Reduce Risk from Unauthorized Applications
- Monday, February 8, 2010, 12:22
- Threat Research
Which software can you trust? There’s a lot of good in Web 2.0 technologies that allow rapid development of user-contributed content and applets, but they also bring risk: poorly secured or deliberately malicious software in the form of JavaScript, ActiveX, videos, file-sharing software, spam, open source, and Google Docs. How do you know if this unknown, unverified code is good or bad, and, until you do, is it safer to block all or let it pass?
Increasingly, organizations are expecting IT to devise and enforce effective application security controls for systems ranging from desktops to servers kiosks to legacy Windows NT4 systems. That means consistently and reasonably enabling the known good, forbidding the known bad, and dealing with the new and unknown. Most IT organizations are achieving this goal through a mix of technologies, including blacklisting, behavioral analysis, and whitelisting, that back up existing solutions with targeted protections.
Blacklisting is a traditional security approach to keep the known bad guys out, familiar to those using anti-virus (AV) and intrusion detection. Each suspicious code sample spawns release of a protective file known as a signature, which tells the security product to block, or blacklist, that image if it sees it. While potent, blacklisting is not powerful enough for all of today’s malware. That’s why companies like McAfee have reinforced blacklisting with real-time analysis
Continue reading...