Whitelisting – Is it worth the work?
Recently, Information Week reported application whitelisting as an “extreme” method for preventing malware. Is it extreme? It very well could be. Application whitelisting goes against the very core of traditional security programs. Instead of using a blacklist, which allows unknown files to execute until proven malicious, a whitelist will block all unknown programs from executing until they have been proven safe. This is where the “extreme” term, may be validated.
Extreme Protection for Extreme Threats
While using a whitelist security solution, all unknown programs are blocked from running. In order for the program to run, it must be tested and categorized as either safe or malicious. This responsibility may fall on an IT department or if you’re lucky — the security program will take care of it. Regardless, it could be a major responsibility for either party if the whitelist is not developed, and blocks several programs because they haven’t been proven safe yet. These two factors determine the complexity of implementing such a security program.
Fortunately, there are security programs that have been using the whitelist approach for years. Therefore, their whitelist is far more mature than others who are just now jumping on the whitelist bandwagon. If users choose a security program with a well-seasoned whitelist, the workload will be significantly decreased. If users choose a security program that conducts all of the malware testing themselves, instead of leaving a burden on a company’s IT department, the workload is dropped even more!
Does the work it takes to progress from an ineffective security program to one that uses a whitelist approach outweigh the benefits? No. Not even close. Choose a program that has been using a whitelist approach for years, and will be responsible for the unknown program testing and you’ll be left with no more of a workload than your current security solution, but with far better protection.