Handsome Recluse

Level 19
Verified
How useful are application whitelists when social-engineering risks are minimal where you don't download and execute random stuff from the internet especially, path/hash based whitelisting like SRP/Bouncer? It seems some of the top 4 mitigation strategies I found from wherever - namely, application whitelisting and restriction of administrative rights are partly to prevent users from doing whatever they want risking their computers. I'm just curious as to what happens when this is not a threat and you're the one actually making your own decisions instead of trying to prevent others'.
 

Svoll

Level 12
Verified
It still serves a purpose while not much on the way you are describing the situation. You never know when something will slip by you and having that whitelist is protection.

I know of a very good Penguin who is awesome at prevention and something malicious manage to pass while he was afk or watching TV. Always a good bet to have some insurance. You don't always need it but it does come in handy when you do.
 

Svoll

Level 12
Verified
I mean there would be ways to prevent such, if a user is careful, he or she doesn't need AV and all the security softwares. We install them for peace of mind. If its what I would call clicking roulette. you are only as safe as what you click.

I am usually careful, but other users of my computer, their USB, their documents, emails might not be.
 
5

509322

How useful are application whitelists when social-engineering risks are minimal where you don't download and execute random stuff from the internet especially, path/hash based whitelisting like SRP/Bouncer? It seems some of the top 4 mitigation strategies I found from wherever - namely, application whitelisting and restriction of administrative rights are partly to prevent users from doing whatever they want risking their computers. I'm just curious as to what happens when this is not a threat and you're the one actually making your own decisions instead of trying to prevent others'.
Nothing happens. You just go about your computing life.

One of the ideal features of security software is that it should be unobtrusive - to the point where you will forget that it is even there - except during a protection event.

On a very low-risk system there is this debate over whether or not a security solution is really needed. Well my answer to that is security software is like home owner's insurance - you sure are glad that you had the policy when lightning struck the gargantuan tree only meters from the house, split it down the middle, and both flaming halves fell onto your house.
 
For low risk computers in a home environment you really only need a good AV suite.

You won't need anti-exploit, anti-rootkit, anti-exe, artificial-intelligence or white-listing

A security suite from Kaspersky, Norton, Avast, Emsisoft, Eset, or F-secure should be more than enough protection if you are low risk.

Application white-listing is used in the enterprise where you have strict regulations on how data is handled.

It all depends on your threat model really. A bank will have a different threat model than a consumer.

I don't advise home users to mess with stuff like SRP (or white-listing files) because it can break the OS.
 
5

509322

Application white-listing is used in the enterprise where you have strict regulations on how data is handled.

It all depends on your threat model really. A bank will have a different threat model than a consumer.

I don't advise home users to mess with stuff like SRP (or white-listing files) because it can break the OS.
SRP protects data primarily by preventing infections - both in Enterprise and consumer.

AppGuard is one of the few Enterprise-grade solutions made readily available to consumers.

SRP can be dangerous if the user is required to configure all the rules and don't know what they are doing.

Our product has default policies that will not break the OS, while at the same time provide a very high level of physical system security. It doesn't make any sense to put a product into home user hands that will brick their system.
 
That's exactly why I don't recommend novices play with SRP. If your not an expert in the rules you will brick your system.

AppGuard is a good product but it still requires some knowledge about security to configure. And it should be that way.

I only wish other next gen Av vendors would allow consumers to buy single licenses.
 

shmu26

Level 82
Verified
Trusted
Content Creator
for savvy home users who don't share their computers with others, the main idea of application whitelisting -- otherwise known as default/deny -- is simply to shake your brain awake when you are about to do something stupid like run a downloaded executable file that you forgot to check out.