Whitelisting made strides in 2009

Application control software is gaining acceptance with businesses

When McAfee bought Solidcore for its whitelisting technology this year, it was a clear sign that whitelisting is gaining acceptance — though not all users are happy about the trend.

The premise of whitelisting is to lock down applications on computers and allow only authorized ones to run. In general, whitelisting has a reputation for being difficult to manage because it requires keeping the whitelisted applications fully up to date on any machine using it. On the positive side, whitelisting can stop malware from executing, prevent unwanted programs, and assist in compliance reporting.

New laws complicate security efforts in 2010

With the number of malware specimens rising exponentially, traditional blacklisting methods that rely on signature-based defenses against known threats are widely regarded as inadequate on their own. Various newer types of malware defenses, such as cloud-based reputation analysis, took off in 2009 in a major way. But is whitelisting going to really be worth the effort?

McAfee's whitelisting product, Application Control, scores good reviews, as do other products such as Bit9 Parity and CoreTrace Bouncer, indicating product maturity. But the real obstacle to whitelisting continues to be corporate employees who rebel against it.

CoVantage Credit Union of Antigo, Wisc., found its employees strongly objected when the IT department tried locking down their computers using whitelisting technology from Faronics. "The feedback was this was not acceptable," says Aaron Hurt, information security officer for the credit union. "We probably locked down too hard, too fast."

While whitelisting does protect against malware and guard against running unauthorized applications such as peer-to-peer programs, it also got in the way of immediate use of applications that employees legitimately needed, Hurt notes. Employees didn't like having to contact the IT department when these kinds of new applications came along.

But Hurt says he has seen whitelisting improve over time. Faronics released a better management console during the past year, and he's convinced whitelisting is a good way to combat malware. "I do believe whitelisting has gained a lot of momentum and it's something we'll return to," Hurt says.

But for now, employee desktops at the credit union are restricted from P2P programs, games, admin tools or using USB devices through the Sophos antimalware and host-based intrusion-prevention system Endpoint Protection, which can blacklist some applications.

Technology services provider Unisys also shares the sentiment that whitelisting can be problematic. According to Rene Head, global theater engagement manager for managed security services at Unisys, the downside is it may end up slowing business efficiency and stifle innovation. But on the plus side, he notes, whitelisting can cut down on help desk calls.

And most importantly, whitelisting can be most useful when it's used on computers such as application servers or in perimeter guards that aren't especially subject to employee whim.

Whitelisting can be a good way to combat new malware not yet defined for a blacklist, but "whitelisting alone is not the answer," Head says.

Kish Yerrapragada, McAfee director of product management for systems security, and formerly with Solidcore, acknowledges he's heard stories that whitelisting can seem difficult to manage over time.

Whitelisting is "dynamic, and it's a change-control problem," says Yerrapragada, who says McAfee counts about 300 customers in industry and government using its application-control software today.

To address the question of authorized and unauthorized applications, McAfee Application Control can link with management systems such as IBM Tivoli or SMS to authorize applications. He says whitelisting works particularly well as a defense for application and DNS servers and point-of-sale devices, or in highly-controlled corporate environments.

In the future, McAfee is expected to not only detail whitelisting as an added protection in its endpoint security products and other defenses, but also to show that it can be a useful in protecting virtualized applications in particular.

When it comes to virtualization and security, "application control is the best way to put your foot forward," Yerrapragada says. Traditional approaches for on-demand scanning put a lot of pressure on the hypervisor, he says. "We see the whitelisting-technology approach as a turning point."

Tags whitelisting

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?