The Sunset of AV Technology. Good for Windows 7!
I just picked up from Toney Jennings blog at CoreTrace that Microsoft is including AppLocker in Windows 7.
“What is AppLocker?” I hear you ask.
It’s whitelisting. It’s a fairly simple flexible mechanism that allows the administrator to bolt down the desktop and prevent new stuff that isn’t authorized from running:
- It will stop normal malware dead in its tracks.
- Provide a simple way of preventing user anarchy where users load just about anything onto their desktops.
- It will help control semi-authorized applications like Skype, which can sometimes consume network bandwidth in an undesirable way.
- Keep unlicensed software from running (which is great for the small business and the corporation).
- Deliver a level of desktop configuration management possibly providing a means of running approved applications and implementing software updates when needed.
- Help meet security compliance standards.
This on its own is reason enough for all the corporations across the world to think in terms of acelerating their migration to Windows 7. It will be a huge boon to corproate computing and, at last, companies will be able to start throwing AV technology away and moving to whitelisting as the primary means of ensuring endpoint security. It has taken the longest time, but the AV shell game is coming to an end and whitelisting is taking its rightful place as the foundation of endpoint technology.
What Does This Mean for the Whitelisting Vendors?
The whitelisting vendors made their living by doing what Windows is now doing. The primary ones; Bit9 and CoreTrace, add value to simply locking down the desktop, so there’s no need for either vendor to feel threatened. Also security is not a Windows only thing. The big headache may belong to Windows in respect of malware, but vulnerabilities are everywhere. No versions of Unix or Linux I’m aware of have anything like AppLocker. I believe that the only OS that does is the iPod/iPhone version of OS X. So centrally managed corporate whitelisting has a place as long as there are multpiple operating systems.
What doesn’t have a place is AV technology. Now it has no real function at all. It’s time for the AV vendors to become resellers of whitelisting products.
Good post Robin. As a fellow Mac fan, I think that the really interesting case study will be what the future of Mac security is. Last year’s Pwn2Own sponsored by Austin’s own TippingPoint proved that Macs aren’t immune to malware as they took over a brand new Mac with a Safari hack in a matter of seconds.
Macs have never had AV and just recently some of the AV vendors have started moving that way. This month Kaspersky announced their Mac version of antivirus, but I am holding out for CoreTrace to build a version of their application whitelisting for my iMac and MacBook Pro. AV is dying and I don’t want to put it on my own system.
I really hope that people don’t start moving toward Mac AV, but better security software is definitely needed. Thanks again for the post.
Great post Robin. The real test will come with the Mac since it hasn’t had antivirus all along. The Pwn2Own contest sponsored by Austin’s own TippingPoint proved that Macs were vulnerable when the MacBook Pro was taken over in a few seconds by a Safari exploit.
Kaspersky this month announced their antivirus program for the mac, but I don’t want to buy a dying technology. I’m waiting on CoreTrace to offer me a personal version for the Mac. Until then, I’m cautious of the links I click and suspicious every time my system slows down.
It will be interesting to see, but I think whitelisting has a great future.
I just use Linux, there’s no need for this house of cards of applications to add security, where there is none, in layer upon layer, remove one card and the house collapses style.
This Applocker will “will stop normal malware dead in its tracks.”, ok so what about malware designed to get around it, that will come. We already have malware that targets Anti Virus applications
But it won’t be used on most Windows desktops, simply because it will get in the way of the user, those same systems will be run as Administrator, because it’s convenient. The typical Windows system will continue to enable malware.