How useful are Application Whitelists when Social-Engineering Risks are Minimal?

Handsome Recluse

Level 23
Thread author
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
How useful are application whitelists when social-engineering risks are minimal where you don't download and execute random stuff from the internet especially, path/hash based whitelisting like SRP/Bouncer? It seems some of the top 4 mitigation strategies I found from wherever - namely, application whitelisting and restriction of administrative rights are partly to prevent users from doing whatever they want risking their computers. I'm just curious as to what happens when this is not a threat and you're the one actually making your own decisions instead of trying to prevent others'.
 

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
It still serves a purpose while not much on the way you are describing the situation. You never know when something will slip by you and having that whitelist is protection.

I know of a very good Penguin who is awesome at prevention and something malicious manage to pass while he was afk or watching TV. Always a good bet to have some insurance. You don't always need it but it does come in handy when you do.
 

Handsome Recluse

Level 23
Thread author
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
@Svoll Wouldn't there be any alternatives to prevent the slipping by from doing anything if it manages to happen? I'm just curious as to the extent application whitelisting/restricting administrative rights can be useful compared to alternatives in cases where I have to make my own decisions and not some other administrator.
 

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
I mean there would be ways to prevent such, if a user is careful, he or she doesn't need AV and all the security softwares. We install them for peace of mind. If its what I would call clicking roulette. you are only as safe as what you click.

I am usually careful, but other users of my computer, their USB, their documents, emails might not be.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Aside from getting infected because of what you install or click, there are cases, real cases, where you don't do anything, but still get infected. Two examples are drive-by downloads and malvertising. In these cases, application whitelisting can be a good protection. :)
 
5

509322

How useful are application whitelists when social-engineering risks are minimal where you don't download and execute random stuff from the internet especially, path/hash based whitelisting like SRP/Bouncer? It seems some of the top 4 mitigation strategies I found from wherever - namely, application whitelisting and restriction of administrative rights are partly to prevent users from doing whatever they want risking their computers. I'm just curious as to what happens when this is not a threat and you're the one actually making your own decisions instead of trying to prevent others'.

Nothing happens. You just go about your computing life.

One of the ideal features of security software is that it should be unobtrusive - to the point where you will forget that it is even there - except during a protection event.

On a very low-risk system there is this debate over whether or not a security solution is really needed. Well my answer to that is security software is like home owner's insurance - you sure are glad that you had the policy when lightning struck the gargantuan tree only meters from the house, split it down the middle, and both flaming halves fell onto your house.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
For low risk computers in a home environment you really only need a good AV suite.

You won't need anti-exploit, anti-rootkit, anti-exe, artificial-intelligence or white-listing

A security suite from Kaspersky, Norton, Avast, Emsisoft, Eset, or F-secure should be more than enough protection if you are low risk.

Application white-listing is used in the enterprise where you have strict regulations on how data is handled.

It all depends on your threat model really. A bank will have a different threat model than a consumer.

I don't advise home users to mess with stuff like SRP (or white-listing files) because it can break the OS.
 
5

509322

Application white-listing is used in the enterprise where you have strict regulations on how data is handled.

It all depends on your threat model really. A bank will have a different threat model than a consumer.

I don't advise home users to mess with stuff like SRP (or white-listing files) because it can break the OS.

SRP protects data primarily by preventing infections - both in Enterprise and consumer.

AppGuard is one of the few Enterprise-grade solutions made readily available to consumers.

SRP can be dangerous if the user is required to configure all the rules and don't know what they are doing.

Our product has default policies that will not break the OS, while at the same time provide a very high level of physical system security. It doesn't make any sense to put a product into home user hands that will brick their system.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
That's exactly why I don't recommend novices play with SRP. If your not an expert in the rules you will brick your system.

AppGuard is a good product but it still requires some knowledge about security to configure. And it should be that way.

I only wish other next gen Av vendors would allow consumers to buy single licenses.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
for savvy home users who don't share their computers with others, the main idea of application whitelisting -- otherwise known as default/deny -- is simply to shake your brain awake when you are about to do something stupid like run a downloaded executable file that you forgot to check out.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top