Malware is a constant and continual threat to your computer and, if you run Windows especially, your computer has a big target on it. The field of malware is shifting constantly and this leads to security products that sometimes fail to protect the PC against something which is brand new.
For this reason, we expect to see an industry shift to whitelisting to protect your machine.
What is Whitelisting?
Well, a blacklist would be a list of offenders. Anything not on that list is assumed to be OK. The problem, today, is that new attacks are spawning so fast that they are not added to a company’s blacklist quick enough to protect the target PC. So, the opposite approach is the whitelist. Anything on the white list is allowed through, while anything not on the list is assumed evil.
Whitelisting isn’t new. Some security products already use it, such as Comodo Firewall or System Safety Monitor. The problem is that it can lead to an extremely annoying computer experience. You will be subjected to pop-up warnings constantly. So, the challenge for antivirus companies is to switch to whitelisting while not annoying their customer base.
According to Symantec, about 65% of the applications released to the public are malicious. Now, obviously Symantec has a financial interest in perpetuating these kinds of stories, but nonetheless it is an alarming stat. Symantec is also in a position to be privy to this type of data. Their Norton Community Watch program results in a huge database of applications being run on participating PCs.
Bit9 is a company which maintains a huge list of known-good applications. Antivirus company Kaspersky released their new Internet Security 2009 product which takes into account whitelists maintained by Bit9. The software does not automatically block programs not on the whitelist, but uses the white list as a way of focusing the scanning activity onto higher-risk, unknown apps.
The Bit9 whitelist is humongous, including several billion entries. But, no white list is going to be complete. There are a lot of lesser-known applications out there. So, Symantec is looking at perhaps using crowdsourcing as a solution.
Who Maintains The List?
The idea is to use the collective community of users to determine if an application is OK. If they see the same app on a lot of different machines on the network, then the app is probably OK even if it is not on the whitelist. It is similar to the way Cloudmark puts together its spam filtering service. The difficulty with this model is that it would most easily lend itself to the idea of each security product maintaining its own white list. This would be an administration nightmare for software creators who would need to submit their software to multiple white lists. So, the alternative is to have a central white list. Who maintains that whitelist will be an issue and would also likely lead to a lot of politics and conspiracy theories.
Politics aside, whitelisting in some form is perhaps the utopia of PC security. There is just going on to expect a security product to always be able to protect a machine against the fast-changing threat scene.

Like what you read?
If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:







