Yes, Virginia, There is a Whitelist
“Yes, Virginia, there is a Santa Claus” is a line from a famous editorial published in 1897. The writer opined that Santa Claus existed “as certainly as love and generosity and devotion exist,” and that “the most real things in the world are those that neither children nor men can see.” You might not believe in Santa Claus, but malware is a veritable menace (even though invisible to the eye) to which you must take heed. In today's article, I'll explain how a whitelist can protect you much better than the old-school security software you're probably using now. It's something to do with Naughty and Nice. Read on...
What is Whitelist Security?
The Internet security suites that I have examined over many years (almost) all operate on the same basic principle: the blacklist. Malware is identified as such and gets put on the “Naughty List” of things to block and quarantine. The vast majority of antivirus and Internet security programs employ blacklisting. But this approach has some serious limitations. So what's wrong with the traditional blacklist (sometimes called the virus signature) approach? Here's what you need to know about whitelisting.
First, you have to identify a threat in order to blacklist it. Bad guys are constantly improving the disguises that cloak their malware. Second, the sheer volume of new malware programs grows all the time. Modern malware has the ability to morph in subtle ways, creating multiple variants to avoid detection. Security software developers are hard-pressed to keep up with the ever-changing, ever-expanding threat landscape. Third, as the blacklist grows, so does the software needed to combat it. Despite efficient programming techniques, security software steadily consumes larger amounts of users’ system resources.
Such is the inevitable result of trying to defend against a theoretically infinite array of unknown threats. But there is another way to keep bad software out, and it does not require battling the boundless unknown.
Whitelisting is the “Nice List” strategy of permitting a finite list of known “good” programs to run, and blocking anything that is not on the list. Whitelisting is 100% effective at stopping malware. The trick lies in building a reasonable whitelist of allowed programs. All legitimate Windows components is an obvious starting point, along with properly vetted and widely used software. Allowing users to easily add new programs that they deem to be safe is the final piece of the whitelist.
The PC Matic Home Security suite is based upon whitelisting. Originally a “clean and optimize” program similar to CCleaner and Advanced System Care, PC Matic added antivirus protection and whitelist-based security several years ago.
Naughty or Nice?
PC Matic’s SuperShield uses both a traditional blacklist and a whitelist approach that allows only known, trusted programs to run on your computer. Anything that is not on the whitelist is sent to the PC Matic malware research team to be tested. Within 24 hours it is categorized as either trusted or malicious. If you have an app that you know to be trustworthy, but PC Matic has not yet classified it, you can add it to your own personal whitelist. This video explains the difference between the whitelist and blacklist approaches.
The downside of PC Matic is occasional false positives. It may incorrectly block a “good” program that it has not yet encountered. PC Matic counters this issue by saying that the most popular and commonly used programs are already on their whitelist, and the ones that might trigger a warning are used by a small fraction of users. If you're the type of person that uses a web browser, a word processor, and email software, you'll probably never encounter a program that's not on the whitelist. If you download new software regularly, you might. I've used PC Matic for several years, and I download and test a lot of software. I can recall only two programs that were flagged and had to be manually added to the whitelist.
What About Ransomware and Other Cybernasties?
In addition to old-school malware that you might encounter, there's ransomware, a threat which is growing year over year. Ransomware uses phishing, social engineering, and exploitation of software vulnerabilities to encrypt a user's hard drive and lock out the user until a ransom is paid. It’s become so common that we read about new ransomware attacks on home users, schools, and businesses almost every day.
Hackers and cybercriminals don't give up. When the good guys find a way to block one type of threat, they get busy working on another devious method. There are new and emerging threats such as zero-day exploits, rootkits, cryptominers, keyloggers, fileless malware, malicious scripts and “time bomb” attacks. It should be obvious that because of the prevalance of ransomware and the success of these other methods, that blacklist-based antivirus software often FAILS to protect the computer where it was installed.
The Naughty List just isn't good enough in today's world.
PC Matic is available at two affordable price options. A license that covers up to five devices in any combination of supported operating systems (Windows 7, 8, 10, 11, Mac OS and Android) is just $50 per year; alternatively, you can pay $150 for lifetime coverage of up to five devices. That includes all future updates and support. In contrast, popular blacklist-based software products from AVG, BitDefender, Kaspersky and Norton cost $60-$90 per year per device.
I first reviewed PC Matic in 2018, after years of nagging by AskBob readers telling me how much they loved it. Suffice it to say I was so impressed that I dropped my AVG subscription and bought a PC Matic five-seat license. I have been using and recommending it ever since. I followed that up with
PC Matic Gets a Zero! in 2020, and in January 2021 I did an updated review -- see What's New in PC Matic 4.0?. As far as I know, PC Matic is the only internet security product that's entirely US-based, including research, development and support. It does come with a 30-day money-back guarantee.
Whitelisting and blacklisting are complementary security strategies. If you use both the Naughty List and the Nice List, your security will be greatly enhanced. Have you tried a security tool that employs whitelisting? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 21 Dec 2022
|For Fun: Buy Bob a Snickers.|
Clearing Your Browser History (and your online tracks)
The Top Twenty
Unwanted Gift Cards? Here's what to do...
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Yes, Virginia, There is a Whitelist (Posted: 21 Dec 2022)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Yes, Virginia, There is a Whitelist"
21 Dec 2022
Since you recommended PCMatic, I’ve been using it and feel very comfortable knowing that I’m protected. The only program it did not recognize was MasterCook and once I “allowed” it to operate on my PC, no problems.
21 Dec 2022
I too have been using PcMatic since you recommended it 2 years ago. It has been working well for my mac mini (Intel chip) and my wife's PC. I also have a macbook air (M1 chip) and it has been scanning that machine weekly like my other machines until I upgraded to MacOS Ventura about two months ago. It no longer scans the macbook air automatically. I sent a note to PCMatic Support and was told it was referred to the mac team. I have not heard from them since. I like the whitelist concept and will continue to use it, but it seems to not like the apps for the mac. For instance, it always seems to blacklist LibreOffice when I update to a new version. It does the same thing with other updates but I can't remember them at this time. Thanks for the newsletter.
21 Dec 2022
While this post MAY seem like advertising, I know it isn't. Ever since you recommended it, I, too, got the 5 pack. And have NEVER had a SERIOUS issue with it, not one - vs. multiple problems with other packages over the years.
Here's one GREAT feature you don't address here: THEY HAVE NO TELEPHONE SUPPORT. At first that bothered me - a LOT. Then I realized that if I EVER had an issue with the program (I run it on multiple computers with multiple generations of Windows) help was never more than about an hour or so away. They do an AMAZING job through e-mail.
This forces the user to verbalize the problem they are having - so the USER has to THINK. That solves a LOT of problems right out of the gate. Then there's no telephone tree to navigate, and no real wait time (save for their reply) so user frustration is at a minimum. That means fewer screaming fits for them - AND no trouble trying to decipher what someone half a world away is trying to say over a poor cellphone connection with lots of background noise. I spent, quite literally, 2-4 HOURS a day, for TWO WEEKS to get Dell warranty work STARTED - I lost a summer contract because they could not understand me.
With PC-MATIC (PCM) I write them an e-mail telling them the problem - and when I hit 'send' a log of their program gets sent off as well. So they can see both what I experience, and how PCM is working (or not) on my computer. They will either send me a 'self-repair' program to run and fix the problem, or they will walk me though a process step-by-step -- and I have never failed to have their 'help desk' fail to fix a problem. Unlike my experiences with Dell, AVG, Norton, et. al. I have never been tied to a phone for HOURS just waiting to talk to a live person - who I might not understand because of their accent or a dirty connection. Not to mention the telephone techs who go into my registry and remove things I KNOW should not be removed, or have program setting changed to a program does not work.
So, the PCM help-line may not be as handy as we have been trained to expect - just a 'call away' -- but they are certainly FAR more precise in their solutions. And, when time, frustration, anger, and function are factored in, PCM actually provides help FAR faster, FAR easier, and FAR more efficiently than ANY other 'help desk' I have ever worked with - and I've worked with many, Many, MANY service desks, and PCM is without a question in my mind, the best and fastest 'help' I have ever gotten. Ever.
Ernest N. Wilcox Jr.
21 Dec 2022
Your argument for PC-Matic is very compelling, but I have been using Microsoft/Windows Defender since I switched to Windows 10 in early 2015 and I have not suffered a malware attack since. I now use Windows 11 with ransomware protection enabled and I have my home router and all my computers configured to ignore any connection requests, so my home Network is conceptually 'invisible' to scans from the Internet. I would consider getting the lifetime ($150.00) license if I saw any material advantage, but even when using whitelist security, Cognitive Security is essential if a user wishes to remain safe from any malware attack(s), especially when using the Internet.
For those who are unfamiliar with the term Cognitive Security, it involves remaining conscious of what you are doing on the Internet, employing skepticism about what you see or read on the Internet, remaining aware that everyone on the Internet is a stranger even if they purport to be someone you know (unless you can confirm their identity using information only the two of you know) and should not be trusted, and finally never clicking any link (either in email messages or on webpages) unless you can confirm the validity of the URL it will take you to. All-in-all, Cognitive Security is a habitual behavior that users must learn, or it will not work.
If you can provide any compelling reason or advantage for me to get PC-Matic, knowing all I have listed here, I'll give it serious consideration,
21 Dec 2022
Have any bad guys ever figured out what signature the whitelist people use for some piece of good software and include it in their malware? Seems like a possibility that could really mess up the whitelist world.
EDITOR'S NOTE: The beauty of the whitelist approach is that there is no signature check.
21 Dec 2022
Thank you for this recommendation. It seems like a good idea. Does PC Matic work in conjunction with Microsoft Windows Defender? Or is a replacement?
22 Dec 2022
In reply to Tom Plain wanting to know if PCM works in conjunction with Microsoft Defender or is it a replacement the answer is yes. When I installed PC Matic I recieved an "error" message from MS Defender telling me that it would do a scan overy week or so, or I could disable MS Defender. I left MS Defender enabled for a few months and did not notice any issues.
22 Dec 2022
I have PC Matic installed on my two computers, everything was running ok until I got this blue microsoft screen telling me that there objectional objects in my computer and that it will now be fixed. The count from 0 to 100% clear took only a few seconds. However the blue screen kept appearing and doing it's thing every 1/2 hr. I did a full scan with PC Matic and with windows defender and found nothing. So I fell back on an old friend that saved my system when all else failed. "Spy Hunter" found 3 pieces of malware , one diverted all my online activity through their servers, the other two were less dangerous. There was 11 privacy issues and 3 PUP's. I activated Spy Hunter and it cleared everything up. No more blue screens.
22 Dec 2022
I have used PC Matic for several years now with no problems with malware. I am careful with the sites I visit anyway and PC Matic notifies me if I'm about to go to a site that is dangerous. I have breathed much better since installing PC Matic.