Bit9

This article by Rob Vamosi of CNet came out last week and created a lot of debate on white listing, what it means.  

I'm seeing a few outdated misconceptions, and a couple of points made in the posts that we can help clarify.

Regarding the Bit9 Global Software Registry: -- the Bit9 GSR is used as a look up service
- in the cloud - for enterprises that want to identify unknown applications. It provides reputation ratings for applications, which are classified by hash. This is completely different than an enterprise's white list of good applications that are allowed to execute. The enterprise decides what applications are included on their white list and which ones are acceptable according to company policy.

The Bit9 GSR is extremely helpful as a service for IT, security, audit and compliance professionals who are deploying white listing protection and want to find out what is on their end points. It is an eye opening experience discovering all the applications that are on an enterprise's endpoints. IT professionals often find something and have no idea what it is. Think of the GSR as the Yellow Pages or Consumer Reports for trusted applications.

What's clear is that the blacklist-only approach to IT security is quickly becoming extinct. There's just no way to test, catalog, update, patch and scan our way to protection from malware using antivirus signatures. If there were antivirus signature updates being pushed across enterprise networks every time a virus mutated, the signature files would cause more network slowdowns than the viruses themselves.