Security Experts Hope To Write Eulogy For Blacklists

from the black-death dept

Blacklists have always been a significant tool in the security industry's anti-malware arsenal. For years, the basic anti-virus model was simply to maintain a list of known viruses (and their permutations) and match any potential virus against that list. As malware started to proliferate and vary wildly, security firms have augmented this approach with other techniques, though the basic blacklist still remains. Blacklists are also used to protect against spam and identify websites that may be hostile. But just as the model has come to be inadequate in the traditional anti-virus space, so too is it seen as deficient for other purposes. Among the complaints about blacklists include the fact they're easy to accidentally fall into, while easily gamed by those looking to get off them. Essentially, blacklists are a blunt weapon unsuitable for the complexity of good security systems. Just ask the customers of Verizon, who at times have had all of their foreign email blocked, because the company's overly aggressive anti-spam software. Interestingly, one major user of blacklists is Google, which uses them to warn users about potentially malicious sites that they may encounter through searches. Seeing as the company is ramping up its security business, it will be worth watching whether it continues to push blacklists, or if it seeks out more sophisticated mechanisms for discerning what's legitimate online.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: blacklists, security, spam


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    JustMatt, 10 Jul 2007 @ 5:27am

    Blunt or not they are still a tool

    I like 'em and I use 'em!

    link to this | view in chronology ]

    • identicon
      poop-chute mcphatty, 10 Jul 2007 @ 5:55am

      Re: Blunt or not they are still a tool

      they're still a tool, and you're still a tool. What is needed is a day 0 tool (like cisco and others have or are developing)

      link to this | view in chronology ]

      • identicon
        Hungry, 10 Jul 2007 @ 8:06am

        Re: Re: Blunt or not they are still a tool

        Unlike the blunt tool he can be used to make me a grilled cheese sandwich

        link to this | view in chronology ]

        • identicon
          Juan Ponce de León, 13 Mar 2008 @ 3:03am

          Re: Re: Re: Blunt or not they are still a tool

          I'm looking forever for a grilled cheese sandwich. Can you put in an order for two?

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Jul 2007 @ 6:52am

    understanding the threat

    Blacklists can be a very precise tool under the right circumstances:

    1. The entities to be blacklisted can't change identity easily
    2. The detection mechanism has a very low false positive rate

    Both of these are true for compromised sites hosting browser exploits.

    link to this | view in chronology ]

  • identicon
    Matt Bennett, 10 Jul 2007 @ 7:18am

    Um, you talk about it as if blacklists are an exclusive method. They're not, and there's no reason to ever abandon them completely. Say Google comes out with more "sophisticated mechanisms" pick out bad sites. There's no reason not to supplement that with a blacklist of sites that they know are bad regardless of what their algorithms say, or indeed a whitelist, of sites they know are good regardless.

    link to this | view in chronology ]

  • identicon
    freak3dot, 10 Jul 2007 @ 7:47am

    Matt is right on with his comments.
    Even if we come up with a better solution. We want to make sure we continue to block known malware.
    freak3dot

    link to this | view in chronology ]

  • identicon
    JS Beckerist, 10 Jul 2007 @ 8:05am

    White List vs. Black List

    White List vs. Black List, and I'll give a prime example: the Firefox plugins, NoScript and Adblock.

    NoScript is a White list based service. It blocks all Javascript from every top level domain until you specify otherwise. Adblock is a black list based service. It doesn't block ANYTHING until you specify otherwise (good for image based advertisements, and fun to build!)

    My point with this is, both are very useful and perform similar functions but are meant for two different things. NoScript is my powerhorse, nothing gets through it that I don't want. Adblock, while working more like AV software, will prevent things from loading AFTER I've already seen it once. This is NOT effective when trying to prevent an unknown for the first time, every time, and really the White List method is the only real way to do this.

    ...then again, look at Windows Vista. Would you like to perform this action? Yes or No? A step in the right direction if you ask me, and I think A/V could learn a thing or two from this.

    link to this | view in chronology ]

  • identicon
    James W., 10 Jul 2007 @ 3:24pm

    Nothing new being said

    For the last 4 years, I've had to deal with blacklists of various sizes and scopes and a number of them are slowly becoming havens for false positives. This is becoming increasingly more true -- and visible -- in the realm of spam blacklists.

    I've written about this for a few months now, especially about those boneheads at Verizon, and I've been watching this territory slip further into the hands of spammers and admins are losing out because of laziness and blacklists based around unethical purposes.

    link to this | view in chronology ]

  • identicon
    inam farooq, 8 Jan 2010 @ 3:24pm

    blacklisted web and companies in china

    hello every body donot sent money to any china companies also www.alibaba.com,in this web maney china companies and also some other countries making maney type of business in this web.donot west the time and money.
    please read with care fully,in this site maney companies doing cheating they are very very expert to satisfied to other peoples.beacouse i have sended to money for 10 companies.here every company say send money only by westren union.after collect my money they did not sent my parcel.
    parcel detial is laptops,external hdd hard drive,hdd,digital cameras and maney think.for more imformation every body can ask with me.my cell no.+49-151-28204484,e-mail mr_inamfarooq@yahoo.com.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.