Application Whitelisting–Our Nation’s Solution?
Never in our history has cyber security been a bigger threat than it is now. Whether it is our computers, smart phones, tablets, televisions, smart watches, etc., they’re all at risk. Recent reports stated, over 3 million users were exposed to malware in the fourth quarter of 2016, almost a 23% increase from Q4 of 2015.
How can we possibly secure our data against these threats? The FBI and The Department of Homeland Security have encouraged device users to implement application whitelisting as an advanced measure to help mitigate the risk of a malware infection. The NSA has also added application whitelisting to their best practices.
What is Application Whitelisting?
In order for you to understand whitelisting, you first must understand blacklisting — the traditional method used for device protection.
Blacklisting is the methodology of keeping track of every known threat. These threats are placed on a “blacklist”. When a file or program attempts to execute on your device, it is compared to the blacklist. If the file/program is found on the blacklist, it will not run because it is a known malicious threat. This method of security is no longer acceptable, because malware changes every single second. This makes it impossible for the blacklist to remain adequately updated, to prevent malware infections.
Application whitelisting is the exact opposite of the blacklist approach. Instead of keeping a list of “bad” files, application whitelisting is a list of all known trusted applications. Therefore, when you attempt to run a file or program on your computer, it is compared to the whitelist. If it is found on the whitelist, it is allowed to run because it has been tested and deemed secure. If the file is not on the whitelist, it is blocked until testing can be done to determine its security.
What About False Positives?
False positives are considered the primary inconvenience when using application whitelisting. False positives occur when a whitelisting solution will not allow a safe program to run. This is when testing takes place to determine the security of the program or file.
That being said, it is believed PC users would rather have a higher level of protection against modern cyber security threats and cope with the minor inconvenience of a false positive, than provide malicious files the opportunity to execute by using a sub-par security solution that excludes application whitelisting.
How to Start Implementing Application Whitelisting
As stated above, some of our nation’s largest security offices are encouraging application whitelisting as a way to address the risk of malware, but how do you implement it? There are a few ways to begin the process, some more time consuming and backend work than others.
- Start your own “whitelist”. This can be done through the IT department, your own personal computer, etc. This however, is incredibly time consuming, and creates a significant amount of backend work for the IT department. Creating a whitelist from scratch is an option, but not a very good one.
- Use a security solution that already includes application whitelisting. This is probably by far, the best option. That being said, do your research on these security firms. Many claim to use application whitelisting, but actually do not use it as their primary method of detection.
PC Matic and PC Matic Pro
PC Matic and PC Matic Pro have been working on their whitelist for years. It is the only global whitelisting agent that is automated, creating minimal backend work for the PC users and IT departments. Our application whitelisting has been proven to be far more effective than competitors in preventative malware detection, scoring a 99.9% proactive detection rating in the most recent Virus Bulletin Reactive and Proactive (RAP) Test.