That is false, and not how whitelisting works. Imagine it like this, Antivirus is a list of things you can't do and Whitelisting is a list of things you can do.
-
-
I don't disagree. The slight problem, here's how to run Office macros at almost every organisation: email them to a user.
-
Organisations that immature aren’t going to be able to implement whitelisting in the first place. This argument is going around in circles.
- 24 more replies
New conversation -
-
-
Every time we beat this dead horse, a one-man IT/Security department develops a new unhealthy coping method.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Tavis: don’t you see the irony of you defending the fact that whitelisting isn’t entirely bulletproof (on its own), given that this is your criticism of AV as well? Surely AV and whitelisting should be used *together*? Or is that an EDR tool?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Doesn’t the protection offered by whitelisting only come into play once the attacker has already achieved code execution (which is then blocked by the whitelisting solution)?
-
Well, whitelisting can and does block some of the ways that are frequently abused to gain initial execution. (Like a trojanized exe a user is social engineered into running, for eg.) But the main purpose in most people's minds is as you say.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.