Application whitelisting-a security practice in which administrators identify which applications are allowed to run on a system and deny all others-is all the rage these days. In situations where users can't be trusted, strict whitelisting makes plenty of sense as a part of a more comprehensive endpoint security policy. However, without enough provision for flexibility and centralized management, whitelisting products can render workstations too rigid for mainstream use.
I experienced the benefits and drawbacks of application whitelisting firsthand in my tests of Faronics Anti-Executable Enterprise 3.5, a whitelisting product that's available in Standard and Enterprise flavors. The Enterprise version is basically the Standard version that's managed centrally using the Faronics Core management console. To cut to the chase, I found Faronics Anti-Executable to be a solid stand-alone product for strict lockdown scenarios, but I was disappointed with its central management capabilities and its provisions for flexibility in the face of software updates and mainstream use.
During my testing, there was a three-day period of Patch Tuesday, an Adobe update and a Java update. Just on my little testbed of 10 workstations, it took considerable effort to allow the patches to be installed, to allow the updated app to run and to update the whitelist to continue to allow it to run. In an environment of 5,000-plus machines, this added burden could outweigh the positives provided by control.
On the other hand, in areas where configurations don't need to be updated constantly and where security is the paramount concern, Faronics Anti-Executable Enterprise does a great job. This is also a much more appropriate use of application whitelisting technology in general.
For example, the average business user would not tolerate the intrusiveness and disruption, but on a kiosk or shared workstation, this would be perfect. Malware can't run, keyloggers can't be installed and all warnings could be silent while non-whitelisted apps are terminated. Other use cases include workstations in a classroom, POS-really anywhere you want to limit the user to a few specific tasks and block everything else.
Faronics Anti-Executable Enterprise 3.5 is priced starting at $40 per client, with volume discounts that can push the price down to $9.99 per client.