Why Whitelisting Works
PC Pitstop CEO Rob Cheng was quoted extensively in this detailed look at whitelisting by Drew Robb & published at esecurityplanet.com.
The rising popularity of whitelisting boils down to simple math. With a relatively small number of malware items, it made sense to compile known virus signatures to detect and prevent infection. But with a huge increase in the volume of viruses and other forms of intrusion, it isn’t easy to keep virus signatures up to date.
That is where whitelisting comes in. Instead of listing all the potential bad stuff you don’t want to let in, it’s simpler to create a shorter list of applications and processes that are authorized to run.
Whitelisting and Ransomware
“Whitelisting is more necessary than ever because viruses and other malware are morphing,” said Rob Cheng, CEO of PC Pitstop.”This means that one virus looks like hundreds or thousands of different viruses to traditional AV products.”
The type of attack vector has shifted recently, with individual users and entire companies being subjected to ransomware – infections that encrypt all their data and lock them out unless they pay a ransom. Recent ransomware attacks like CryptoLocker and CryptoWall are examples of attacks that could have been prevented through the use of application whitelisting.
“The stakes have gotten higher because of ransomware viruses, which encrypt your hard drive and demand a ransom in BitCoins for all your files back,” said Cheng. “It encrypts photos, videos, Excel files, PowerPoint presentations and so on, so all your most personal documents are lost.”
Traditional products use a blacklist to attempt to stop ransomware. But a virus will be blocked from executing and hence infecting only if it is on the list. That can be too slow, given the speed with which the bad guys morph their malware. By the time it is on the blacklist, another variant is invading user files.
“A whitelist stops the virus morphing issue dead in its tracks,” said Cheng. “From a marketing perspective, we describe the white list as a VIP list for your PC. If you are not on the list, then you are not getting in.”