop a pattern-matching system to detect it, and ring a bell when you detect the pattern. You can earn extra credit for detecting the bad thing just before it happens, and preventing it from happening. In a nutshell, that's what's behind many antivirus, intrusion prevention/detection systems, and spam filters. ...
Features in this issue
Information security managers are getting more of a say in enterprise cloud initiatives and mobile device projects.
Enforcing endpoint security requires careful planning and deployment.
Stuxnet put the spotlight on critical infrastructure protection but will efforts to improve SCADA security come too late?
Columns in this issue
Security experts Bruce Schneier and Marcus Ranum debate whether network security should be based on whitelisting or blacklisting.
Automation hasn't killed the penetration tester – yet.
A look back at articles from the past shows that the same information security problems persist today.