A recent report from security vendor Secunia points out the surprising fact that despite the evolution of hackers and malware now targeting critical third-party Windows applications (namely Flash, Java, and Acrobat Reader); there is still a fairly simple way for IT administrators to mitigate the risk posed by these new threats.
Although past exploits have focused on browsers and Windows code, due to significant security improvements by browser and operating system manufacturers over the past few years, malware creators have turned their attention towards third-party apps due to the fact they are difficult for IT Administrators to patch/update across networks rapidly and because many third-party applications are not written with security in mind (since only recently they have become the targets of attack). Additionally, since many software vendors are very secretive about their code, it is very difficult for security professionals to measure threats and develop solutions to the problems.
While there is truth in the concern and criticism over third-party application security, for IT Administrators and even small business owners, virtually all the threats can be significantly mitigated through user account controls. Application whitelisting is one of best ways to solidify your company’s security tools while also remaining within a reasonable budget.
Unlike anti-virus scanners and tools devoted to removing infections after the fact, application whitelisting is a proactive approach to infections which works by only allowing applications and users to perform essential tasks. The key benefit to whitelisting applications is that unlike anti-virus scanners that can only protect against known threats (similar to a blacklist), whitelisting can block off the most common attack points, providing solid protection from zero day attacks (the industry term for malware and exploits which are released in the wild without warning to the vendors).
For those outside of the IT field, chances are if you used Windows Vista or Windows 7 you have encountered a variant of whitelisting through the User Account Control (UAC) feature which helps to prevent applications from making malicious changes to core Windows files. For example, when users attempt to change settings in Windows, the system will require an administrator password or account for you to make any changes. When it comes to business environments however, UAC is only one tool in the arsenal to keep networks safe since it only pertains to core Windows functions.
Due to the vastness of the information security field, it is impossible to provide a practical summary of which tool to use for your company, however this report from the SANS Institute (a highly respected computer security think tank) provides a very holistic overview of whitelisting options plus info on a few highly related topics. Although it is a bit lengthy, the parts focusing specifically on reviewing a few key solutions offered on the market, is definitely worth reviewing.
The bottom-line is that although you may always be vulnerable to hackers and security threats, there are a number steps you can take to put up barriers that will make it extremely difficult to infiltrate your system.