Business Standard

Software whitelisting is the way to go: experts

Image

Leslie D'MonteShivani Shinde Mumbai
Blacklisting is no longer sufficient in the changing IT scenario.
 
Anti-virus and anti-spyware technologies, which are packaged as 'blacklist' solutions, are gradually giving way to what security experts claim is a far more effective IT security technology based on 'whitelist' solutions.
 
However, a comprehensive IT security solution would imply that vendors take care of the root cause rather than just specific problems which the lists address, they caution.
 
Blacklists have always been a significant tool in the security industry's anti-malware arsenal. A blacklist, for instance, is a list of a particular entity "" whether domain names, e-mail addresses or viruses "" which are considered dangerous or capable of causing damage.
 
A website, for instance, can be placed on a blacklist because it is known to be fraudulent or because it exploits browser vulnerabilities to spread spyware or other unwanted software from a user's machine.
 
Common examples of traditional blacklist solutions are anti-virus and anti-spyware software. Blacklist software works by blocking known threats.
 
When a new virus becomes known, the anti-virus companies create a defence against it and provide an update to users. Blacklist solutions provide automatic updates, hence, do not require time-consuming maintenance. Besides, they allow malware to be identified and eliminated.
 
"However, using a blacklist (reactive response to viruses or malware) solution essentially means that users are giving control of their networks to a third-party vendor. 'Whitelist' technology, on the other hand, helps administrations tackle unknown events like malware, etc. Unlike blacklist solutions, this is a proactive response," explains Shamshad Ahmed, regional director, India and SAARC, Lumension Security.
 
Surendra Singh, regional director, SAARC and India, Websense, concurs: "The use of blacklist is reducing since the web is changing. From a security point of view, a whitelist is getting more relevant."
 
A 'whitelist' would compile every known legitimate software program, and add new ones as they are developed. No executable file that is not on the whitelist "" such as a chat program, P2P, spyware, or Trojan "" would ever get installed or run on a user's machine.
 
Whitelist solutions require no virus or spyware definition updates; so, systems are always protected from day-zero virus attacks. Lumension has already installed whitelist solutions in banks like HSBC, Citibank, ABN Amro, and in pharma and IT firms like L&T Infotech.
 
But are whitelists, then, writing the eulogy for blacklists and anti-virus vendors? "With Web 2.0, the threat landscape is changing dynamically. More than the blacklist and whitelist approach, the ability to address these issues in real-time will be important," cautions Singh.
 
Niraj Kaushik, country manager, Trend Micro India, concurs: "Traditionally, security solutions used the method of blacklist and whitelist to tackle the security issues. But there is a whole grey area that does not fall in this category and needs to be addressed. We have been using a combination of both to address threat levels on email servers as well as on the web. The problem with blacklist or whitelist is that the user needs to define what they want to access and what needs to be blocked."
 
"Solutions based on blacklist and whitelist are reducing. Going ahead, solutions providers are creating solutions that take care of the root cause rather than just the problem. Blacklists and whitelists look only into specific problems (worms, virus, etc). But given the interactive nature (Web 2.0 sites) of the web and the increasing threat levels, one cannot expect a user to manually download and upload a blacklist on a daily basis. Hence, their use is bound to decrease," explains Kartik Shahani, regional director, McAfee India.
 
McAfee's Site Advisor is an example of how security threats need to be tackled, says Shahani. "Based on the kind of malware, site vulnerability, testing of the sites, it gives these sites colour coding. This is ported into all our applications and takes care of the filtering of malicious sites. A user need not upload or download malicious sites manually, it is done in a dynamic manner."
 
Some experts, meanwhile, point out that a whitelist would require co-operation and funding from a majority of players in the technology industry.
 
They further note that the body would have to be neutral, take into consideration open-source software "" which are quickly and often modified "" and be fast in its approval process.
 
THE ERA OF WHITELISTING HAS BEGUN
 
  • A 'whitelist' would compile every known legitimate software program, and add new ones as they are developed
  • No executable file, that is not on the whitelist "" such as a chat program, P2P, spyware, or Trojan "" would ever get installed or run on a user's machine
  • Lumension has installed whitelist solutions in banks like HSBC, Citibank, ABN Amro, and in pharma and IT firms like L&T Infotech
  •  

    Don't miss the most important news and views of the day. Get them on our Telegram channel

    First Published: Feb 08 2008 | 12:00 AM IST

    Explore News