Advertisements

#Whitelist #Blacklist #Brownfish #Bluefish

So, no-one likes getting malware. Am I right, or am I right.

So, after reading a whole bunch of posts about how to blacklist I decided to try it.

Most places say you should black list like

%AppData%\*.exe

%AppData%\*\*.exe

The thing about this though is

Sure it blocks exe files from being executed in the root of AppData and then the subfolder of AppData but thats it, it doesn’t block any deeper… also it only blocks .exe files. There are certainly a lot of bad things that can happen other than .exe

So what is a person to do

Well, if you black list

%AppData%

Guess what happens. The folder and all the sub folders are black listed, as well as not just .exe files it blacklists everything on the Designated File Types… a long list of executable code file types….

Where did this bad configuration come from? I don’t know, but it doesn’t seem like good advice.

But, after all that. I think what you really want to do anyways is white listing.

The best paper I have found on whitelisting is this NSA one.

https://www.nsa.gov/ia/_files/os/win2k/application_whitelisting_using_srp.pdf

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: