Thoughts on application whitelisting / Bouncer by Coretrace

[dabomb]

So my boss was pitching me the idea of purchasing Bouncer by Coretrace for our network. It is a security solution that runs at kernel level, and only applications in the whitelist are allowed to run. The people over there are saying you don't need windows updates, antivirus, or antispam software since no malicious process can execute as its not in the whitelist. Supposedly this is used on government computers.


I lol'ed at the website and lack of demo for download, but my boss was impressed by the web demo they gave him and we are going to conference call Coretrace this afternoon with a list of questions. They want around $24,000 to protect our 125 computers and servers.

Thoughts?

http://www.coretrace.com/

 

[ctheory]

So....

No demo
No real reviews of the software from the limited searching i've done
A web demo, but nothing that allows IT to test it before implementing
Hefty price tag


Mmm, no thanks.

 

[supermen]

For $24k, take the time and setup Software Restriction Policies using a GPO on your domain. It will suck to setup, but it isn't hard to maintain.

 

[da sponge]

I call shens on their "no malicious process". What about DLL injection? Remote exploit webserver, download a dll, load it and run its functionality in the context of IIS (or local system if it can escalate).

 

[supergper]

I'd steer sharply away from ANY company that says Windows updates, anti-virus, or anti-spam aren't needed on a Windows network. WOW is all I have to say.

 

[scotlandrocks]

Is it even possible to get an application to run at kernel level in Windows? Thought the kernel was supposed to be pretty much inaccessable in Vista and XP.