McAfee chief trusts whitelisting despite exploits

McAfee global chief executive David DeWalt has said the company will continue to use whitelisting in its security products, even after recent hacks
Written by Darren Pauli, Contributor

McAfee global chief executive David DeWalt has said that his company will continue to use whitelists in its security products despite the fact that they have been repeatedly exploited by hackers who use stolen trusted certificates to sign malware.

David DeWalt of McAfee image

McAfee global chief David DeWalt has said that whitelists will be used in the company's security products. Photo credit: Darren Pauli/ZDNet Australia

The infamous Stuxnet family stole Authenticode-signed certificates from Realtek and JMicron to push malware through to whitelist-protected computers. Hackers also stole a VeriSign certificate, which US-based Vantage Credit Union used for its Quicken and Microsoft Money software. That certificate was then used to legitimise malware.

"Whitelisting and blacklisting have flaws, but we do see a combination of the two that is very powerful," DeWalt said. "Whitelisting — where only one source can update the operating system — is much more secure ... where there is only one trusted source, only one point of vulnerability."

For more on this story, see Stolen creds don't kill whitelisting: McAfee on ZDNet Australia.

Editorial standards