[funsec] Texas Bank Dumps Antivirus for Whitelisting
Toralv_Dirro at McAfee.com
Toralv_Dirro at McAfee.com
Wed Jul 16 01:29:00 CDT 2008
> You're showing your age. ;-) Word macro viruses haven't been
> much of a problem for 6 or 7 years ever since Microsoft went
> to signed VBA code in Office.
>
> However similar problems do existing with scripting code run
> by the Windows Scripting Host. Perhaps WSH doesn't get whitelisted?
Currently the whitelisting solutions I'm aware of pretty much assume
that all evil comes with an MZ-Header.
I do regard whitelisting as a valid approach, but would hesitate to put
all my money on just whitelisting and I would definitely not go public
with such an announcement revealing details what soultion I chose.
OTOH agreeing to a public announcement probably got them their solution
for free, so there's budget left to continue using other technology in
combination...
cheers,
Toralv
Firmensitz: Muenchen
Amtsgericht: AG Muenchen
Handelsregister: HRB 144340
Geschaeftsfuehrer: Eric F. Brown, Anthony E. Ruiseal
Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006
UST-ID: DE168122444
More information about the funsec
mailing list