* Posts by Nick Dinsdale

1 publicly visible post • joined 27 Jun 2007

The decline of antivirus and the rise of whitelisting

Nick Dinsdale

AV has lost the battle

Dr Vesselin what are you a Dr in. I can take it from your knowledge on CodeRed its clearly not IT. “The "Code Red" worm is self-replicating malicious code”

Also If you understood how virus's work you would know your black list approach DOES NOT WORK. The last report on AV said 98% of KNOWN virus's were captured by the leading AV company (no names mentioned). 98% of KNOWN, why cant you capture ALL, they are bloody KNOWN. What hope do us end users have

A lot of people seem to be missing the point here (perhaps on purpose if they work for an AV vendor)… you don’t whitelist every application under the sun – you simply approve those applications that you need to run on your network. Most enterprise whitleisting solutions will push only differential updates to clients when new applications have been centrally approved and thus minimise network traffic too. A good whitelisting solution will also include flexibility such as local authorisation which can grant certain users the ability to override policy, but be fully audited and whereby administrators can then accept or reject the authorisation of that particular application should a user abuse their privileges.

The merger of Pathlink and SecureWave for example is a clear indication of where this market place is moving. There is a definite need for a unified protection solution that offers vulnerability assessment, patch management, application delivery, application white-listing, remediation and peripheral device control. Patchlink are now not only able to offer all of this, but also make whitelisting even easier to implement via automation of updates to the whitelist require for patch and application delivery.