Jesper's Blog - All Comments

White Listing already exists

Dave Jones — Sat, 31 Oct 2009 21:25:51 GMT

White Listing already exists in Windows 7 - it is called App Locker. What is required is a way for reputable software suppliers (Microsoft?) to provide this information alongside every product they release for easy importing into Local/AD Group Policies.

A version for Windows XP would be nice...

Alternatively, Lumension® Application Control (formerly sanctuary) does much the same thing.

Now determining who are reputable software suppliers is definitely a problem, but giving users/organizations the ability to block software based upon who made it is definitely useful.

re: Fake Anti-Malware is Apparently Microsoft's Fault

Brant Gurganus — Tue, 27 Oct 2009 21:43:28 GMT

Maybe they don't want people to know real from fake because they are fake, haha.

re: Fake Anti-Malware is Apparently Microsoft's Fault

Aaron Margosis — Tue, 27 Oct 2009 05:24:40 GMT

You mean you can't just look software in the eyes and tell whether it is honest?

re: Fake Anti-Malware is Apparently Microsoft's Fault

mark — Sun, 25 Oct 2009 04:40:15 GMT

I think "white listing" at some point will be the way to go. Its not ready yet from what I've heard.

While educating the public seems obvious the cleverness of the criminals with the huge financial incentive seems limitless.

White listing might need to be draconian basically eliminating all programs older than 5 years that haven't been updated. Organizations could choose white list specific for their needs.

re: How Delegation Privileges Are Represented In Active Directory

jesper — Thu, 22 Oct 2009 05:05:55 GMT

Of course Harry. Corrected. Thanks for pointing it out.

re: How Delegation Privileges Are Represented In Active Directory

Harry Johnston, MVP — Wed, 21 Oct 2009 21:13:23 GMT

Nitpick: you mean ORed, not ANDed.

re: Web Of Trust: RIP

martin — Sat, 17 Oct 2009 03:54:38 GMT

I see an opportunity here. Since the idea is good, why not create an independent Web of Trust program?

It could be run by http://www.cacert.org/ or someone like it. What do you think?

re: Web Of Trust: RIP

Kilia — Wed, 14 Oct 2009 20:26:40 GMT

So sad indeed. I liked being able to use WOT to see how web surfers rated websites. I have even rated a few myself.

re: Web Of Trust: RIP

Matthew Mucker — Wed, 14 Oct 2009 14:47:50 GMT

So when can I get a cert from "Jesper's Web of Trust Root CA?"

re: Passwords are here to stay

admin — Wed, 14 Oct 2009 02:08:03 GMT

Let me know if you get this?

Test.

re: Passwords are here to stay

Candee — Mon, 12 Oct 2009 12:02:42 GMT

Indeed. I remember it well.

It was one (of many) practices I adopted as my own. And my told my users (and anyone else who would listen) about it.

Good work!

Candee

re: Passwords are here to stay

Mick — Sun, 11 Oct 2009 22:13:34 GMT

Jesper.. The issue here isn't the text, it's the writer. My biggest pet hate is journo's writing about security when they have no experience in IT let alone Security. Typically this results in what we've seen here.. misinformation provided to the public. The Sydney Morning Herald in Australia continually do this as well and despite a constant complaints refuse to hire an IT or InfoSec Professional to pen their IT articles.

It doesn't matter how hard we work... our work is being undone by these clowns.

re: Passwords are here to stay

Larry Seltzer — Sun, 11 Oct 2009 10:28:52 GMT

I wrote about it then too (www.eweek.com/.../Will-Passphrases-Foretell-the-Death-of-Pa55W0rd5 - and I probably linked to your article).

The problem with passphrases is that a lot of sites (Amazon i think is one) don't let you use a long-enough password or embed spaces.

re: And finally, standard user malware

Eric Eskam — Sat, 03 Oct 2009 17:48:02 GMT

I too am surprised it has taken this long for something like this to appear. If Firefox can install in usermode, why not malware?

BTW - a handy flowchart to help users decide if they really should click to see the dancing naked pigs:

www.intac.net/a-flowchart-to-help-you-decide-when-to-click-past-the-security-warning

re: And finally, standard user malware

Hilton Travis — Thu, 10 Sep 2009 21:21:34 GMT

G'day Jesper,

All theswe filth are doing is following Microsoft's lead with Microsoft Live Mesh and Microsoft Vine which don't install into Program Files, but into AppData\Local, therefore not requiring elevated rights.

Now, this is a huge security vulnerability to me - allowing non-Admin users the ability to install applications. WTF was Microsoft thinking?

Have you tried installing Live Mesh with "Run as Administrator"? What does the error message "Live Mesh: Product does not support running under an elevated account. This class is not configured to support Elevated activation. Error: 80080017". Now, is that an error message, as a Security professional, that scares the pants off you, or what?