Conficker needs application control
by Rupert Beeby on Oct.13, 2009, under Endpoint Software Packages, Industry News, data security, data security trends
Latest reports on conficker infections include not only Ealing Council (see previous post) but also Oxford Brookes University, Manchester City Council and Whipps Cross University Hospital NHS Trust. Prior to this, the Houses of Parliament and Ministry of Defence were infected.
So AV has been proved to be powerless with this worm and even the DLP vendors do not have any defence as they tend to focus on information passing out of the organisation. Application control should be a part of a DLP solution to stop worms from running and spreading to the rest of the organisation. In most cases it is not as AV and most DLP is focused internally not at the endpoint which is the highest risk. Maybe Windows 7 will save us but how many will implement the application control features and AV and DLP. Not many I fear - Take a look at our sponsors product and if implemented will protect against zero day attacks and Conficker worms as well as the normal DLP features.
October 16th, 2009 on 4:35 pm
Symantec endpoint protection already has application and device control. It is able to block by application name or md5 fingerprint. This has been critical in stopping the spread of conflicker in networks that run endpoint. Also note these networks should fully update windows so they don’t get the worm in the first place
November 4th, 2009 on 11:57 am
Thanks for bringing that up. The trouble is that customers don’t understand the importance of using application control so they are not asking for it nor do they enable it if they have it. So Conficker always finds somewhere to infect. Would using the application image be a better way to stop apps?