Whitelisting made strides in 2009

Application control software is gaining acceptance with businesses

When McAfee bought Solidcore for its whitelisting technology this year, it was a clear sign that whitelisting is gaining acceptance — though not all users are happy about the trend.

The premise of whitelisting is to lock down applications on computers and allow only authorized ones to run. In general, whitelisting has a reputation for being difficult to manage because it requires keeping the whitelisted applications fully up to date on any machine using it. On the positive side, whitelisting can stop malware from executing, prevent unwanted programs, and assist in compliance reporting.

New laws complicate security efforts in 2010

With the number of malware specimens rising exponentially, traditional blacklisting methods that rely on signature-based defenses against known threats are widely regarded as inadequate on their own. Various newer types of malware defenses, such as cloud-based reputation analysis, took off in 2009 in a major way. But is whitelisting going to really be worth the effort?

McAfee's whitelisting product, Application Control, scores good reviews, as do other products such as Bit9 Parity and CoreTrace Bouncer, indicating product maturity. But the real obstacle to whitelisting continues to be corporate employees who rebel against it.

CoVantage Credit Union of Antigo, Wisc., found its employees strongly objected when the IT department tried locking down their computers using whitelisting technology from Faronics. "The feedback was this was not acceptable," says Aaron Hurt, information security officer for the credit union. "We probably locked down too hard, too fast."

While whitelisting does protect against malware and guard against running unauthorized applications such as peer-to-peer programs, it also got in the way of immediate use of applications that employees legitimately needed, Hurt notes. Employees didn't like having to contact the IT department when these kinds of new applications came along.

But Hurt says he has seen whitelisting improve over time. Faronics released a better management console during the past year, and he's convinced whitelisting is a good way to combat malware. "I do believe whitelisting has gained a lot of momentum and it's something we'll return to," Hurt says.

But for now, employee desktops at the credit union are restricted from P2P programs, games, admin tools or using USB devices through the Sophos antimalware and host-based intrusion-prevention system Endpoint Protection, which can blacklist some applications.

Technology services provider Unisys also shares the sentiment that whitelisting can be problematic. According to Rene Head, global theater engagement manager for managed security services at Unisys, the downside is it may end up slowing business efficiency and stifle innovation. But on the plus side, he notes, whitelisting can cut down on help desk calls.

And most importantly, whitelisting can be most useful when it's used on computers such as application servers or in perimeter guards that aren't especially subject to employee whim.

Whitelisting can be a good way to combat new malware not yet defined for a blacklist, but "whitelisting alone is not the answer," Head says.

Kish Yerrapragada, McAfee director of product management for systems security, and formerly with Solidcore, acknowledges he's heard stories that whitelisting can seem difficult to manage over time.

Whitelisting is "dynamic, and it's a change-control problem," says Yerrapragada, who says McAfee counts about 300 customers in industry and government using its application-control software today.

To address the question of authorized and unauthorized applications, McAfee Application Control can link with management systems such as IBM Tivoli or SMS to authorize applications. He says whitelisting works particularly well as a defense for application and DNS servers and point-of-sale devices, or in highly-controlled corporate environments.

In the future, McAfee is expected to not only detail whitelisting as an added protection in its endpoint security products and other defenses, but also to show that it can be a useful in protecting virtualized applications in particular.

When it comes to virtualization and security, "application control is the best way to put your foot forward," Yerrapragada says. Traditional approaches for on-demand scanning put a lot of pressure on the hypervisor, he says. "We see the whitelisting-technology approach as a turning point."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags whitelisting

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?