Yes, Virginia, You Need a Whitelist
The Internet security suites that I have examined over years (almost) all operate on the same basic principle: the blacklist. Malware is identified as such and gets put on a list of things to block and quarantine. The vast majority of antivirus and Internet security programs employ blacklisting. But this approach has some serious limitations. Here's what you need to know about the whitelisting approach...
What is Whitelist Security?
So what's wrong with the traditional blacklist (sometimes called the virus signature) approach? First, you have to identify a threat in order to blacklist it. Bad guys are constantly improving the disguises that cloak their malware.
Second, the sheer volume of new malware programs grows all the time. Modern malware has the ability to morph in subtle ways, creating multiple variants to avoid detection. Security software developers are hard-pressed to keep up with the ever-changing, ever-expanding threat landscape.
Third, as the blacklist grows, so does the software needed to combat it. Despite efficient programming techniques, security software steadily consumes larger amounts of users’ system resources.
Such is the inevitable result of trying to defend against a theoretically infinite array of unknown threats. But there is another way to keep bad software out, and it does not require battling the boundless unknown.
Whitelisting is the strategy of permitting a finite list of known “good” programs to run, and blocking anything that is not on the list. Whitelisting is 100% effective at stopping malware. The trick lies in building a reasonable whitelist of allowed programs - all legitimate Windows components is an obvious starting point - and allowing users to add new, good programs without too much trouble.
The PC Matic Home Security suite is based upon whitelisting. Originally a “clean and optimize” program similar to CCleaner and Advanced System Care, PC Matic added antivirus protection and whitelist-based security several years ago.
PC Matic’s SuperShield uses a traditional blacklist combined with a whitelist approach that allows only known, trusted programs to run on your computer. Anything that is not on the whitelist is sent to the PC Matic malware research team to be tested. Within 24 hours it is categorized as either trusted or malicious. If you have an app that you know to be trustworthy, but PC Matic has not yet classified it, you can add it to your own personal whitelist. This video explains the difference between the whitelist and blacklist approaches.
The downside of PC Matic is occasional false positives. It may incorrectly block a “good” program that it has not yet encountered. PC Matic counters this false positive issue by saying that the most popular and commonly used programs are already on their whitelist, and the ones that might trigger a warning are used by a small fraction of users. If you're the type of person that uses a web browser, a word processor, and email software, you'll probably never encounter a program that's not on the whitelist. If you download new software regularly, you might. I've used PC Matic for several years, and I download and test a lot of software. I can recall only two programs that were flagged and had to be manually added to the whitelist.
What About Ransomware and Other Cybernasties?
In addition to old-school malware that you might encounter, there's ransomware, a threat which is growing year over year. Ransomware uses phishing, social engineering, and exploitation of software vulnerabilities to encrypt a user's hard drive until a ransom is paid. It’s become so common that we read about new ransomware attacks on home users, schools, and businesses almost every day.
Hackers and cybercriminals don't give up. When the good guys find a way to block one type of threat, they get busy working on another devious method. There are new and emerging threats such as zero-day exploits, rootkits, cryptominers, keyloggers, fileless malware, malicious scripts and “time bomb” attacks. It should be obvious that because of the prevalance of ransomware and the success of these other methods, that blacklist-based antivirus software often FAILS to protect the computer where it was installed.
The whitelist strategy does not require a lot of ongoing software development. PC Matic is only up to v4.0, while Avast, AVG, et. al., are well into the double digits in version numbers. Therefore, PC Pitstop can offer two bargain price options. A license that covers up to five devices in any combination of supported operating systems (Windows 7, 8, 10, 11, Mac OS and Android) is just $50 per year; alternatively, you can pay $150 for lifetime coverage of up to five devices. That includes all future updates and support. In contrast, popular blacklist-based software products from AVG, BitDefender, Kaspersky and Norton cost $60-$90 per year per device.
I first reviewed PC Matic in 2018, after years of nagging by AskBob readers telling me how much they loved it. Suffice it to say I was so impressed that I dropped my AVG subscription and bought a PC Matic five-seat license. I have been using and recommending it ever since. In January 2021 I did an updated review -- see What's New in PC Matic 4.0?. As far as I know, PC Matic is the only internet security product that's entirely US-based, including research, development and support. It does come with a 30-day money-back guarantee.
Whitelisting and blacklisting are complementary security strategies. If you use both, your security will be enhanced. Have you tried a security tool that employs whitelisting? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 9 Dec 2021
|For Fun: Buy Bob a Snickers.|
Geekly Update - 01 December 2021
The Top Twenty
Which is the Best Month to Buy a Car?
There's more reader feedback... See all 21 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Yes, Virginia, You Need a Whitelist (Posted: 9 Dec 2021)
Copyright © 2005 - Bob Rankin - All Rights Reserved