Sunday, July 8, 2007

Time To Blocklist "Blacklist"

The Register, a great read, and a usually sensible source of IT-related news, just published an article under its antivirus section entitled "Time to Blacklist Blacklists" in which the word "blacklist" is used to describe a list of items to be avoided.

Dear folks at The Register: I have friends and family that find the term "black list" offensive. It is time for a change.

Most of the security industry is moving to adopt the terms "Allow" list (or "Allowed" list) and "Block" list (or "Blocked" list) - sometimes known as "A-Lists" and "B-Lists" for short.

As for the plethora of Register articles holding the line that all malware detection should be done using zero-day technologies (rather than Block lists), it's time you went and visited a pharmacy. Every technology has its efficiencies and uses - when it comes to fighting bad guys, there is no "best way", just a "best combination" of available approaches.

The efficacy of scanning files for known issues cannot be disputed - the benefits of including ever more advanced heuristics, including zero-day exploit detection techniques, also cannot be disputed.

Let's continue to use both, when appropriate.

No comments: