Whitelisting. Application whitelisting in information security.
+7 (495) 967-14-51 

 Contacts   Sitemap  
Language:  Russian English     Search: 
 
Main page  →  Support  →  Useful information  →  Whitelisting
Technical Support
Submit Support Request
Useful information
Host Intrusion Prevention System (HIPS)
Whitelisting
Application Integrity Control
Application protection
Windows Startup / Registry Protection
Online banking security

News

RSS

 

Whitelisting

Overview


Application whitelisting is the complete opposite to the blacklisting approach used in traditional anti-viruses. Traditional anti-viruses use signature databases, which can be considered as a blacklist of program code not wanted on a machine. If the application contains code included in anti-virus signature base, this application will be blacklisted, and the anti-virus will consider it as malicious application and block it. Traditional anti-virus lets everything run except applications it knows are bad. As the number of new malicious programs increases exponentially, the signature blacklists can’t be updated quickly enough, so new malicious applications are able to run.


Application whitelisting is different. If traditional antivirus is blacklist, then solutions designed to prevent any unapproved code from running – application whitelisting – is where the future of antivirus lies. Compared to application whitelisting, the biggest problem with traditional anti-virus approach is the impossibility of keeping up with new malware quickly enough to avoid infection. Another problem with traditional antivirus is that the ever-increasing size of those blacklists means an ever-increasing risk of false-positives. If code for legitimate software is added to the signature base by mistake, the antivirus can crash the system. Ironically, this has happened to at least one antivirus company that also offers application whitelisting solutions.


Application whitelisting solutions


Application whitelisting is a much more effective approach to the prevention of malware infections. The main idea behind application whitelisting is that only software which has been designated safe is allowed to run; any code not included on the application whitelist is blocked from running.


Today’s malware is largely spread over the Internet, where it can do more damage more quickly than antivirus researchers can keep up with. But application whitelisting is effective against these so called “zero-day” threats – which spread quickly and usually disappear completely within 24 hours - and targeted hacker attacks in which unique malicious code is used.


So what’s the downside of application whitelisting? The solution is in the implementation. Some application whitelisting solutions need manual updates every time an application patch or update is issued – which is no more practical than a signature antivirus relying on multiple updates every day.


SafenSoft’s Host Intrusion Prevention System incorporates automatic application whitelisting with privilege sandboxing. This enables network administrators to establish a database of trusted programs – a truly functional application whitelist. The system can be locked down completely, or applications can be executed in a secure environment, or individual or group policies can be applied to enable certain applications be used for specific purposes and/or in specific circumstances only. Alerts are only generated when a new application is launched, not an updated or patched version of an existing trusted application.


Learn more about SafenSoft’s application whitelisting »


Print this page

 

Computer security: Information security solutions | Host Intrusion Prevention System (HIPS) | Endpoint protection | The best virus protection | Whitelisting | Application Integrity Control | Comprehensive Malware Protection | Application protection | Windows Startup / Registry Protection | Online banking security | Online payment protection | Data leakage prevention (DLP) | Information security in medicine |
  License Agreement   Press Center   Awards   Contacts   Sitemap   RSS 
SafenSoft, 2004-2014. All rights are reserved.