Internet Security Moving Toward 'White List' 316
ehud42 writes "According to Symantec, 'Internet security is headed toward a major reversal in philosophy, where a 'white list' which allows only benevolent programs to run on a computer will replace the current 'black list' system' as described in an article on the CBC's site. The piece mentions some issues with fairness to whose program is 'safe' including a comment that judges need to be impartial to open source programs which can change quite rapidly. Would this work? The effort to maintain black lists is becoming so daunting that white lists may be an effective solution."
Follow the money (Score:3, Interesting)
Not going to happen (Score:5, Interesting)
Can someone send me a list of all IPv4 hosts which are not malicious? k thanx bye.
PS. please can you also send me an update whenever a new machine is compromised?
What about Javascript? (Score:5, Interesting)
The whole idea of a program being a quasi-static executable installed locally is starting to seem quaint.
Is it me (Score:5, Interesting)
Or is this going to really screw small-scale windows developers?
Seems to me to be a blatant attempt by the big boys to lock users into their software (or software from companies they have an arrangement with. Since the majority of users probably won't know how to disable this 'feature', they will have less choice, and therefore higher costs.
Comment removed (Score:3, Interesting)
Unlikely to work (Score:3, Interesting)
With a whitelist, the user clicks 'Accept' for everything he runs. Then he's protected until he installs something else.
Blacklists are great since they require yearly subscriptions.
The flip side? (Score:2, Interesting)
White lists have been proposed since the beginning of time - from web filtering to spam provention, and now to malware provention - and they all suffer from exactly the same problem, which is the fact that humans are not all identical clones of each other, and neither consume information in the same way, nor communicate with others in the same way.
what about the small developer? (Score:5, Interesting)
I'd be interested in knowing how they deal with the fast release cycle of open source software (excluding mine, oh for a 48 hour day...).
I'm pretty keen on the whitelist idea though. If nothing else it'll make malware more inventive, they'll start imitating the fingerprints of validated software.
Shouldn't it have been this way from the start? (Score:2, Interesting)
Really, black lists were a bad idea from the start. Usually, the programs people want to run on a computer will remain fairly static, with perhaps a few changes when they update or find something online that looks interesting.
I'm sure they're must be some security software that uses whitlists already. Does anyone know of any free ones?
High time too (Score:5, Interesting)
It is a lot of work to maintain any whitelist of any significant size. But the reason you do it is because it's a lot more work to maintain any blacklist of any significant size, and even more work still to clear up the mess after something slips the net.
I thnk residential ISPs will be the first - I'd be surprised if it was even possible to connect outside your own ISPs network. Email through their SMTP server, web access through their proxy, sucks if you want any other service your ISP doesn't provide. Some of the more expensive ISPs may set up some sort of "sign a disclaimer and we'll let you do anything, but we reserve the right to pull the plug if we see so much as a single malicious packet" system.
Re:Shouldn't it have been this way from the start? (Score:3, Interesting)
Many firewalls use the whitelist principle. Eg, Zonealarm. When you install it, nothing is approved. As any program tries to access hte network, you get a popup asking you to approve one-time-only, or to put the program on the trusted list. Seems to work quite well, 5 years, and none of the PCs I or my family use have had any security issues.
But it does require some judgement. The stereotypical Joe User will just approve anything, making the alerts moot. (My daughter has a non-admin account and can't do that.)
Nested Rings of Decreasing Trust (Score:2, Interesting)
several rings (concentric circles) into which programs can qualify
through increasingly rigourous standards and testing as they
get closer to the central core ring of software.
So essentially this OS would have a core ring of whitelisted and essential
programs. Just outside this would be a 2nd ring of whitelisted but
optional programs.
Then a ring of "grey listed" (reputationally vouched for, for both security
and usefulness and quality)
Followed by a "wild west" outer ring.
The OS would be designed so that programs in a more outer (less trusted,
and less essential) ring, could not have any access to the memory or disk
areas of more inner programs, and could only ever use the services of inner
programs through narrow public interfaces supervised by the OS.
Re:Is it me (Score:5, Interesting)
Though it does seem like they are position themselves to be the gatekeepers of all software, good or bad. Want to run a program? Don't ask the user, ask Symantec. People wont stand for that though. There is a certain level of control over a computer most users are willing to give up in certain circumstances to the OS or an outside party or the like, but this is total control. Even novice users would probably find some piece of software they wanted to run that wasn't in the system and get annoyed at symantec for breaking their computer while more technical users would likely never want to be early adopters of something like this.
not only that, but I wonder.... wouldn't the list of "good" software be unimaginably larger than the list of malicious trojans and viruses?
Think about that number for a second. The only way they would ever look good would be if every single one of the users only ever ran software on the list. So for each user that uses dozens of applications, if even just one of those dozens isn't on the list, they are going to blame symantec.
sadly i don't think this will stop them from trying to pull this off anyways and at least getting a small userbase of complete novices and maybe corporate IT depts that want to lock down the drones.
Re:Works for me! (Score:3, Interesting)
Or is this a *WOOSH* moment?
The first layer of defense is a white-list (Score:3, Interesting)
The problem is that there are lots of people / large software monopolists in the world who don't know how to code well, and this creates security flaws which cause this authorised code to do things on behalf of other code, including possibly executing arbitrary.
This code is then theoretically built on top of a kernel which attempts to restrict what the code can do even if it is executed (of course, often there are flaws here too, and often the exploited code is run with more privileges than it should have, so the entire system can be compromised).
Virus scanners and other security software of this kind are supposed to provide an extra, reactive layer of defense on top of the existing proactive measure for anything which slips through the cracks. Suggesting that they be turned into another white-list is therefore not a logical suggestion, and implies that they are not being entirely honest:
* They might just want to create hype to utilise unsuspecting journalists to sell more of their products for them.
* Perhaps this is part of another Digital Restrictions Management style plot to take the decisions of what runs on computers from computer owners and give it to some central pseudo-authority so they can (mis)use the power for their own purposes.
Not just whitelist, but need-to-use (Score:2, Interesting)
You already see this in some security programs, where program A is white-listed for ports 80 and 443, program B is listed for ports 20 and 21, etc. etc. etc.
Eventually, this will be locked down even more. Program A may be whitelisted for port 80, but only for the purposes of self-updating or reporting bugs to its manufacturer, and only to a short list of domain-names or IP addresses.
Within a web browser, not only will add-ons like flash and Java have their own restrictions, each add-on will have its own restriction. Java implements a version this already, allowing applets: it's supposed to let talk to home base but not much more.
I also see the rise of ordinary applications running in a full or lightweight VM, with applications in different VMs talking to each other over a virtual network rather than through shared memory or shared files. Rogue or compromised applications in a VM will be limited to what they can do, much like a chroot'd or BSD-jailed application, only more so.
Re:What about Javascript? (Score:2, Interesting)
Re:What happened to good OS design? (Score:3, Interesting)
Re:What happened to good OS design? (Score:3, Interesting)
Also relevant: Capability security.
E Language [erights.org]
Capability Security [wikipedia.org]
Re:Follow the money (Score:2, Interesting)
Re:Agreed... NoScript is outstanding. (Score:5, Interesting)
Re:What happened to good OS design? (Score:2, Interesting)
Look at the Morris worm in 88. There was no code exploit, or coding mistake. It took advantage of an unauthenticated backdoor to sendmail, which was running as root. This would doubtfully fly today anywhere. Does that mean coders then or now were any better? Nope.
No matter what industry you are in, IT, Car Sales, home improvement, etc., people make more money getting the job done as quick as possible with ease of support, rather then doing it right the first time. This is the American dream: making as much money as you can and let someone else clean up the mess. You just hear about problems more now that the web has made news more accessible, and the fact that a hacker can write a virus that harvests emails out of addressbooks to sell/send spam mail for advertising revenue and cover my tracks well enough not to get caught. Once again, the American dream, make money while someone else cleans up your mess.
Re:What happened to good OS design? (Score:3, Interesting)
I wonder just how much it is going to cost you to get your program blessed? And how long will it take?
From what I can tell they want a white list of approved programs that will be allowed to run on your system. Unless they go the extra step and sign each executable/script by a an approved signing authority anyone will be able to substitute their own code for one of the approved programs. Game over.
Then there is the whole issue of how do you handle the process of upgrades/updates and patches? All of those would have to be approved and signed as well.
While a reasonable idea on the surface there are many aspects of widely deploying such a scheme that make it impractical. The worst case is that people would manage to get just about everything approved by simply submitting it to a web site. Which defeats the purpose.
If you make it a local user configuration thing then users would simply do what they do now, click on through or approve any little application that asks to be approved. They don't know what they are letting on to their systems now. And we are back where we started.