Yes, Virginia, You Need a Whitelist

Category: Security

The Internet security suites that I have examined over years (almost) all operate on the same basic principle: the blacklist. Malware is identified as such and gets put on a list of things to block and quarantine. The vast majority of antivirus and Internet security programs employ blacklisting. But this approach has some serious limitations. Here's what you need to know about the whitelisting approach...

What is Whitelist Security?

So what's wrong with the traditional blacklist (sometimes called the virus signature) approach? First, you have to identify a threat in order to blacklist it. Bad guys are constantly improving the disguises that cloak their malware.

Second, the sheer volume of new malware programs grows all the time. Modern malware has the ability to morph in subtle ways, creating multiple variants to avoid detection. Security software developers are hard-pressed to keep up with the ever-changing, ever-expanding threat landscape.

Third, as the blacklist grows, so does the software needed to combat it. Despite efficient programming techniques, security software steadily consumes larger amounts of users’ system resources.

Such is the inevitable result of trying to defend against a theoretically infinite array of unknown threats. But there is another way to keep bad software out, and it does not require battling the boundless unknown.

Whitelisting for security

Whitelisting is the strategy of permitting a finite list of known “good” programs to run, and blocking anything that is not on the list. Whitelisting is 100% effective at stopping malware. The trick lies in building a reasonable whitelist of allowed programs - all legitimate Windows components is an obvious starting point - and allowing users to add new, good programs without too much trouble.

The PC Matic Home Security suite is based upon whitelisting. Originally a “clean and optimize” program similar to CCleaner and Advanced System Care, PC Matic added antivirus protection and whitelist-based security several years ago.

PC Matic’s SuperShield uses a traditional blacklist combined with a whitelist approach that allows only known, trusted programs to run on your computer. Anything that is not on the whitelist is sent to the PC Matic malware research team to be tested. Within 24 hours it is categorized as either trusted or malicious. If you have an app that you know to be trustworthy, but PC Matic has not yet classified it, you can add it to your own personal whitelist. This video explains the difference between the whitelist and blacklist approaches.

The downside of PC Matic is occasional false positives. It may incorrectly block a “good” program that it has not yet encountered. PC Matic counters this false positive issue by saying that the most popular and commonly used programs are already on their whitelist, and the ones that might trigger a warning are used by a small fraction of users. If you're the type of person that uses a web browser, a word processor, and email software, you'll probably never encounter a program that's not on the whitelist. If you download new software regularly, you might. I've used PC Matic for several years, and I download and test a lot of software. I can recall only two programs that were flagged and had to be manually added to the whitelist.

What About Ransomware and Other Cybernasties?

In addition to old-school malware that you might encounter, there's ransomware, a threat which is growing year over year. Ransomware uses phishing, social engineering, and exploitation of software vulnerabilities to encrypt a user's hard drive until a ransom is paid. It’s become so common that we read about new ransomware attacks on home users, schools, and businesses almost every day.

Hackers and cybercriminals don't give up. When the good guys find a way to block one type of threat, they get busy working on another devious method. There are new and emerging threats such as zero-day exploits, rootkits, cryptominers, keyloggers, fileless malware, malicious scripts and “time bomb” attacks. It should be obvious that because of the prevalance of ransomware and the success of these other methods, that blacklist-based antivirus software often FAILS to protect the computer where it was installed.

The whitelist strategy does not require a lot of ongoing software development. PC Matic is only up to v4.0, while Avast, AVG, et. al., are well into the double digits in version numbers. Therefore, PC Pitstop can offer two bargain price options. A license that covers up to five devices in any combination of supported operating systems (Windows 7, 8, 10, 11, Mac OS and Android) is just $50 per year; alternatively, you can pay $150 for lifetime coverage of up to five devices. That includes all future updates and support. In contrast, popular blacklist-based software products from AVG, BitDefender, Kaspersky and Norton cost $60-$90 per year per device.

I first reviewed PC Matic in 2018, after years of nagging by AskBob readers telling me how much they loved it. Suffice it to say I was so impressed that I dropped my AVG subscription and bought a PC Matic five-seat license. I have been using and recommending it ever since. In January 2021 I did an updated review -- see What's New in PC Matic 4.0?. As far as I know, PC Matic is the only internet security product that's entirely US-based, including research, development and support. It does come with a 30-day money-back guarantee.

Whitelisting and blacklisting are complementary security strategies. If you use both, your security will be enhanced. Have you tried a security tool that employs whitelisting? Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 9 Dec 2021


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 01 December 2021

The Top Twenty
Next Article:
Which is the Best Month to Buy a Car?

Most recent comments on "Yes, Virginia, You Need a Whitelist"

(See all 21 comments for this article.)

Posted by:

Philip Reeves
09 Dec 2021

I've been using Emsisoft for many years. It costs only 29.95 a year. It has excellent support. If I have a problem or it has any problems I always get a prompt reply. I see no reason to change, even though I do use one of pcmatics products; namely pc optimize 3.


Posted by:

mike
09 Dec 2021

You should have titled this article "PC Matic Ad" and avoid fooling your readers into thinking they are going to view a new article about what is best for Virginia.


Posted by:

Eric
09 Dec 2021

I've used PC Matic for several years now. It has snared about half a dozen bugs I have remained problem free. It also keeps my machine tuned up and cleaned up of the junk that accumulates from use just like the old PC Tools did. I have a lifetime 5 seat license, that's how sold I am on it.


Posted by:

David
09 Dec 2021

Mike, it's a recommendation, not a command. Ignore it if you want, but do you then ignore every other product review as an ad? My SIL (MCSE, Redhat partner, runs several server farms, geek x 100) has used it for several years, and recommends it highly. I'm getting a lifetime subscription. YMMV, so enjoy.


Posted by:

Brian B
09 Dec 2021

@ Mike
I think you miss the point. Here is an expert telling his readers what his experiences are with AV programs. White listing is the ONLY effective answer to malware, so much so that blacklisting approaches should be labelled as a con. There is not a blacklisting app on the market that won't be breached sooner or later.

What would you rather have on the door to your venue? A person checking everyone has a ticket to enter, or a person checking faces to catch someone who looks like they don't have a ticket?


Posted by:

Stuart Berg
09 Dec 2021

VoodooShield (https://voodooshield.com/) is "entirely US-based" and is a great whitelist antivirus that I have been using for many years. It is also FREE for home use. They do have a paid version that gives you more bells and whistles, but the FREE version has been completely satisfactory for me.


Posted by:

mike
09 Dec 2021

David & Brian: I certainly did not dispute the value of PC Matic, but only the manner in which it was presented. Bob does not require your defense to be effective.


Posted by:

Bob K
09 Dec 2021

I've been following Bob for a long time now, and PC Matic is one of his sponsors, and hence he has been pushing PC Matic for years now in order to get paid. I don't blame him.
So Mike is correct, this is just a long advertisement under the guise of an article for a sponsor.
I know one thing, PC Matic is definitely not for me, thank you.


Posted by:

Ernest N. Wilcox Jr.
09 Dec 2021

While I have no problem with Bob telling us about PC Matic and how good he believes it is, I do agree with Mike that the title and lead-in to this item leaves something to be desired. While I'm not so sure that I'd go so far as to call it an advertisement, the fact that Bob was not as out-front as he usually is when telling us about the software he uses, helps me to understand why Mike responded as he did.

I do not use PC Matic yet, although I may give it a try at some point in the future. I use the default Windows 11 security suit (Windows Defender, Smart Screen, et-al and BitLocker) to protect my computers here. I accompany what Microsoft provides with a healthy dose of skepticism about anything I see on the Internet, as well as a lot of caution about clicking links (even to sites I am familiar with).

You see, I am of the opinion that the greatest security threat to any computer is the user. For example, most users see an advertisement for something that interests them at some web site, so they click the link without a thought. They don't take a moment to check where the link is actually taking them, they just click. I don't do that. When I see something with a link that I want to investigate, If I am familiar with the site, I open my web browser, enter the site's address, and go look for what I saw that interested me. If I'm not familiar with the linked site, I do a web search on the site's name or URI to see what I can learn about it. Most of the time, I simply avoid unknown or unfamiliar sites entirely.

Another example: When I saw the link for this item in my Ask Bob email, I copied the link to a notepad window so I could make sure it was genuine. This is it:

https://askbobrankin.com/yes_virginia_you_need_a_whitelist.html?awt_a=6HSL&awt_l=IEzKM&awt_m=J8rB9Hqdk8P6SL

I removed the extraneous part (?awt_a=6HSL&awt_l=IEzKM&awt_m=J8rB9Hqdk8P6SL) and used the useful part (https://askbobrankin.com/yes_virginia_you_need_a_whitelist.html) to get here. I know that this is a bit of extra bother, but I keep a notepad window open most of the time for such purposes, and it took me only a few seconds to see the link address, and I was then able to know it was safe.

When I'm in my Linux distribution (I dual-boot KDE Neon with Windows 11), I do the same thing regarding web links. I have the firewall that comes with that distribution activated, and I open a Kedit (the KDE editor) window for the same purpose.

The bottom line is this, I want to know where a link is taking me before I decide to go there.

I have been using the internet regularly since my Windows 95 days, and I have never had any issues with malware, although I did get a virus from a file I downloaded from a BBS site before the internet became the World Wide Web, but that was in my MS-DOS days before I learned anything about malware or antivirus programs.

I hope this helps anyone who takes the time to read it,

Ernie


Posted by:

Wolf
09 Dec 2021

Thank you Bob for another informative article. I really appreciate the detailed information and descriptions between whitelisting and blacklisting, the reviews of software products, the comparisons between products out there, and so much more valuable information. A lot of the information has really helped me to remain vigilant against the scammers, hackers, hucksters, cyber-criminals, and other miscreants out there. We appreciate your service!


Posted by:

David Lagesse
09 Dec 2021

Is PC Matic compatible with Norton 360, or will one of the programs complain that I need to uninstall the other?


Posted by:

Peter Oh
09 Dec 2021

Would surely have been wise & helpful to name free whitelist sites/programs broadly the equivalent of PCmatic.
I like the white list concept but have no clear idea about how to implement it. Suspect many others might be in the same boat?


Posted by:

Steve Gordon
10 Dec 2021

I hesitated for a few years running McAfee. What a mess that was and finally pulled the trigger and went with PcMatic. I will never look back, I don't even have to think about computer security now. Of course I don't open strange emails.


Posted by:

Marty
10 Dec 2021

I have been running PC Matic for 2 or 3 years and I click on just about anything. Yes it has blocked a few but when it happens I just chuckle.

My computer days goes back to Windows 3.0 and I have used every anti virus out there. I will never go back to any of the others.


Posted by:

Neil C Hopkins
10 Dec 2021

I tried PC Matic and had a very bad experience with it. It is virtually IMPOSSIBLE to add a program to the whitelist.
I couldn't do it.
PC Matic support was non-existant.
Oh, yeah. They explained how but I didn't have a PhD in kiddy-script!
I will never use it again!


Posted by:

Norman Rosen
10 Dec 2021

I have been using PC Matic for 20 years (?) maybe more, I don't remember. I never had a problem with it, I have never been infected, and the first time I used it, it dramatically improved the performance of my old unit. I really do not consider the column an ad; Bob was giving his advice on how to keep your computer clean and a means to do it.


Posted by:

Geo
10 Dec 2021

My question is, what happens if a "white" listed prog runs that is compromised by some black hat crud.??


Posted by:

erfahren
10 Dec 2021


allowlist


&


denylist



Posted by:

Brian B
10 Dec 2021

@ David Lagesse I don't know about Nortons coexistence with PC Matic, but Malwarebytes plays together OK, so there must be some sort of acceptability with PC Matic. With Supershield it's a different story. Upon installation, it warns that ANY other AV app must be uninstalled. So if you want to run another AV app on a demand basis, it will need to be either an online scan, or one from a USB drive.


Posted by:

Egbok
10 Dec 2021

Been using PC Pitstop for over 20 years, never got sick all those years. Used Norton before, got sick twice in one year. Yes I've had failures, but they were all hardware. Even the dreaded Vista ran smoothly.
Thanks Bob, spread the good news!


There's more reader feedback... See all 21 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML


Article information: AskBobRankin -- Yes, Virginia, You Need a Whitelist (Posted: 9 Dec 2021)
Source: https://askbobrankin.com/yes_virginia_you_need_a_whitelist.html
Copyright © 2005 - Bob Rankin - All Rights Reserved