Ícon Informationen

FAQ

Frequently Asked Questions about seculution Application-Whitelisting

General Questions

Even in its basic configuration, seculution protects against more potential dangers than any virus scanner could ever do. The patented whitelisting technology makes it possible to prevent even completely unknown malware from running. We have clarified the principle for you here.
However, the seculution solution is compatible with all common antivirus solutions if you wish to continue using them.

seculution can secure networks of all sizes without a lower or upper limit. It is only necessary that the network is managed by at least one professional full-time administrator. Learn more in our Whitepaper and Product Broshure.

The whitelisting of applications/software, also known as application control, is based on the concept of only allowing software that is listed on a whitelist of known applications to run. In a network whose endpoints are secured by an application whitelist/application control solution, nothing can be executed that is not explicitly allowed.

The concept completely reverses the approach that virus scanners take almost 100% to protect a network today and offers an incomparably higher level of protection. Because traditional antivirus software always relies on knowing the malicious code it is supposed to block. See also seculution Antivirus.

To put it even more simply, everyone acts exactly according to the same functional principle at your front door. You only allow those into your house who have been listed as trustworthy on your own whitelist. Everyone else will not get through the door.

While the seculution Agent has a network connection to the seculution Server Appliance, requests are always sent to the Appliance. This enables a zero-second response time for changes. If the agent is offline, it accesses a locally stored and encrypted database. See also seculution Agent.

Good question. We do not understand either. Did you know us before you visited this website today?

A hash is a checksum that can be used to verify the integrity of data. Since the checksum, similar to a cross sum of a large number, changes as soon as only one bit in the source code of the file from which the hash was created is changed, you can use hashes to identify the checksum forgery-proof. The function of seculutions Agent Software is based on this property, which generates the hash of the program every time the program is started and automatically checks against the whitelist.

No. Querying a hash that is generated by the seculution Agent from the respective software takes only 30 ms. This is approximately the time that a ping needs. Because of this behavior and the very small package size, which is checked against the Server, seculution works in an extremely resource-conserving manner. If you compare this value with a heuristic live check of a Virus-Scanner, seculution is faster about a factor of 10,000. Yes, we know this is an apples and oranges comparison. But it gives an impression of the dimensions we are talking about.

The seculution Server contains the Whitelist you maintain and the associated rules for the contained objects.It is installed as a virtual machine in your network and you have full control over your data at all times. No usage data is transferred to the Internet. Your data will remain yours. Guaranteed.

Short answer:
The weaknesses found in the hash algorithms MD5 and SHA1 have no effect on the security of seculution since it is still not possible to generate a malicious software that has a predetermined hash. It is not possible to create a file that has the same hash as a software already contained in seculutions whitelist.

Detailed answer:
In the media SHA1 and MD5 are described as being "broken" because it is possible to generate collisions. A “collision” with respect to hashes means that you can create two different input files (file1 and file2) which after passing through the hash algorithm result in the same hash. However, it is not possible to influence the resulting hash in any way.

To perform an attack on the security offered by seculution , an attacker would have to create a file whose hash is already contained in seculution 's Whitelist (“pre-image” attack). A collision attack is about creating two different files which have the same non-determinable hash; A pre-image attack is about creating a file that has a specific, predefined hash. These are two completely cryptographically different tasks. Successful pre-image attacks are also not known with SHA1 and MD5.

The seculution-Cloud uses so-called trust levels to classify the trustworthiness of a hash. Each hash can be assigned a TrustLevel from 0 (= known malware) to 10 (= source code is known to seculution). TrustLevels are automatically created by the seculution-Cloud when importing hashes from sources known to be trusted.

Meltdown and Spectre

Meltdown and Spectre are the names for vulnerabilities that affected almost every computer chip manufactured in the past 20 years when they were found. The weaknesses were so basic and widespread, that security researchers called them "catastrophic". Therefore, these flaws were all over the press in 2018.

All forms of exploiting this vulnerability involve allowing a malicious program to gain access to data that it is not normally authorized to see. But this also requires the attacker to execute their malicious software on your system first to be able to compromise it. Since that is exactly what seculution Whitelisting prevents, it is able to protect against the exploiting of these vulnerabilities. The underlying issue may still exist (and it is definitely recommended to patch the system if at all possible), but the seculution security net does not allow the use of software that could exploit this vulnerability on any system that you can't patch, for whatever reason.

The interesting fact is that virus scanners, unlike whitelisting, cannot provide reliable protection. Unlike common malware, the exploitation of Meltdown and Spectre is difficult to distinguish from normal, benign applications. However, an antivirus program can detect malware that uses the attacks by comparing binary files after they become known. Until that happens, countless computer networks that are protected by virus scanners will have been infected.

Meltdown and Spectre were all over the press in 2018 for exploiting critical weak points in almost all modern processors. While that may seem dated by today, such side-channel exploit attacks will likely exist for many years to come and will always remain relevant. For now, Meltdown and Spectre still serve as a good example. These hardware vulnerabilities allow programs to steal data that is currently being processed on the computer. While programs are usually not allowed to read data from other already running programs, a malicious program can exploit Meltdown and Spectre (or any other as of yet unknown side-channel exploit like it) to access secrets stored in the memory of other programs. This includes passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre were present on many PCs, mobile devices and in the cloud. Depending on the cloud provider's infrastructure, it is possible to steal data from other customers by using such side-channel exploits.

Meltdown:
Meltdown breaks through the most basic isolation between user applications and the operating system. This attack allows a program to access the memory and thus also the secrets of other programs and the operating system.  

If your computer has a vulnerable processor and uses an unpatched operating system, it is not safe to work with sensitive information without leakage. This applies to both personal computers and the cloud infrastructure. Fortunately there are software patches against Meltdown.

Spectre:
Spectre breaks through the isolation between different applications. It allows an attacker to deceive error-free programs that follow best practices to reveal their secrets. In fact, the security checks of these best practices increase the attack area and can make applications more vulnerable to Spectre.

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent certain known exploits based on Spectre by software patches.

Ask your own question:

You could not find your question in our FAQ? Just tell us what you want to know, our support team will answer you as soon as possible.


* = Mandatory
seculution GmbH undertakes to treat your data confidentially. For further information on the collection and use of your personal data by seculution, please refer to our Privacy Policy.

Whitepaper

Come to the light side

Learn to use the power of the whitelist to your advantage.

© Copyright 2020 seculution - All Rights Reserved