Yes, Virginia, There is a Whitelist
“Yes, Virginia, there is a Santa Claus” is a line from a famous editorial published in 1897. The writer opined that Santa Claus existed “as certainly as love and generosity and devotion exist,” and that “the most real things in the world are those that neither children nor men can see.” You might not believe in Santa Claus, but malware is a veritable menace (even though invisible to the eye) to which you must take heed. In today's article, I'll explain how a whitelist can protect you much better than the old-school security software you're probably using now. It's something to do with Naughty and Nice. Read on...
What is Whitelist Security?
The Internet security suites that I have examined over many years (almost) all operate on the same basic principle: the blacklist. Malware is identified as such and gets put on the “Naughty List” of things to block and quarantine. The vast majority of antivirus and Internet security programs employ blacklisting. But this approach has some serious limitations. So what's wrong with the traditional blacklist (sometimes called the virus signature) approach? Here's what you need to know about whitelisting.
First, you have to identify a threat in order to blacklist it. Bad guys are constantly improving the disguises that cloak their malware. Second, the sheer volume of new malware programs grows all the time. Modern malware has the ability to morph in subtle ways, creating multiple variants to avoid detection. Security software developers are hard-pressed to keep up with the ever-changing, ever-expanding threat landscape. Third, as the blacklist grows, so does the software needed to combat it. Despite efficient programming techniques, security software steadily consumes larger amounts of users’ system resources.
Such is the inevitable result of trying to defend against a theoretically infinite array of unknown threats. But there is another way to keep bad software out, and it does not require battling the boundless unknown.
Whitelisting is the “Nice List” strategy of permitting a finite list of known “good” programs to run, and blocking anything that is not on the list. Whitelisting is 100% effective at stopping malware. The trick lies in building a reasonable whitelist of allowed programs. All legitimate Windows components is an obvious starting point, along with properly vetted and widely used software. Allowing users to easily add new programs that they deem to be safe is the final piece of the whitelist.
The PC Matic Home Security suite is based upon whitelisting. Originally a “clean and optimize” program similar to CCleaner and Advanced System Care, PC Matic added antivirus protection and whitelist-based security several years ago.
Naughty or Nice?
PC Matic’s SuperShield uses both a traditional blacklist and a whitelist approach that allows only known, trusted programs to run on your computer. Anything that is not on the whitelist is sent to the PC Matic malware research team to be tested. Within 24 hours it is categorized as either trusted or malicious. If you have an app that you know to be trustworthy, but PC Matic has not yet classified it, you can add it to your own personal whitelist. This video explains the difference between the whitelist and blacklist approaches.
The downside of PC Matic is occasional false positives. It may incorrectly block a “good” program that it has not yet encountered. PC Matic counters this issue by saying that the most popular and commonly used programs are already on their whitelist, and the ones that might trigger a warning are used by a small fraction of users. If you're the type of person that uses a web browser, a word processor, and email software, you'll probably never encounter a program that's not on the whitelist. If you download new software regularly, you might. I've used PC Matic for several years, and I download and test a lot of software. I can recall only two programs that were flagged and had to be manually added to the whitelist.
What About Ransomware and Other Cybernasties?
In addition to old-school malware that you might encounter, there's ransomware, a threat which is growing year over year. Ransomware uses phishing, social engineering, and exploitation of software vulnerabilities to encrypt a user's hard drive and lock out the user until a ransom is paid. It’s become so common that we read about new ransomware attacks on home users, schools, and businesses almost every day.
Hackers and cybercriminals don't give up. When the good guys find a way to block one type of threat, they get busy working on another devious method. There are new and emerging threats such as zero-day exploits, rootkits, cryptominers, keyloggers, fileless malware, malicious scripts and “time bomb” attacks. It should be obvious that because of the prevalance of ransomware and the success of these other methods, that blacklist-based antivirus software often FAILS to protect the computer where it was installed.
The Naughty List just isn't good enough in today's world.
PC Matic is available at two affordable price options. A license that covers up to five devices in any combination of supported operating systems (Windows 7, 8, 10, 11, Mac OS and Android) is just $50 per year; alternatively, you can pay $150 for lifetime coverage of up to five devices. That includes all future updates and support. In contrast, popular blacklist-based software products from AVG, BitDefender, Kaspersky and Norton cost $60-$90 per year per device.
I first reviewed PC Matic in 2018, after years of nagging by AskBob readers telling me how much they loved it. Suffice it to say I was so impressed that I dropped my AVG subscription and bought a PC Matic five-seat license. I have been using and recommending it ever since. I followed that up with
PC Matic Gets a Zero! in 2020, and in January 2021 I did an updated review -- see What's New in PC Matic 4.0?. As far as I know, PC Matic is the only internet security product that's entirely US-based, including research, development and support. It does come with a 30-day money-back guarantee.
Whitelisting and blacklisting are complementary security strategies. If you use both the Naughty List and the Nice List, your security will be greatly enhanced. Have you tried a security tool that employs whitelisting? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 21 Dec 2022
|For Fun: Buy Bob a Snickers.|
Clearing Your Browser History (and your online tracks)
The Top Twenty
Unwanted Gift Cards? Here's what to do...
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Yes, Virginia, There is a Whitelist (Posted: 21 Dec 2022)
Copyright © 2005 - Bob Rankin - All Rights Reserved