The technology, being pushed by such vendors as Cisco, is giving IT departments a new weapon in fighting malware. Application whitelisting is a good complement to other anti-virus strategies, such as blacklisting, diligent patching and user education.
Malicious software is a disease, and the conventional-wisdom
remedies of diligent patching, anti-virus deployment and user education
haven't proved potent enough to bring about a cure.
Enter application whitelisting, a different approach to the problem
of securing Windows clients. Application whitelisting has been around
for a while now, but has gained new currency over the past several
months, with industry leaders such as Cisco Systems Chief Security
Officer John Stewart pointing out the limitations and the expense of
current anti-malware strategies.
Application whitelisting, which is also known as application
control, contrasts with the blacklisting approach embodied by typical
anti-virus products. Rather than track and quarantine harmful bits,
whitelisting involves barring all but approved executables from running
on a given machine.
on eWEEK Labs research and testing on the current crop of applica??Ãtion
whitelisting products, we sug??Ãgest that administrators charged with keeping
Windows-based PCs secure from malware further evaluate where whitelisting can
fit into their security strategy, either to complement-or perhaps to
replace-their existing anti-virus investments.
What's Wrong with the Status Quo?
Prompt software patching and
diligent user education efforts form the foundation of any successful security
strategy. However, in the face of zero-day vulnerabilities and cleverly
targeted social engineering schemes, up-to-date applications and savvy users
aren't enough to keep your desktops secure.
most common complement to patching and education is an applica??Ãtion
blacklisting approach implemented through anti-virus software installed on
every desktop machine. Anti-virus as a security measure is so well ingrained in
the desktop world that Windows instal??Ãlations throw up a warning message if
anti-virus software is not installed, and the PCI DSS (Payment
Card Indus??Ãtry Data Security Standard) specifically mandates the use of
anti-virus software on machines through which credit card data passes.
anti-virus applications, which work either by blacklisting known bad software
or by actively scan??Ãning systems for suspicious behavior, come with significant
drawbacks and cannot block all attacks. For instance, there's considerable
system overhead associated with scanning, and the fre??Ãquent signature updates
required to keep anti-virus applications in good working order can be difficult
to main??Ãtain. These factors can prove particu??Ãlarly onerous on the often aged
systems that run point-of-sale applications at PCI-regulated organizations.
for systems with enough resources to shoulder scanning over??Ãhead, as well as
the connectivity and availability to receive frequent anti-virus signature
updates, these security products are reactive in nature and lack potency
regarding new or tightly tar??Ãgeted threats not yet included in the anti-virus
vendors' signature databases.