I was told that I should use application whitelisting to protect my computer; do you agree and if so, how do I do it?
This question was answered on May 3, 2018. Much of the information contained herein may have changed since posting.
Technically speaking, application whitelisting is a very good way to create a more secure environment because it tells your computer that it can only run specific applications. This can prevent rogue malware that may be able to sneak past traditional security systems, such as signature-based anti-virus programs.
Whitelisting vs Blacklisting
Application Whitelisting tells your computer to block anything NOT on the list, while Blacklisting tells your computer to block anything ON the list.
Traditional anti-virus uses blacklisting which requires that newly released malware be identified and added to the list before the program can protect you from it.
The contents of a blacklist can grow daily, making the approach more of a resource hog which can impact performance and they can never protect you from previously unknown malware attacks.
Whitelists, once setup, are going to be much smaller and somewhat static unless you’re constantly installing new applications.
Is Whitelisting For Me?
The answer to this question if very different for different users – IT professionals and businesses should absolutely explore whitelisting to protect their networks while the average home user may not be up to the task.
As a practical matter, getting it properly configured and devising a strategy to properly update the whitelist may be a bit much for non-technical users. You may remember the annoying User Account Control (UAC) in Windows Vista that would routinely pop up a window asking for permission to continue when you tried to use something new.
UAC was a form of whitelisting that blocked the use of anything it didn’t already know to be safe – you’ll notice that Microsoft went a different direction afterwards because it was too intrusive to users.
Security and usability have always been on the opposite ends of the spectrum, so finding the right balance for you is the key.
If you’re trying to secure a business workstation or a child’s computer by severely limiting what it can do, application whitelisting may be ideal.
If you decide you want to explore whitelisting, you may have the ability built-in to your operating system.
Windows 10 Pro and Enterprise editions have extensive tools for creating application whitelists (https://goo.gl/gUeEP8) which don’t exist in Windows 10 Home.
Windows 10 Home users can create a very basic form of application whitelisting by only allowing apps downloaded from the Microsoft Store to be installed. To do this, go to Settings -> Apps and change the dropdown box in the ‘Installing apps’ section at the top of the ‘Apps & features’ menu.
Keep in mind, this means that you won’t be able to install older programs from CDs or DVDs or utilities and programs that you would typically download directly from other software companies.
MacOs users can create a basic form of whitelisting through the Parental Control menu (https://goo.gl/E3CDus) or through Gatekeeper (https://goo.gl/SPcoKQ) which is Apple’s primary tool for controlling what apps can be installed.
Third-party options do exist, but they’re mainly developed for business users as most of the attempts at consumer tools have been ineffective or too complicated.
About the author
Posted by Ken Colburn of Data Doctors on May 3, 2018