[PCWorld]

Post your comments for Coming: A Change in Tactics in Malware Battle here

[ATVSource]

I understand the need to head to a whitelist style for antivirus/spyware apps, but this author left off one of the main vendors that has been doing this long before other vendors even started to think of this apporach.
ZoneAlarm has been white listing for several years, heck as far back as 2000 as when I started using the software.
ZoneAlarm is an excellent app. and there is a learning curve for the whitelist with pop-ups, but I'd rather have more control over what an anti-virus/spyware program does rather than a little.
I've also found that by having those pop-ups and what not, I've learned a great deal on which types of software to allow and which to not.
So, not only will this type of approach be more sensible it will hopefully educate the public on threats and bring more awareness to those users to be more secure on what they allow to be installed and run on their PCs.

[katherinem]

There is a bit of confusion in the marketplace with regards to definition of whitelisting. What is being written about here is more "filtering." At Bit9, we do application whitelisting, which means identifying the good, approved applications to run and not allowing the unauthorized and unapproved applications (whether it is Skype, an Instant Messanger application, Google Toolbar, a Trojan, Spyware, zero-day exploit, etc.). Filtering and scanning is pattern matching and blacklisting. (See Gartner's research note by Peter Firstbrook from the Gartner IT Security Summit for more details.)

[douchrti]

Sadly I dont think this will have a large impact on the amount of infections being delivered.
The casual user will, when presented with the option of running or not running a application, will almost always run it.
Why? I ask them the same thing time after time. The answer, because I wanted to.
Until online safety education is a required course, you wont see the infection rate drop.
I do think its a great path to go down though. Malware writers have had it too easy for too long.

[LHart]

I can really see no difference between my present firewall McAfee asknig me whether-or-not to allow a program to run, and a 'white paper' firewall asking me the same.

I think that the 'white listing' approach to be the most valid solution to combatting the growing community of malware programs out there.

BRING IT ON!!!!!!!!!!

Lesley Hart

[cwhitten]

There is a company that has been doing "process authentication" for software which is essentially a whitelist since 2001. http://www.seventhknight.com
This isnt just another firewall application that keeps programs from establishing network connections - it keeps programs from executing entirely.
I hate to see small guys like this get left out when they had a better idea than the big guys like McAfee and Norton all along. Its much easier to keep track of the "allowed" programs than to try to keep up with the virus/malware/trojan writers and their new exploits.

[brian2505]

Gartner published report ID Number: G00137032 in March of 2006 that carefully identified the strengths and limitations of white listing.

The authors rightfully pointed out that denying and allowing application execution is largely a commodity, but the keys to successful whitelisting are in an automated exceptions process and scalable framework for creating and deploying application access policies.

One of the problems with simple file based policy we at TerraCerta have found is that software installations are often broken by simple file deny policies. For example, XP SP3 often breaks when Windows Messenger is controlled by a file deny policy. Convesely, process based policy (controlling msmsgs.exe as a process) does not break an SP3 update.

Controlling and monitoring files as computer processes provides the means to scalably deploy whitelisting while not jeopardizing necessary software modifications. In our (TerraCerta's)humble opinion, this is the direction whitelisting should take.