Going WhiteSeptember 18, 2007 at 5:07 pm | Posted in Computers, Security, Software | Leave a comment
When troublesome servers started showing up on the Internet, security firms and IT staff began developing “Black lists” of naughty server addresses. Anything that came from them was blocked. In those days, most email servers were set up to “relay” email from server to server automatically. A small office server would pass the local messages on to the ISP for connection to the Internet, for example. Spammers took advantage of this and hitchhiked a ride. That got legitimate servers black-listed. As server capacities grew, more and more domains were handled by individual servers. If one person abused their usage, the entire server could be blocked.
I ran into that problem once where a client could not receive email from us as their ISP subscribed to a blacklist service that had blacklisted ALL email servers from a large national ISP. There were a lot of such heavy-handed approaches, yet it took a long time for those ISP’s to take some responsibility and block public relaying and prevent their systems being used for spamming and virus distribution. (most viruses were distributed by spam by then) Servers came setup by default to pass it all on.
As individuals became forced to have to take responsibility for their security in this onslaught, black-lists were also developed for software programs on computers, such as in firewalls.
Recently, security firms have been reexamining the whole approach as the issue has evolved. There are now more malicious programs (viruses, worms, trojans, etc) than legitimate ones and keeping track of all the variants has been a huge headache – especially because security firms don’t agree on naming conventions. Each company calls the threats by different names and comes up with their own solutions.
Security firms like Symantec are now looking at the White-list approach. Keeping a list of “white” applications and blocking anything else. This is not unlike the concept behind “certificates” for secure web sites – software vendors would need their applications approved. Guilty until proven innocent.
One hopes it goes better than driver signing has been for Windows Vista.
And not a moment too soon. Virus takeovers and theft from systems are on the rise. It used to be that many viruses were built just to see how far they would spread. They sometimes came with the the attitude that if you were stupid enough to get infected, then we’ll delete your photos or some such. In the last decade, they have been playing with techniques for taking over your computer remotely (and there are many thousands of such compromised computers, or zombies) and using them to make volume attacks on web sites they wish to compromise. That technique has been fading as network experts have figured out ways of thwarting such attacks.
Now its become about money. Its become profitable to take over or break into a computer and steal access to bank accounts and such. CBC reports on the issue: