CoreTrace WhiteSpace

The Application Whitelisting and Security Weblog

Collaboration with SignaCert: One Potential Avenue In The Purification Process

Earlier this week, Toney Jennings wrote about step two in the rational transition to application whitelisting: the purification stage. Today we announced another step in that stage: a collaboration with SignaCert, the provider of the largest known-provenance whitelist repository in the world, SignaCert’s Global Trust Repository (GTR). ( Read More… )

Please use the comment form and leave your thoughts!

Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 2 Purify

Rational Transition to Whitelisting: Step 2 - PurifyThis is the third post in a series addressing what we see as an inevitable, protection focused, transition to application whitelisting and how that should take place practically. The posts already up on our blog are:

  • Intro – Here we provide an overview of what is driving this transition.
  • Part 1 Protect – This post highlights the need for companies to consider immediately adding application whitelisting to protect their endpoints.

We think that the transition will take place in three logical steps. First, adding protection to existing systems. Second, purifying those systems of any remnants of malware over time. Finally, providing a strong change management process that will allow users to be productive and deal with the inevitable changes to approved applications while still ensuring the protection that application whitelisting affords.

This blog entry deals with cleaning of endpoints that have gone through the protection step of the process. ( Read More… )

Most recent comment:   Time to Start Over on Desktop Security

[...] Purify – We then transition into a process that cleans our existing systems of any residual malware [...]

Microsoft Warning Highlights Broken Security Model

The associated press is reporting that Microsoft is warning of a vulnerability that isn’t yet patched in their operating system. Details on how to protect yourself can be found in the link above.

The proposed solution from Microsoft involves pushing out a large registry change (that you must assemble yourself) that disables the compromised ActiveX control – that then must be applied to each and every system. ( Read More… )

Most recent comment:   David Thomason

It's clear that patching isn't going to fix all our problems. Even in the Verizon 2008 Data Breach Investigations ...

Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 1 Protect

Rational Transition to Whitelisting: Step 1 - ProtectThe question of whether or not application whitelisting has an important role in the future of endpoint security is officially over. It does. Not only that, it is clear that legacy blacklist antivirus has lost the ability to provide any protection to endpoints and instead is relegated to an after the fact role geared at detecting infections and cleaning them up. I highlighted many of these trends toward application whitelisting and the changing role of antivirus in my intro to this series of blog posts. More evidence of this trend came yesterday when Symantec announced that they are adding application whitelisting capabilities into new reputation based technology code-named Quorum. The bottom line in all of this is that if you are responsible for the endpoint security of your company’s PCs and you aren’t thinking about how whitelisting changes things, you should start now. ( Read More… )

Most recent comment:   Time to Start Over on Desktop Security

[...] Protect – First we must baseline our systems to prevent any new infections [...]

Beware Waledac Worm and Spam This 4th of July Weekend

Another kind of fireworks display may take place on the Internet this weekend. There is a large malware campaign targeted for this 4th of July weekend, 2009. CNET reports that computers infected by the Waledac worm are a part of a botnet that will begin distributing spam this weekend intending to get users to click on videos that will infect the PC with the malware and add it to the botnet.

The prevalence of this type of problem is more indicative than ever that blacklisting antivirus simply isn’t up to the task of preventing infection of PCs.

Please use the comment form and leave your thoughts!