Two changes have occurred in the last couple of decades, which point toward reconsidering the options. First, the numbers game: The amount of bad stuff grows daily and some anti-virus signature files contain approximately 20 million signatures. The good stuff has not grown as fast and a signature file for a standard operating system such as Windows XP Professional will contain nearly 50,000 signatures. Second, the rate of change has increased. Viruses used to be static and did not change, but nowadays they are written to self-adapt or operate in a command-control mode where they can be remotely updated.
Now what? Does a solution provider look for the 50,000 relatively static signatures of the good stuff or the growing 20 million adapting signatures of the bad stuff? Signature Management Most companies hope they never see any bad stuff and have no expertise in the dark science of understanding them. So, it is sensible that both the generation and updating of anti-virus signatures be ‘outsourced’ to the experts, and that is how the industry has developed. Application whitelisting appears to require the opposite approach. Because PCs are unique to every organization, then the organisation itself would be required to both generate and update the signatures of the good stuff. That might take quite a lot of time and effort – and appears counter to the current trend of increasing amounts of IT outsourcing. There is also the issue of diversity to handle as well. With anti-virus the same signature file can be applied to every machine, but with application whitelisting the worst-case scenario might be that the signature file of every PC is different.
Today the concept of "signing" software is becoming commonplace and will contain metadata such as the software author, a checksum to verify that the object has not been altered and versioning information. Signing involves a process using a pair of keys, similar to SSL or SSH sessions. The private key used to sign the code is unique to a developer or company. Those keys can be self generated or obtained from a trusted certificate authority (CA). When the public key used to authenticate the code signature can be traced back to a trusted root authority CA using secure public key infrastructure (PKI), then the user knows that the code is genuine. We see this most commonly today in environments where the source of a given piece of code may not be immediately evident - for example a Java Web Start application accessed from your browser.
In the context of application whitelisting, the most interesting use of signed code to provide updates and patches for software. Most OS manufacturers now provide signed updates to ensure that bad stuff cannot be distributed via the patching system.
That same signing process can now be used by application whitelisting solutions, such as Cryptzone’s SE46. The agent, which checks everything just before it runs, clearly trusts the signatures generated for that PC in the first place, especially if they have been signed in a way similar to the above). But the trust model can be extended to include other signing authorities. That means it would now be possible to have a Windows PC which has the trust model extended to include, for example, Microsoft, Adobe and Cryptzone, so it can now self update without any need to in-house manage the changing signatures. Effectively, the management of the signatures of the good stuff has now been outsourced in much the same way as for anti-virus.
Who is in control of your infrastructure today? With certificate-based application whitelisting we have a way of replacing anti-virus without imposing a significant time/management overhead. So, the answer would be, just you and any developers you choose to allow -- and that's it!
- Protecting The Business From Cloud Application Security Risks
- The Massive SaaS Opportunities For VARs
- A Reseller's Guide: Recipe For Channel Partnership Success
- Cloud Connection: Seven Steps To Effective Public Cloud Services
- From CapEx To OpEx: Channel Strategy In The Federal Push To The Cloud
- A Reseller's Guide: Coming Out On Top In The Face Of Channel Conflict
- How To Create A Case For Disaster Recovery Plan
- How To Offset Your Customers' BYOD Risks
- How To Ease Client Anxiety About Private Cloud Deployments
- How An SMB Cloud Provider Can Create 'Swagger' In A Competitive Market
- A Reseller's Guide: Creating A Successful Solution Provider Event
- How to Prepare for the Future of the IT Solutions Industry
- How to Consolidate Data Protection Services for Greater Customer Value
- 10 Attributes to Support Revenue Marketing and Sales Success.
- How To Improve Efficiency: Upgrade Mountain Lion and iOS6
- How To Cash In On the Cloud Through Collaboration
- How To Sell Cloud Storage In Five Steps
- How To Protect High-Value Data Assets
- Moving Data to the Cloud: Options for SMBs and Small Enterprises
- How To Apply Big Data Security Analytics to Detect Advanced Threats and Breaches