Testing Microsoft's Windows Application Whitelisting Tool

 
 
By Jason Brooks  |  Posted 2008-11-05 Print this article Print
 
 
 
 
 
 
 

The SRP feature in Microsoft Windows doesn't offer the same granularity of control or change management capabilities as whitelisting options from third-party vendors, but there also are no extra licensing costs and it works well with Windows clients and servers.

Recently, eWEEK Labs took at look at the emerging Windows security strategy of application whitelisting: the practice of identifying which applications are allowed to run on a system, rather than those that are not allowed to run.

For that package, we focused on add-on products that bring whitelisting capabilities to Windows, but it's possible to implement whitelisting with out-the-box functionality that's been available for Windows systems since the release of Server 2003.

The Windows feature, called Software Restriction Policies, or SRP, enables administrators to control whether applications and libraries are allowed to run on a Windows machine based on the path, digital certificate, hash or extension attributes of the executable in question.

SRP affords administrators less granularity in crafting these control schemes than do full-fledged application whitelisting products such as Bit9's Parity 4.1 or CoreTrace's Bouncer 4.0. What's more, SRP doesn't deal as well with change management as do these and other third-party whitelisting options.

However, as part of Windows, SRP doesn't carry any additional licensing costs, and the tool works both with large networks of Windows clients (through Group Policy) and with individual Windows machines (through the local security policy). As such, SRP is well worth further evaluation for Windows shops interested in tightening security and doing more with less.

Click here for an eWEEK Labs walk-through of Windows 7 screenshots.

Looking forward to Windows 7-the forthcoming version of Windows at which Microsoft recently gave the general public a peek-SRP will morph into something with the more marketing-friendly name AppLocker, which will come with a handful of worthwhile feature enhancements.



 
 
 
 
As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. Jason's coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at jbrooks@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel