Recently, eWEEK Labs took at look at the emerging Windows security strategy of application whitelisting: the practice of identifying which applications are allowed to run on a system, rather than those that are not allowed to run.
For that package, we focused on add-on products that bring whitelisting capabilities to Windows, but it's possible to implement whitelisting with out-the-box functionality that's been available for Windows systems since the release of Server 2003.
The Windows feature, called Software Restriction Policies, or SRP, enables administrators to control whether applications and libraries are allowed to run on a Windows machine based on the path, digital certificate, hash or extension attributes of the executable in question.
SRP affords administrators less granularity in crafting these control schemes than do full-fledged application whitelisting products such as Bit9's Parity 4.1 or CoreTrace's Bouncer 4.0. What's more, SRP doesn't deal as well with change management as do these and other third-party whitelisting options.
However, as part of Windows, SRP doesn't carry any additional licensing costs, and the tool works both with large networks of Windows clients (through Group Policy) and with individual Windows machines (through the local security policy). As such, SRP is well worth further evaluation for Windows shops interested in tightening security and doing more with less.
Looking forward to Windows 7-the forthcoming version of Windows at which Microsoft recently gave the general public a peek-SRP will morph into something with the more marketing-friendly name AppLocker, which will come with a handful of worthwhile feature enhancements.