Application whitelisting is coming to Linux and Mac platforms.
To date, application whitelisting vendor CoreTrace has offered its Bouncer technology just for Windows, yet is now set to expand the effort due to market demand and opportunity. According to CoreTrace, Linux and Mac users face some of the same types of application risks as their Windows peers, which is why there is a need. The increased usage of Apple Macs is also helping to drive demand for an application whitelisting solution.
In the enterprise market we have had a lot of customers ask us for Red Hat support, there are a lot of Red Hat Enteprise Linux servers out there and there are a lot of people running Red Hat on the desktop,” Dan Teal, founder and CTO of CoreTrace told InternetNews.com.
CoreTrace’s Bouncer technology enables administrators to lock down applications by way of an application whitelist. The technology was updated to version 6in July of 2010 with cloud-based intelligence to help enterprises determine if an application poses risk to the organization based on known good and known bad applications.
The Linux and Mac versions of Bouncer are being developed as part of the Bouncer 6.1 release which is currently in development and is expected to be generally available by March. Teal noted that the plan is to have support for Red Hat Enterprise Linux, SUSE Enterprise Linux and Ubuntu as part of the officially supported release. He added that Fedora and openSUSE won’t likely be officially supported though he expects that Bouncer 6.1 will be able to run on those platforms as well.
As a result of building Bouncer for Linux, a small part of the program might end up becoming open source.
“We’re looking at making a kernel component available but a lot of our intelligence is in the userspace and that will not be open sourced,” Teal said. “The mechanism that we’re using to enforce the whitelist and how we communicate with the userspace service – that will be available to our customers.”
Fundamentally, the way that CoreTrace Bouncer works on Windows will be similar to the way it will work on Linux and Mac as well. JT Keating, vice-president marketing at CoreTrace, explained that the Bouncer program on all platforms auto-generates an application baseline of known good applications. Keating added that in terms of the CoreTrace reputation service, which helps enterprises to determine which applications may pose a risk, there is still work being done.
“We’re still investigating how great the coverage is of the known good is, we know we have a lot on the Linux side but we’re trying to assess what we have in terms of Mac apps,” Keating said. “On known bad, our coverage is pretty good for malware that is targeting the Linux and Mac platforms.”
As opposed to Windows users, Linux users are no strangers to application control. Red Hat, Novell SUSE and Ubuntu all implement some form of access control solution. Red Hat uses SELinux, while Novell SUSE and Ubuntu use the AppArmor framework for mandatory access control which restricts process and application access. According to Teal, the CoreTrace Bouncer solution is complementary to both SELinux and AppArmor.
“If you need to run an operation or a process, on the Windows side you have to have the permission, which on most Windows boxes is already there,” Teal said. “On Linux and Mac you have to pass all the mandatory access controls that are provided and you also have to pass us from an application whitelisting point of view.”