PC Advisor investigates the dangers of blocking all unknown applications.
As a vast flood of malware threatens to overwhelm antivirus software, security companies have begun changing the way their programs protect PCs. To avoid being regularly exposed by malware writers, the likes of Kaspersky and Symantec plan to turn the tables on them by allowing only known good programs to run.
The technique, known as whitelisting, could help protect your computer. But though some security applications already use this approach, it can also make using your PC a huge annoyance.
"Whitelisting is probably at the top of the list for what the industry needs to move towards," says Jeff Aliber, senior director of product marketing with antivirus maker Kaspersky Labs.
For Kaspersky and other antivirus companies, the ocean of malicious software in circulation today may mean that just tracking known good software will be easier than trying to keep tabs on all the bad stuff.
For example, Symantec, which has been pushing for an industry shift to whitelists since last year, anonymously tracks new applications that appear on PCs participating in its Norton Community Watch programme.
During one week last November, more than half of the 54,000 new executables reported by Community Watch were malicious, says Carey Nachenberg, a vice president and developer with Symantec Research Labs.
In the face of that sobering reality, Kaspersky is about to release its first consumer antivirus products that bring in whitelists. It will use lists from Bit9, a whitelisting company that maintains a 6.3 billion-strong list of known good applications. The new Kaspersky applications won't automatically block programs not on the Bit9 list, but instead will focus scanning resources on those programs that Bit9 doesn't recognise.
Theoretically, that could allow for more careful scrutiny of unknown files with less risk of false alerts.
But nobody has a full list of all good software, so you can't block everything not on a list without eventually blocking some great but relatively unknown programs. And displaying a pop-up that asks you to decide whether an unknown app is okay to run ensures that you'll eventually make the wrong call and break your software or even your system.
Most antivirus companies rightly make every effort to minimise the number of alerts that ask us to make a decision; an overreliance on whitelists could roll back those improvements.
NEXT PAGE: Community-based security > >
- Are whitelists friend or foe? Keeping tabs on malware
- Are whitelists friend or foe? Community-based security
- Are whitelists friend or foe? Free downloads
- Are whitelists friend or foe? Dedicated whitelisting services