Software are a dime a dozen in the marketplace today, for just about any purpose. Old vendors remain entrenched and new entrants seek to make their mark. The big question in such a scenario is which software to trust? Some software may offer a host of functionalities but remain poorly secured or may even be malware carriers. It is common for malware operators to slip in seemingly genuine programs with malicious JavaScript, ActiveX or videos.
Most organizations apply a mix of various technologies including blacklisting and whitelisting to sift the good from the bad.
Blacklisting is a traditional approach to security, wherein the security suite, armed with a signature of malware files blocks any file having an image of the signature. The delay between the time the security researchers identify a malware and pass on the signature to all its customers however makes this approach unsuitable in today’s fast-paced world where the malware spreads rapidly and does its damage in double quick time.
Whitelisting uses the same logic as blacklisting, but instead of allowing everything except the files whose signature match with the repository, allows only the “clean” files as listed in the repository. This is more secure than blacklisting, but too restrictive in today’s age where free flow of information is a virtue. Similarly, white listing may prevent the download of an infected application, but does not prevent the application from being infected after the download takes place. Malware operators can easily circumvent whitelisting by slipping in dormant worms that activate at a later stage when the system connects to the internet.
Blacklisting or whitelisting works only as one layer of security. Total security requires due diligence before purchasing or downloading code, prompt update of security patches issues by the developer and installing a comprehensive endpoint security system.
Source: http://www.mcafee.com/us/
APR
