Neil MacDonald

A member of the Gartner Blog Network

Entries Tagged as 'Whitelisting'


Virtualization, Containers and Other Sandboxing Techniques Should be on Your Radar Screen

by Neil MacDonald  |  March 16, 2013  |  Comments Off

  The idea of “sandboxing” potentially malicious content and applications isn’t new but interest in this type of approach on Windows desktops is growing. Further, the increasing variety of virtualization and abstraction techniques available on Windows create isolation that can be used to provide security separation – aka “sandboxing”. Given the innovation around virtualization techniques […]

Comments Off

Category: Beyond Anti-Virus Endpoint Protection Platform Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: , , , , , , , , ,

This Just In: Signature-based Protection Ineffective Against Targeted Attacks

by Neil MacDonald  |  January 31, 2013  |  1 Comment

  Seriously, is anyone surprised? I’m sure you’ve seen the news about Chinese infiltration at the New York Times: http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html According to the article: Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec […]

1 Comment »

Category: Beyond Anti-Virus Endpoint Protection Platform     Tags: , , , , , ,

Getting Ready for Gartner’s 2012 Infrastructure & Operations and Information Security Summits

by Neil MacDonald  |  May 21, 2012  |  Comments Off

I’ve been absent from my typical blogging routine getting my material finalized for two Gartner upcoming US-based summits in June 2012. The first is Gartner’s Infrastructure and Operations Management Summit being held in Orlando the week of June 4th. This conference is focused on infrastructure and operations solutions for managing desktops, servers, and mobile devices […]

Comments Off

Category: Application Security Beyond Anti-Virus Big Data and Information Security Cloud Security Information Security Next-generation Security Infrastructure Security Intelligence Virtualization Security     Tags: , , , , , , , , , , , , ,

Windows 8 Raises the Bar for Security

by Neil MacDonald  |  September 28, 2011  |  1 Comment

I’ve been out the past two weeks visiting with clients and have been meaning to summarize my impression of the upcoming Windows 8 (expected mid 2012) from a security point of view. I attended Microsoft’s recent BUILD conference for developers where Windows 8 made its first official appearance. You can see my real-time tweets and […]

1 Comment »

Category: Beyond Anti-Virus Information Security Microsoft Security Windows 7     Tags: , , , , , , ,

Removing Administrator Rights for Windows Users is not “Lockdown”

by Neil MacDonald  |  May 4, 2011  |  Comments Off

In discussions with clients, I still run into some confusion on whether or not removal of administrator rights constitutes “lockdown”. Perhaps this was the case a few years ago with older Windows applications and Windows XP, but this is not the case today with Windows 7.  For example: Standard users can install and execute well-written […]

Comments Off

Category: Beyond Anti-Virus Endpoint Protection Platform Microsoft Security Windows 7     Tags: , , , , , , ,

Advanced Persistent Threats: Finding the Needle in a Haystack

by Neil MacDonald  |  April 14, 2011  |  4 Comments

Whether or not you agree with the use of the term “Advanced Persistent Threat” (APT), we can agree that there is a very real threat from advanced intrusions which persist undetected in our systems. By definition, these intrusions are advanced so our traditional (and increasingly ineffective) protection mechanisms such as firewalls and antivirus don’t catch […]

4 Comments »

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: , , , , ,

Are APTs Really New? Observations from the APT Summit

by Neil MacDonald  |  April 4, 2011  |  Comments Off

I recently had the opportunity to kick off a summit in Washington DC on the topic of Advanced Persistent Threats along with a number of other speakers representing different technologies and services that could be used to prevent or identify advanced intrusions. Here are my observations from the summit: 1) APT is first and foremost […]

Comments Off

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: , , , , ,

Yes, Standard Users can Install Software

by Neil MacDonald  |  March 15, 2011  |  Comments Off

The conventional wisdom is that a user who is configured with “standard user” privileges (the least possible in Windows 7) cannot install software (or malware for that matter). This is incorrect. Software that writes to the user’s data directory, and that doesn’t write to protected portions of the registry, can install correctly as a standard […]

Comments Off

Category: Endpoint Protection Platform Microsoft Security Windows 7     Tags: , , , , , , ,

Lesson from Android: Does More Open Have to Mean Less Secure?

by Neil MacDonald  |  March 11, 2011  |  Comments Off

Google’s Android has made the news a couple of times already in 2011: Here, with a credit card snooping exploit proof of concept and most recently, with malware that had gotten into the Google application store. The latter was particularly serious as it involved a privilege escalation attack that broke out of the Android sandbox. […]

Comments Off

Category: Application Security Beyond Anti-Virus Endpoint Protection Platform     Tags: , , , , , ,

NAC, DLP and Application Control: It’s About the Visibility, not the Control

by Neil MacDonald  |  March 9, 2011  |  Comments Off

Sitting here in the airport getting ready to fly back home, it occurred to me that all of these hyped technologies have had a critical shift in mindset over the past several years. Each of these technologies was originally touted with their ability to block and control “bad things” from happening. With NAC, this entailed […]

Comments Off

Category: Beyond Anti-Virus Endpoint Protection Platform Security Intelligence     Tags: , , , ,