[SECURITY] Do You Need a Whitelist?

Category: Security

The security suites that I have examined over the past few days all operate on the same basic principle: the blacklist. Malware is identified as such and gets put on a list of things to quarantine. The vast majority of antivirus and other types of security programs employ blacklisting. But this paradigm has some serious limitations. Here's what you need to know about the whitelisting approach…

What is Whitelist Security?

So what's wrong with the traditional blacklist (sometimes called the virus signature) approach? First, you have to identify a threat in order to blacklist it. Bad guys are constantly improving the disguises that cloak their malware.

Second, the sheer volume of new malware programs grows all the time. Modern malware has the ability to morph in subtle ways, creating multiple variants to avoid detection. Security software developers are hard-pressed to keep up with the ever-changing, ever-expanding threat landscape.

Third, as the blacklist grows, so does the software needed to combat it. Despite efficient programming techniques, security software steadily consumes larger amounts of users’ system resources.

Such is the inevitable result of trying to defend against a theoretically infinite array of unknown threats. But there is another way to keep bad software out, and it does not require battling the boundless unknown.

Whitelisting for security

Whitelisting is the strategy of permitting a finite list of known “good” programs to run, and blocking anything that is not on the list. Whitelisting is 100% effective at stopping malware. The trick lies in building a reasonable whitelist of allowed programs - all legitimate Windows components is an obvious example - and allowing users to add new, good programs without too much trouble.

PC Matic’s PC Pitstop security suite is based upon whitelisting. Originally a “clean and optimize” program similar to CCleaner and Advanced System Care, PC Pitstop added whitelist-based security several years ago.

The whitelist strategy does not require a lot of ongoing software development. PC Pitstop is only up to v3.0, while Avast, AVG, et. al., are well into the double digits in version numbers. Therefore, PC Pitstop can offer two bargain price options. A license that covers up to five devices in any combination of supported operating systems is just $50 per year; alternatively, you can pay $150 for lifetime coverage of up to five devices. That includes all future updates and support! In contrast, blacklist-based software averages about $40 per year per device.

The downside of PC Pitstop is its very high false-positive rate. In lab tests, it has incorrectly blocked hundreds of “good” programs, which would drive me insane if I had to manually clear blocks on every one of them. PC Matic counters this false positive issue by saying that the most popular and commonly used programs are already on their whitelist, and the ones that might trigger a warning are used by a small fraction of users.

If you're the type of person that uses a web browser, a word processor, and email software, you'll probably never encounter a program that's not on the whitelist. If you download new software regularly, you probably will. Once added to the whitelist, a program is no more trouble; but that learning curve may not be one you want to climb.

PC Pitstop’s website will let you download and install the software. It will run a scan that shows you what performance issues exist. But to get the fixes for performance issues or the protection of whitelisting, you have to buy a license. It does come with a 30-day money-back guarantee. I do often hear from AskBob readers who use PC Matic and are very happy with it.

The Voodoo That You Do

VoodooShield by VoodooSoft is another whitelist-based security program. Don’t call it a “suite” because it really does only one thing: it locks your computer so that only programs on a whitelist can run. There is a simple off/on toggle.

When VoodooShield is off, your computer is unlocked and anything can run; you are not protected. During this time, VooidooShield is taking inventory of all programs that are runing in your computer’s memory and adding new ones to the whitelist. When VoodooShield is toggled on; only programs on the whitelist are allowed to run. Any new program that tries to run will be blocked until VoodooShield is toggled off.

Any blocked program is uploaded to VoodooSoft’s server, where it is scanned by 40 different signature-based detection engines. If the file gets a clean bill of health, it is added to VoodooShield’s global whitelist.

VoodooShield will not remove an infection. So you still need an antivirus program. But VoodooShield is small, light on resources, and free for non-commercial use.

Whitelisting and blacklisting are complementary security strategies. If you use both, your security will be enhanced. Have you tried a security tool that employs whitelisting? Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 19 Jun 2018


For Fun: Buy Bob a Snickers.

Prev Article:
Best Smart Locks For Your Home

The Top Twenty
Next Article:
Geekly Update - 20 June 2018

Most recent comments on "[SECURITY] Do You Need a Whitelist?"

Posted by:

David Phillips
19 Jun 2018

I too have used PC Matic for years and am very pleased with the program. 0 infections!

I only get the message about allowing a program every now and then since I pretty much stick to the basics. Our accounting software program will pop up but that's been about it.


Posted by:

Linda
19 Jun 2018

We have used PC Pitstop suite for several years. Occasionally it blocks something, but not often. We are pleased with it. The other components of the suite are also excellent.


Posted by:

Bob Felts
19 Jun 2018

PC Matic has worked well for me for several years. When I download software, I occasionally get a msg alerting to the fact that a program is not on the whitelist but I just click to allow it to run ---no big deal!


Posted by:

RandiO
19 Jun 2018

Thank you, Mr. Rankin,
The best part of this utility is the fact that it is FREE for consumer use! I may have to trial it...

I wonder if you can do a similar exposé article on software firewalls and the Windows HOSTS file.


Posted by:

Egbok
19 Jun 2018

Been using P.C. Pitstop and P.C. Matic since 2003, not had any issues that a backup to an earlier time couldn't fix. After paying yearly for the annual license (waiting to see if I liked it) I finally bought the Evergreen license a couple of years ago. My ISP provided McAfee at no charge but P.C. Pitstop offered a free license for 1 year I had to try it. Been happy ever since
!


Posted by:

Kenneth Heikkila
19 Jun 2018

Kaspersky security suite seems to use both Whitelisting and Blacklisting. No wonder it is rated so highly in spite of DHS and paranoids are afraid of anything that originates in Russia.

I have been using Kaspersky for years with absolutly no problems. Which I can not say for any of the other anti-virus or security programs I have run over the years (Norton, MBAM, Avira, AVG, etal.)

https://www.kaspersky.com/blog/wonders-of-whitelisting/6367/

https://whitelist.kaspersky.com/


Posted by:

Robin
19 Jun 2018

My main security software is Zonealarm Extreme and I also use PC Matic. Both do an excellent job keeping the wolf from the door.

PC Matic is good value for money given that you can use it on 5 devices.


Posted by:

MmeMoxie
20 Jun 2018

Well, I have been using first ZoneAlarm free version many, many years ago, then AVG free version, then Avast free version and paid version, finally this year I chose Bitdefender paid version.


I had been reading about Bitdefender for years. Avast paid version was going to cost me a whole lot, that I was not willing to pay for. This is what you get, when you have been a long time customer, high prices. It really ticked me off.


I started looking at Bitdefender and was very impressed with the discounts that I could get from them. I also remembered the high recommendations that Bitdefender has gotten over the years. So, I purchased Bitdefender for 5 devices for 3 years. The price was impressive to me and I took the Bitdefender Total Security 2018. It is so easy to run and doesn't take a lot of resources from my PC.


The stats for Bitdefender are impressive, one of the better Anti-Malware products on the market. I was also impressed with Kaspersky, but leary do to it's Russian background. Though Kaspersky has an excellent record, as well. Just because it comes from Russia doesn't mean it is "spyware", either. Bitdefender gave me the better deal for what I wanted.


I am pleased with my decision and happy with Bitdefender Total Security 2018. It also is noted for having good, solid support. Yes, you must pay for some of Bitdefender's products, but I won't need most of them, except under very unusual circumstances and those do not happen often, thank the stars.


Should I connect with a website that Bitdefender warns about and I know that it is safe, I can easily bypass the warning. I like that.


Posted by:

James Lowell
20 Jun 2018

Been using PCMatic for several years, and totally happy with it.


Posted by:

Bri
20 Jun 2018

Look up the recent test results on av-test.org --- PC Matic has had considerable difficulties over the last four testing cycles. Of their 16 protection component scores from that overall period, only 6 have met 100% protection. One of the scores (from April) was just 96.8%. Many of the familiar security names over that same period had scores which were entirely or mostly 100%.

I tried and gave up VoodooShield last year because it regularly prompts the user to ask whether to manually whitelist things, and being a non-expert, I often was unsure whether to do so. By the developer's own admission, the Autopilot Mode (which requires no such user input) is very good at screening malware, but still not perfect.

And by the way, quite a few of the "Big Boy" security products use a whitelist in addition to a blacklist. And even if a suspicious file isn't on either list, behavioral analysis will still catch many instances of malware.

But as a commenter once said on BleepingComputer, the only way to guarantee your computer will never be infected is to never take it out of the packing box. Even whitelisting is not bulletproof protection.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- [SECURITY] Do You Need a Whitelist? (Posted: 19 Jun 2018)
Source: https://askbobrankin.com/security_do_you_need_a_whitelist.html
Copyright © 2005 - Bob Rankin - All Rights Reserved