The Real Dirt on Whitelisting

July 30, 2008 – 3:16 PM

It’s déjà vu all over again. Whitelisting technology has enjoyed a resurgence of interest lately, with antivirus companies such as Symantec, McAfee, and Microsoft planning to add it to their blacklisting-based malware detection tools and some enterprises even dropping AV altogether in favor of whitelisting alone. All thanks to the proliferation of botnets, stealthier malware, and the near-epidemic in data breaches that have led vendors and enterprises to search for something other than the standard approach of blacklisting known threats.

Whitelisting, the concept of which dates back to the mainframe days of locked-down and controlled applications, lets only approved and authorized applications run on user machines. Today whitelisting is becoming a first layer of defense in some organizations, says Tom Murphy, chief strategist for Bit9, which sells a whitelisting solution. “Over time, what we see is an erosion of value for blacklisting because more machines will be using whitelisting,” he says.

Murphy predicts that within two years, most every machine will have some element of whitelisting security, whether it runs blacklisting-based antivirus software or not. And AV vendors are starting to jump on board: Bit9 recently announced that Kaspersky Lab, for instance, is now using its Global Software Registry database of clean, whitelisted applications to build out some of its technology.

Source:
http://www.darkreading.com/document.asp?doc_id=160433