Technology

Making Use of Application Whitelisting

Written by Angelo Smith

Protecting your computer from viruses, malware, and other programs that will damage it is vital, especially if you go online all the time. These nasty programs can make their way to your computer through the internet, with hackers placing them on websites that otherwise would be completely safe. While many security programs make use of blacklists to prevent specific programs from running, few use a whitelist. This type of security device is the opposite of a blacklist. Only programs on the list are allowed to run, rather than blocking specific programs on the list. There are a number of challenges related to this type of security, but there are also a number of benefits to it.

Challenges

One of the biggest challenges to application whitelisting is that many business owners and even IT experts don’t realise that it’s an option. Blacklisting is much more understood and implemented, but it’s often simply not possible to blacklist every single malicious program, especially for the newest viruses.

With whitelisting, that’s not an issue since you know exactly what you need to run. It is possible for viruses to appear to the system as legitimate programs, and it can take some time to understand what applications need to be on the whitelist. As the IT needs of the company change, new applications will have to be added to the whitelist and others removed. It’s not something that is created and never dealt with again. Like other types of security, it has to be maintained.

The Need for Real Time Reporting

New application whitelisting Windows software is now available that removes many of these challenges. These applications provide ways of whitelisting proven applications that make it easy to deploy whitelisting and maintain it in any environment. These applications provide reporting and detection of suspicious programs in real time. If an application appears on your system and looks legitimate, it will still flag the file and record when it was first executed, its origin, and what resources it used.

airlockdetect-1

Small File Size

With blacklisting, you have to have a list of every single virus, piece of malware, and other software that you do not want to run on your system. Whitelist software is much smaller since you’re listing what you do want. This means instead of huge files that include thousands of virus definitions, you have a much smaller file size. This uses less system resources and takes up much less memory, leaving more of your system free to handle the applications you need.

Block Ransomware

A new challenge IT security has faced in recent years is ransomware, which are programs that lock you out of your computer or entire server until a ransom is paid to the hacker. These programs are often able to avoid detection because they create new, unique malware that is active for a very short period of time. This type of malware is very difficult to blacklist because it’s generated on the fly and each is unique. Whitelisting, however, defeats this type of malware because each listing of trusted files is unique to each system. Malware can’t know what to masquerade as because every deployment is different.

About the author

Angelo Smith