whitelist
July 20th, 2009, 08:07 AM
Hi everyone,
I have read a number of helpful posts on this forum and I have seen a number of Firewalls, Sandboxing, Virtualization, Light Virtualization, Whitelisting and HIPS tools discussed - I don't know if what I want exists yet so I will describe it below and would love to hear your thoughts/suggestions...
I want a Windows security solution which allows granular, rule-based control over the resources that applications have access to and the scope of that access. This would behave much like modern firewalls, but for all kinds of resources, not just networks. Resource interaction that could be controlled includes access to the Filesystem, Registry, Network, Process Execution, Interaction with other processes or the Operating System/hardware itself. This should allow me to entirely isolate certain applications, or only allow them access to the exact resources that I/they require and nothing more.
Ideally it would also allow some simple virtualization like other sandbox/light virtualization tools (i.e.: it can allow an application to think it is writing to/reading from the filesystem/registry but it is actually just writing to/reading from a temporary scratch space that can be erased after the application is closed).
Other Features which would be cool and might make the solution easier to use:
Built in access to an updatable database of whitelisted applications (and their MD5's) that are known to be safe, this could allow time to be saved when training the tool for common applications.
'Community Opinion' feature built into alert dialogs to allow user to reference crowd-sourced information when in doubt. This feature could quickly search a website for stats on identical alerts/MD5's that other users have encountered. The user could then see how other users responded to that same alert and the percentages/numbers of them that chose each type of response.
'Community Comments' button that the user can click to view/start a web-based forum thread containing community discussion related to that unique alert.
Final thoughts: To get a better idea of what I am after, have a glance through my subsequent post, which contains a bunch of hypothetical usage examples. If something with similar functionality already exists, please let me know as I want it (!) - if it doesn't....I think it would be awesome.
- What are your thoughts?
- What security solutions do you recommend/use?
- What suggestions do you have?
Regards,
- Whitelist ;)
I have read a number of helpful posts on this forum and I have seen a number of Firewalls, Sandboxing, Virtualization, Light Virtualization, Whitelisting and HIPS tools discussed - I don't know if what I want exists yet so I will describe it below and would love to hear your thoughts/suggestions...
I want a Windows security solution which allows granular, rule-based control over the resources that applications have access to and the scope of that access. This would behave much like modern firewalls, but for all kinds of resources, not just networks. Resource interaction that could be controlled includes access to the Filesystem, Registry, Network, Process Execution, Interaction with other processes or the Operating System/hardware itself. This should allow me to entirely isolate certain applications, or only allow them access to the exact resources that I/they require and nothing more.
Ideally it would also allow some simple virtualization like other sandbox/light virtualization tools (i.e.: it can allow an application to think it is writing to/reading from the filesystem/registry but it is actually just writing to/reading from a temporary scratch space that can be erased after the application is closed).
Other Features which would be cool and might make the solution easier to use:
Built in access to an updatable database of whitelisted applications (and their MD5's) that are known to be safe, this could allow time to be saved when training the tool for common applications.
'Community Opinion' feature built into alert dialogs to allow user to reference crowd-sourced information when in doubt. This feature could quickly search a website for stats on identical alerts/MD5's that other users have encountered. The user could then see how other users responded to that same alert and the percentages/numbers of them that chose each type of response.
'Community Comments' button that the user can click to view/start a web-based forum thread containing community discussion related to that unique alert.
Final thoughts: To get a better idea of what I am after, have a glance through my subsequent post, which contains a bunch of hypothetical usage examples. If something with similar functionality already exists, please let me know as I want it (!) - if it doesn't....I think it would be awesome.
- What are your thoughts?
- What security solutions do you recommend/use?
- What suggestions do you have?
Regards,
- Whitelist ;)