Why Whitelisting Works


Why Whitelisting Works

PC Pitstop CEO Rob Cheng was quoted extensively in this detailed look at whitelisting by Drew Robb & published at esecurityplanet.com.

The rising popularity of whitelisting boils down to simple math. With a relatively small number of malware items, it made sense to compile known virus signatures to detect and prevent infection. But with a huge increase in the volume of viruses and other forms of intrusion, it isn’t easy to keep virus signatures up to date.

That is where whitelisting comes in. Instead of listing all the potential bad stuff you don’t want to let in, it’s simpler to create a shorter list of applications and processes that are authorized to run.


Whitelisting and Ransomware
“Whitelisting is more necessary than ever because viruses and other malware are morphing,” said Rob Cheng, CEO of PC Pitstop.”This means that one virus looks like hundreds or thousands of different viruses to traditional AV products.”

The type of attack vector has shifted recently, with individual users and entire companies being subjected to ransomware – infections that encrypt all their data and lock them out unless they pay a ransom. Recent ransomware attacks like CryptoLocker and CryptoWall are examples of attacks that could have been prevented through the use of application whitelisting.

“The stakes have gotten higher because of ransomware viruses, which encrypt your hard drive and demand a ransom in BitCoins for all your files back,” said Cheng. “It encrypts photos, videos, Excel files, PowerPoint presentations and so on, so all your most personal documents are lost.”

Traditional products use a blacklist to attempt to stop ransomware. But a virus will be blocked from executing and hence infecting only if it is on the list. That can be too slow, given the speed with which the bad guys morph their malware. By the time it is on the blacklist, another variant is invading user files.

“A whitelist stops the virus morphing issue dead in its tracks,” said Cheng. “From a marketing perspective, we describe the white list as a VIP list for your PC. If you are not on the list, then you are not getting in.”


http://www.esecurityplanet.com/malware/whitelisting-why-and-how-it-works.html

(Visited 40 times, 1 visits today)

8 thoughts on “Why Whitelisting Works

  1. This makes perfect sense. This is basically what I have ended up doing with my browser. I got so tired of all the extra extensions being added without my knowledge or consent that I finally blocked ALL cookies and java scripts. As I browse sites that I choose and trust I allow cookies and scripts individually as they are needed. It’s the only thing that has effectively solved the problem. There are far too many advertising snoop links hidden in web pages to be able to block all the unwanted content. It’s much easier to allow only what you want in.

  2. Great article, but I have a 101 level question. Does rasomware works just on the HDD that can be fixed by replacing the HDD with a current B/U drive, or does it bury itself into the computer bios that would require battery removal and re–installing a backup bios?

Leave a Reply

Your email address will not be published. Required fields are marked *