I don't follow, what you've just described is a whitelisting feature, right?
-
-
yes, but it's super flawed - e.g. just get Comodo to sign something, you'll see samples like that in Virustotal too. I don't know if you've ever done it at scale but it's.. not great. As always, combination - disable for users who never need it, add app whitelisting etc.
2 replies 1 retweet 6 likes -
Replying to @GossiTheDog @taviso and
Don’t let perfect be the enemy of good. The ASD E8 has a nice progression of whitelisting/macro restrictions: https://acsc.gov.au/publications/protect/essential-eight-maturity-model.htm …
1 reply 0 retweets 8 likes -
I kinda know about that, haha
1 reply 0 retweets 1 like -
Replying to @GossiTheDog @taviso and
Notice how AV doesn’t appear in that model at all.
1 reply 0 retweets 1 like -
Sure. Also notice how almost nobody runs it (yet).
1 reply 0 retweets 0 likes -
Replying to @GossiTheDog @markeldo and
Antivirus is entrenched real good, but you agree it doesn't work and we need to make things better, right? I don't understand the pushback, it's like you're saying "nah it's good enough" to me, then I see you complain how terrible it is in other tweets
1 reply 0 retweets 2 likes -
Pragmatism and realism. If most orgs turned off AV right now, they wouldn't have a network in a week. That's my experience. There's a very long road to getting almost every org to a position where they can be AV free.
3 replies 1 retweet 15 likes -
Replying to @GossiTheDog @markeldo and
You're talking about keeping an dangerously insecure network operational, not keeping it secure. You can keep a jet in the air with duct tape, but I hope you're not transporting anything important. So we're in agreement that whitelisting is a good solution, and AV isn't?
5 replies 0 retweets 9 likes -
This Tweet is unavailable.
It's very realistic, and I have seen it. It's super easy to deploy antivirus, because it fails open, but whitelisting actually works so does require careful rollout.
-
-
This Tweet is unavailable.
-
Replying to @petergodofsky @taviso and
It would be good to see some more granular Macro controls from Microsoft, trusted locations are the compromise most orgs use. Application Whitelisting is achievable, I did a talk on the business challenges of the Essential 8 controls (AW, macros etc.) herehttps://www.youtube.com/watch?v=E32_RqgoxPs …
0 replies 3 retweets 8 likes
End of conversation
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.