With Parity 4.1, Bit9 offers an application whitelisting product that could challenge conventional anti-virus security tools. Bit9 Parity 4.1 joins other app whitelisting security tools from such vendors as CA, CoreTrace and Lumension.
Bit9's Parity 4.1 is effective host-based intrusion prevention for Windows
systems that works by whitelisting applications, allowing only approved
applications to run, and blocking anything else, including malware. IT managers
at any size organization should immediately consider using application
whitelisting to secure Windows systems.
Application whitelisting tools, including Parity, CA's CA HIPS (Host-Based
Intrusion Prevention System), CoreTrace's Bouncer and Lumension's Sanctuary
Application Control work differently from anti-virus, anti-spyware tools that
use signatures and anomaly detection schemes to try to stop unwanted software
Parity 4.1 worked effectively in my tests and the product raises serious
questions about the future usefulness of host- and gateway-based security
systems that focus on identifying fast-morphing malware signatures.
whitelisting isn't without flaws as a protection strategy-for example, there is
the need to painstakingly approve programs to prevent blocking needed apps.
However, Bit9's Parity, with an extensive database of vetted applications along
with a nimble agent and flexible policy engine, proved more than able to handle
my test environment.
in mind that Parity 4.1 doesn't clean malware from a system, although it
renders toxic executables inert. Parity does make it much easier to identify
the systems that are infected, however, and provides a specific report on which
machines are installed with unwanted software, thus making it a much easier
task to focus cleanup efforts.
4.1 became available in June and now provides Active Directory integration, a
useful "new files" report, software categorization that significantly eases
policy creation, automatic device inventory and the ability to virtualize the
4.1 can be licensed in two ways: a perpetual one-time license is $35 per
workstation and $350 per server. A subscription license is also available for
$19 per workstation, plus a maintenance fee.
4.1 is a client/server application. I installed the Parity Server in a VMware
ESX Server 3.5 environment on a virtual machine configured with dual processors,
a 60GB drive, 2GB RAM and a single network interface card with a fixed
IP address. This configuration is the minimum required for managing up to 3,500
4.1 can now use an external Microsoft SQL Server 2005 database to track
clients, which I installed on a VM in the same VMware ESX cluster. There is
currently no support for Oracle databases. The Parity Agent, which performs
disk inventory, monitoring and policy enforcement on workstations and servers,
can be installed on Windows 2000-, XP-, Vista, or 2003-based systems.
4.1 policies are enforced per Host Group, which I set up in the Parity Server.
My policy settings included monitor (watch and report), block (stop all
unapproved applications), ask (warn user of unapproved software with an option
to continue execution) and local approval (allow trusted users to approve
software on their individual system).
monitor policy was especially useful for understanding what applications were
in use on my test systems before making policy decisions on specific
first installing the Parity agent on a system, the initialization process took
from 10 to 40 minutes running in the background. This is
a one-time penalty as compared with anti-virus scans, which typically consume 1
to 2 hours of machine time per week. The initial discovery looks for
executables installed on the target system and then reports the inventory to
the Parity Server. My systems reported more than 17,000 items scattered across
several systems that have been used in typical production settings for the last
two years. These items are presented to the administrator in a list on the Web-based
Parity 4.1 console.