I'm a fan of Robert Vamosi's podcast
on Cnet. Recently he had two shows that caught my attention.
First, he talked to Tom Murphy, chief strategy officer for Bit9 about whitelisting. Link
He also talked to Eva Chen, co-founder and CEO of Trend Micro about anti-virus protection. Link
Ms. Chen said that historically Trend Micro has seen the addition of 1,000 - 2,000 new virus strains in the wild each year. She also said that the numbers were exploding, and that they saw 5.5 million new unique virus samples in the wild
in 2007. It's been clear for some time that blacklisting the "bad" apps was a losing battle. These new figures (new to me at least) really underscore that point. There are more illegitimate apps than legitimate apps.
Whitelisting, as Mr. Murphy describes it, allows you to define a set of applications or vendors and to mark them as trusted. Only specifically trusted apps, or apps from specific companies, can execute. Any app that is not on this white list is not able to run.
That technique will help in some cases to be sure, but what about the times when those apps themselves are tricked into performing malicious tasks for the attacker? The "trusted" app is running, but you've still been p0wned. Is there a cure for that problem?
Systems like SELinux
attempt to solve this problem by not just whitelisting apps, but application behavior. (And it's built into Fedora and RHEL, naturally.)
Dan Walsh has some thought on how SELinux might be applied
to something like Google's Chrome browser. He also includes some links to other posts
on this same topic.
In one of those posts, Joshua Brindle writes:
Even if I have some sort of browser or plugin exploit going on it won’t matter, only data can be sent to the appropriate place (this is the beauty of mandatory access control, even a broken application can’t do anything bad).
This is a really important point: even "trusted" apps can be made to go bad, and you still need to find a way to be safe. I'll be interested to see how systems like Firefox and Chrome adapt to these kinds of controls over application behavior.