Note: You are experiencing only the raw content of this site, without the intended layout and design. Either your browser has ignored the Cascading Style Sheet (CSS) files for this site, or you are using an outdated browser which does not support Web Standards. Learn more.

EDS' Next Big Thing Blog: Read and Respond to What the EDS Fellows Say About Technology

Read and respond to what the EDS Fellows have to say about the future of technology on EDS' Next Big Thing Blog on eds.com.

A Different Approach To PC Virus Protection

by Randy Mears

While most of the PC world is fighting the virus threat with popular anti-virus programs, a Texas bank opts for a different approach. As virus creators adapt their methods to exploit the weaknesses in both PC operating systems and anti-virus programs, in a war characterized by bi-lateral escalation, some businesses are opting for a completely different approach. This article from BBC News describes a more “holistic” approach to virus protection, one that seems to be working.

This method uses a multi-pronged approach. First of all, something called a “program whitelist system” blocks all but a few selected programs from running on all of the PCs in an organization. Secondly, procedures are put in place to limit exposure, particularly from non-work related Web sites (that’s limit, not exclude). It works by keeping instant messaging programs (as an example), and other programs that expose potential vulnerabilities, off of the whitelist; thus keeping viruses and other malware (like spyware) at bay.

As alternative approaches go, this seems interesting to me, but I have seen solutions that rely on similar measures fail because they lacked a fall-back mechanism. I could be wrong but I think that there needs to be something in place to deal with malware that somehow gets through, and in today's landscape, the obvious answer turns out to be an anti-virus program. Didn't we just come full circle?

Published Thursday, March 15, 2007 7:02 PM

Subscribe to this post's comments using RSS

Comments

Posted by David Scott Lewis Friday, March 16, 2007 12:25 AM

Wouldn't you agree that the key issue is dealing with zero-day exploits? And, if so, their approach seems reasonable with a whitelist system.

Yes, they still need anti-virus and anti-spyware programs, but they're probably much safer with the procedures they're using versus not using them.

Posted by Phil Bennett Monday, March 19, 2007 2:01 PM

Whitelists have been around for a little while. They have limitations because some technologies (like Microsoft's .Net) sometimes generate DLL files on the fly, which get blocked by whitelist systems. Also, it's difficult to deal with viruses in Office document files, which often don't have a fully trusted executable element to them.

In fact, trust is the real issue here - especially on the Internet. Whitelist systems and other technologies such as Trusted Computing (http://en.wikipedia.org/wiki/Trusted_Computing) are there to mitigate the risk of users browsing dodgy websites or running infected software. There are only three ways to heavily reduce virus risks:

1. Trust users (we know this doesn't work).

2. Build water-tight software (this doesn't work either - with millions of lines of code, it's just too hard right now).

3. Build systems that trust each other.

The last one is the interesting one. There aren't any Xbox live viruses because the systems are trusted, and this is what the Trusted Computing initiative is all about. And it's very controversial!