Skip Links

Whitelisting made strides in 2009

McAfee's Solidcore buy emphasized whitelisting security technology

By , Network World
December 18, 2009 04:48 PM ET

Network World - When McAfee bought Solidcore for its whitelisting technology this year, it was a clear sign that whitelisting is gaining acceptance -- though not all users are happy about the trend.

The premise of whitelisting is to lock down applications on computers and allow only authorized ones to run. In general, whitelisting has a reputation for being difficult to manage because it requires keeping the whitelisted applications fully up to date on any machine using it. On the positive side, whitelisting can stop malware from executing, prevent unwanted programs, and assist in compliance reporting.

New laws complicate security efforts in 2010

With the number of malware specimens rising exponentially, traditional blacklisting methods that rely on signature-based defenses against known threats are widely regarded as inadequate on their own. Various newer types of malware defenses, such as cloud-based reputation analysis, took off in 2009 in a major way. But is whitelisting going to really be worth the effort?

McAfee's whitelisting product, Application Control, scores good reviews, as do other products such as Bit9 Parity and CoreTrace Bouncer, indicating product maturity. But the real obstacle to whitelisting continues to be corporate employees who rebel against it.

CoVantage Credit Union of Antigo, Wisc., found its employees strongly objected when the IT department tried locking down their computers using whitelisting technology from Faronics. "The feedback was this was not acceptable," says Aaron Hurt, information security officer for the credit union. "We probably locked down too hard, too fast."

While whitelisting does protect against malware and guard against running unauthorized applications such as peer-to-peer programs, it also got in the way of immediate use of applications that employees legitimately needed, Hurt notes. Employees didn't like having to contact the IT department when these kinds of new applications came along.

But Hurt says he has seen whitelisting improve over time. Faronics released a better management console during the past year, and he's convinced whitelisting is a good way to combat malware. "I do believe whitelisting has gained a lot of momentum and it's something we'll return to," Hurt says.

But for now, employee desktops at the credit union are restricted from P2P programs, games, admin tools or using USB devices through the Sophos antimalware and host-based intrusion-prevention system Endpoint Protection, which can blacklist some applications.

Technology services provider Unisys also shares the sentiment that whitelisting can be problematic. According to Rene Head, global theater engagement manager for managed security services at Unisys, the downside is it may end up slowing business efficiency and stifle innovation. But on the plus side, he notes, whitelisting can cut down on help desk calls.

And most importantly, whitelisting can be most useful when it's used on computers such as application servers or in perimeter guards that aren't especially subject to employee whim.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News