Whitelisting has become more popular during 2009.
Well users are less enthusiastic about this new trend.
What is whitelisting and why it has become that unpopular?
When McAfee acquired Solidcore last year because of the whitelisting technology,
everyone could read the writing on the wall explaining the gaining popularity of this technique.
Via whitelisting you can determine what applications are allowed to start on computers.
Only applications on the ‘whitelist’ are allowed to start.
This technique has a bad reputation.
Administering it is a hard thing to do, because the list of approved apps has to be set per computer
or usergroup constantly. There is one huge benefit:
you can exclude malware and possible unwanted software withing your business network.
The number of malicious applications is growing rapidly.
Traditional methods like blacklisting (placing programs unto a blacklist) are not functional,
because they always are applied after the fact.
New anti-malware technologies like reputation based scanners (in the cloud),
has come out of beta during 2009. Why anyone want to use whitelisting anymore?
The product McAfee uses for whitelisting is called Application Control.
The product gets good reviews, but that also is so for the competition like Bit9 Parity and CoreTrace Bouncer.
But users do not like it one bit.
CoVantage Credit Union from Winsconsin in the USA got a lot of complaints by employees
as the bank started whitelisting Faronics software.
“The feedback was this was unacceptable”, says CSO Aaron Hunt.
“We implemented it in a rush apparently and with too much security.”
Whitelisting protects against malware and blocks installing e.g. P2P- or Bittorrent-software.
Also the use of non-listed USB peripherals is being blocked by the software.
A disadvantage of whitelisting, according to Rene Head, a security expert,
is that it may hamper efficiency and innovation.
A benefit according to him is that the help-desk gets less calls.
Whitelisting is a solution to protect against malware, but it will never be a panacea, Head says.
Also McAfee recognizes that this technique has its problems.
Director productmanagement Kish Yerrapragada hears a lot about management problems.
“Whitelisting is a dynamic technology with the problem that the decisions are taken by a third party”,
he remarks.
According to McAfee the system can be best applied on application- and DNS-server(s) and point-of-sale software.
Also it is a solution for firms with little third party software running.
For the future whitelisting will be seen more inside virtual surroundings, McAfee thinks.
Traditional solutions for those systems weigh too heavy of the hypervisor,
and there whitelisting could be a welcome thing.
Links:
http://blogs.gartner.com/neil_macdonald/2009/03/31/will-whitelisting-eliminate-the-need-for-antivirus/http://www.mcafee.com/us/enterprise/products/risk_and_compliance/application_control.htmlhttp://www.bit9.com/http://www.coretrace.com/http://www.faronics.com/whitelist/polonus
