Security Wonks Tussle Over Tolly Test
Whitelisting vs. blacklisting was the topic of a security study recently conducted by the Tolly Group, and one of its sponsors, Bit9, came out on top of rivals like McAfee and Symantec. But the latter two have cried fowl, claiming Tolly refused to test products they say would have yielded different results.
Mar 19, 2012 6:00 AM PT
Security experts have been debating for years the merits of whitelists versus blacklists in securing an enterprise, and last week the debate continued to rage with the release of some test results from the Tolly Group.
The group tested three endpoint protection programs: McAfee Endpoint Protection Suite, Symantec Endpoint Protection 12.1 and Parity Suite 6.0 from Bit9, which also sponsored the tests.
The McAfee and Symantec have blacklisting solutions. Bit9 uses whitelisting.
According to the tests, Bit9's product protects both Windows clients and Web servers more effectively than the products using blacklisting.
Both Symantec and McAfee, however, challenged the Tolly findings.
Symantec offers one product to protect endpoints and another to protect Web-facing servers, explained Piero DePaoli, Symantec's director of product marketing. Symantec asked Tolly to take that into account when conducting its tests, but it didn't do it.
"Unfortunately in this test, Tolly Group only included Symantec Endpoint Protection. Therefore, the results are exactly as expected -- inaccurate and unreliable," he told TechNewsworld.
As for McAfee, it has a whitelisting solution, McAfee Application Control, but it says that wasn't tested by Tolly either. "We are confident that had the correct McAfee solution been tested, the results would have been very different," McAfee Group Solution Manager Dan Wolff told TechNewsWorld.
Anonymous Releases Linux Distro
A version of Linux allegedly created by members of the hacker collective Anonymous made a brief appearance on the Internet this week before being yanked from circulation by SourceForge, an open source software site.
Although the project claimed to be connected to Anoymous, some members of the collective disavowed any connection to it. Those denials, coupled with criticisms from security experts, persuaded SourceForge to pull the plug on the project.
"We looked at the project and decided that although the name of the project was misleading -- we see no evidence that it is connected with Anonymous -- it appeared, on initial glance, to be a security-related operating system, with perhaps an attack-oriented emphasis," SourceForge wrote in its blog.
"SourceForge, and the Open Source community as a whole, values transparency, particularly where issues of security are involved," it continued. "This project isn't transparent with regard to what's in it."
Android Malware With a Twist
As Google's mobile operating system Android has grown in popularity, so has its attractiveness to malicious hackers. Typically, miscreants will either post infected apps to Google Play, formerly the Android Market, or infect legitimate apps there. They've also created modules within their PC malware to infect an Android phone when it's synced with a desktop.
Once the malware makes it to a phone, it will do things like send automated text messages to premium services without the user's knowledge, running up a big bill, or perform man-in-the-middle attacks to obtain confidential data, such as bank account information.
Last week, however, a new wrinkle in malware design was discovered by McAfee researcher Carlos Castillo. The malware plants a Trojan on the phone that can be remotely controlled by a hacker's server and be used to craft credible phishing attacks to con additional credentials from a user.
"Due to the increasing popularity of Android and mobile-banking applications, we expect that more threats like this will appear," Castillo predicted.
- March 12: Sony was reported to have moved a portion of its PlayStation Network from Amazon Web Services to OpenStack. About a year ago, a breach linked to AWS exposed personal information of some 77 million Sony customers.
- March 12: TeamShatter released its 2011 data breach brackets for higher education. Virginia Commonwealth University had the dubious distinction of topping the bracket with a breach of 176,567 records last November.
- March 13: Blue Cross Blue Shield of Tennessee settled with U.S. Health and Human Services Department for US$1.5 million for a breach resulting from theft of 57 hard drives containing unencrypted information on some one million BCBST members.
- March 13: The University of Tampa (Florida) discovered that confidential files were accidentally made accessible to the public. The files contained the student ID numbers, Social Security numbers, names and dates of birth of 6,018 students and the ID numbers, names, Social Security numbers and photos for 29,540 faculty, staff and students from the period Jan. 29, 2000, through July 11, 2011. It is not believed any of the records were compromised.
- March 13: The Minister of Australian Crime Commission called for report on a breach at her agency that resulted in the leakage of private details about some 9,000 claimants, including those involved in cases of rape and sexual abuse.
- March 19: Safe Harbor Conference, Washington, D.C. Sponsored by European Union.
- March 22: How to Calculate the Cost of a Data Breach and What to Do About It. Live. 11 a.m. -- noon CT. Free webinar. Sponsored by abouthippa.com.