Er...
"Only by allowing code that is known to be good to enter a network..."
Surely, that will exclude most of Microsoft's stuff?
Miscreants have released a Trojan specially designed to disable cloud-based anti-virus security defences. The Bohu blocks connections from infected Windows devices and cloud anti-virus services in place to protect them. Malware writers have long included routines to disable components of desktop anti-virus software packages or …
Most of Microsoft's stuff. Almost all of Linux. And no one runs Apple stuff on anything but toys these days so we don't need to consider that.
OS code aside, The Register would lose half its stories if drone workers didn't find ways of circumventing security and running stuff they weren't supposed to or copying data they shouldn't.
For the sake of the Reg, keep networks open!
Problem with whitelisting is that you have to pay someone like Verisign to auth your code, and that is impractically expensive for small utilities.
Since it seems this malware would have to gain a foothold on the client computer before it can block cloud access, an alternative approach is to limit where, on disk, apps can be launched from, excluding from this definition any download or temp folder.
http://sf.net/projects/softwarepolicy is quite effective in this role (Shameless plug, actually, being as I am the coder <g>)
"It is the first designed to target anti-virus technology that is protecting the cloud. Add to that the fact that it is native to China, and we are seeing yet another new wave of targeted cyber attacks."
Looks like the guy didn't understand peep about it...
It is not targeting AV that is protecting the cloud, but drawing protection FROM the cloud.
And one piece of malware that is not even that widespread does not make a "cyber attack".
Fu**ing "computer security" populists and self proclaimed "experts".