Everybody loves lists. Magazines love lists, TV shows love lists, websites really like lists. But possibly no one loves lists more than security vendors.
When you break down a lot of the core elements of security products, it often comes down to big lists. Lists of known viruses and spyware, lists of vulnerabilities, lists of access controls, and lists of programs that we want to run and programs that we dont want to run.
This obsession with lists most recently came up in reports from one of the largest security vendors out there, namely Symantec. In interviews related to the most recent release of the Symantec Internet Security Threat report, Symantec executives have said that because of the growing security threats and the increased sophistication of the bad guys, it may be time to move from the classic black list approach to security and go to a white list approach.
This means that instead of determining which programs running on someones computer might be bad guys, future security tools would instead only let known, "good" programs run and block out all other programs.
Now the idea of white lists isnt a new one, most good security implementations involve some combination of white listing and black listing. And I do think that white listing is a good idea, when done on an individual or company basis (meaning that I as a person or a company choose which applications I want to let run).
But this isnt the kind of white listing that is being talked about. Instead it sure seems that Symantec is talking about managing a centralized white list of good applications and if an application isnt on it, it wont run.
And if this is Symantecs idea, then in my opinion it is a really bad one.
Click here to read the entire column Delist This Security Idea