Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Reviews

    With the Right Tools and Perspective, Whitelisting Can Work

    By
    Andrew Garcia
    -
    September 21, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Unlike some of my counterparts here at eWEEK, I am among those who think application whitelisting is definitely an interesting idea whose time has come for greater exploration in the enterprise. But administrators don’t need to buy into the concept over the whole enterprise, as there are places where it makes more sense – particularly from an ease of administration perspective. But with the right tools and the right plan, whitelisting is feasible.

      A few vendors are already doing application whitelisting for enterprise customers with some interesting results. For instance, I reviewed Bit9’s Parity earlier this year and found it to be a pretty compelling product that just needed a little more polish. What I liked most about the product, however, were the tools Bit9 had created to identify and vet applications on the Web. Their ParityCenter and FileAdvisor services actively acquire software from the Web, determining who signed the file and scanning it for malware – then placing the code found into buckets of unsafe vs. safe applications, thereby giving administrators a frame of reference to base policy decisions upon.

      Also, Lumension (formerly Patchlink, which bought SecureWave) has been mining the whitelist area for awhile, teaming it with excellent port blocking controls, something Bit9 has also improved upon in their latest version.

      If other vendors with more clout and more resources (like Symantec) want to get into the practice of vetting and giving a seal of approval (for whitelisting purposes) to applications – rather than just finding and IDing malware – then I see that as a good thing for the security industry. Since their automated tools are undoubtedly already culling and examining “good” code anyway in their sweep for bad code, an actionable list of that “good” code would be easy to produce and could lead to much more secure computing environments for those willing to take the leap to whitelisting.

      With some tools and technology already out there to do whitelisting, and it is up to the administrator to decide if and where such a technology would be best utilized. For instance, application whitelisting is absolutely intriguing when we are talking about servers. If you have a virtual server farm, with each instance performing a limited, core set of functions, why not whitelist? You already know what should be on there and you want to prevent anything else from running.

      On the desktop, obviously the argument for application whitelisting is more complicated, as various deployments will stray mightily from the golden image when you account for all the different task-specific permutations of applications that are necessary to do this job or that. In our Bit9 test, I found it easier to deploy whitelisting with fresh systems rather than on an in-place desktop or laptop fleet, due to the large disparity of configurations.

      But when beginning the project from a known starting place, whitelisting can be a fine complement to a Least Privileged User configuration. Administrators can then adjust whitelist policy, by knowledge-group, to adjust for the different approved applications needed for workers to do their jobs – whether these applications are bought, open-sourced or homegrown.

      The big question with application whitelisting should instead rest on who ultimately has control over the list. If an AV vendor like Symantec – or a security software company like Bit9 or Lumension – rules the whitelist with absolute authority, then no, whitelisting will not work. But if the IT administrator has the flexibility to adjust the whitelist, along with the tools to identify differing applications and adjust policy accordingly, then I think whitelisting is a feasible approach.

      Andrew Garcia
      Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×