[SECURITY] Do You Need a Whitelist?
The security suites that I have examined over the past few days all operate on the same basic principle: the blacklist. Malware is identified as such and gets put on a list of things to quarantine. The vast majority of antivirus and other types of security programs employ blacklisting. But this paradigm has some serious limitations. Here's what you need to know about the whitelisting approach…
What is Whitelist Security?
So what's wrong with the traditional blacklist (sometimes called the virus signature) approach? First, you have to identify a threat in order to blacklist it. Bad guys are constantly improving the disguises that cloak their malware.
Second, the sheer volume of new malware programs grows all the time. Modern malware has the ability to morph in subtle ways, creating multiple variants to avoid detection. Security software developers are hard-pressed to keep up with the ever-changing, ever-expanding threat landscape.
Third, as the blacklist grows, so does the software needed to combat it. Despite efficient programming techniques, security software steadily consumes larger amounts of users’ system resources.
Such is the inevitable result of trying to defend against a theoretically infinite array of unknown threats. But there is another way to keep bad software out, and it does not require battling the boundless unknown.
Whitelisting is the strategy of permitting a finite list of known “good” programs to run, and blocking anything that is not on the list. Whitelisting is 100% effective at stopping malware. The trick lies in building a reasonable whitelist of allowed programs - all legitimate Windows components is an obvious example - and allowing users to add new, good programs without too much trouble.
PC Matic’s PC Pitstop security suite is based upon whitelisting. Originally a “clean and optimize” program similar to CCleaner and Advanced System Care, PC Pitstop added whitelist-based security several years ago.
The whitelist strategy does not require a lot of ongoing software development. PC Pitstop is only up to v3.0, while Avast, AVG, et. al., are well into the double digits in version numbers. Therefore, PC Pitstop can offer two bargain price options. A license that covers up to five devices in any combination of supported operating systems is just $50 per year; alternatively, you can pay $150 for lifetime coverage of up to five devices. That includes all future updates and support! In contrast, blacklist-based software averages about $40 per year per device.
The downside of PC Pitstop is its very high false-positive rate. In lab tests, it has incorrectly blocked hundreds of “good” programs, which would drive me insane if I had to manually clear blocks on every one of them. PC Matic counters this false positive issue by saying that the most popular and commonly used programs are already on their whitelist, and the ones that might trigger a warning are used by a small fraction of users.
If you're the type of person that uses a web browser, a word processor, and email software, you'll probably never encounter a program that's not on the whitelist. If you download new software regularly, you probably will. Once added to the whitelist, a program is no more trouble; but that learning curve may not be one you want to climb.
PC Pitstop’s website will let you download and install the software. It will run a scan that shows you what performance issues exist. But to get the fixes for performance issues or the protection of whitelisting, you have to buy a license. It does come with a 30-day money-back guarantee. I do often hear from AskBob readers who use PC Matic and are very happy with it.
The Voodoo That You Do
VoodooShield by VoodooSoft is another whitelist-based security program. Don’t call it a “suite” because it really does only one thing: it locks your computer so that only programs on a whitelist can run. There is a simple off/on toggle.
When VoodooShield is off, your computer is unlocked and anything can run; you are not protected. During this time, VooidooShield is taking inventory of all programs that are runing in your computer’s memory and adding new ones to the whitelist. When VoodooShield is toggled on; only programs on the whitelist are allowed to run. Any new program that tries to run will be blocked until VoodooShield is toggled off.
Any blocked program is uploaded to VoodooSoft’s server, where it is scanned by 40 different signature-based detection engines. If the file gets a clean bill of health, it is added to VoodooShield’s global whitelist.
VoodooShield will not remove an infection. So you still need an antivirus program. But VoodooShield is small, light on resources, and free for non-commercial use.
Whitelisting and blacklisting are complementary security strategies. If you use both, your security will be enhanced. Have you tried a security tool that employs whitelisting? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 19 Jun 2018
|For Fun: Buy Bob a Snickers.|
Best Smart Locks For Your Home
The Top Twenty
Geekly Update - 20 June 2018
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [SECURITY] Do You Need a Whitelist? (Posted: 19 Jun 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved