I am not disputing the potential for application control to provide additional controls to improve security and protect enterprise desktops, I was more pointing out Pat Clawson’s unstable nature and use of foul language to describe his position. As for Symantec, they may agree that application control should be added as part of the overall endpoint protection platform but there is no way Symantec, McAfee, Trend or the rest of the AV vendors would ever relinquish the cash cow known as AV to make the world a better place.

There is wide disparity in how organizations structure their networks, implement software (or dat file) distribution points and manage systems and security technologies at the desktop. A flat, centrally managed organization with limited VLAN or switching with tight coupling between software distribution and security technologies will require less infrastructure to support McAfee than an organization that is highly complex and distributed – I am not claiming you are one or the other, however I am relating the experiences of organizations that expressed their environmental issues with such products as a Gartner client or as a BigFix customer. To give some perspective an organization that is abot 10k desktops shy of 33k required 9 ePO servers based on their network architecture, these ePO servers were not tiered and they needed to export data to produce a single report showing AV health status across this segment of their environment. It is not uncommon for most client/server based technologies, whether they be McAfee or others, to require a single server to support between 2,500 and 5,000 machines. Some environments support much more and some support far less – but I think it is safe to say that McAfee’s claims of having the “world’s most scalable solution” is completely false and baseless.

http://www.itworldcanada.com/a/News/d8f38eab-0ab9-41e6-b68d-cebc7db176b3.html
http://www.cbc.ca/news/background/tech/privacy/white-list.html