McAfee global chief executive David DeWalt has said that his company will continue to use whitelists in its security products despite the fact that they have been repeatedly exploited by hackers who use stolen trusted certificates to sign malware.
McAfee global chief David DeWalt has said that whitelists will be used in the company's security products. Photo credit: Darren Pauli/ZDNet Australia
The infamous Stuxnet family stole Authenticode-signed certificates from Realtek and JMicron to push malware through to whitelist-protected computers. Hackers also stole a VeriSign certificate, which US-based Vantage Credit Union used for its Quicken and Microsoft Money software. That certificate was then used to legitimise malware.
"Whitelisting and blacklisting have flaws, but we do see a combination of the two that is very powerful," DeWalt said. "Whitelisting — where only one source can update the operating system — is much more secure ... where there is only one trusted source, only one point of vulnerability."
For more on this story, see Stolen creds don't kill whitelisting: McAfee on ZDNet Australia.