All Whitelisting Solutions Are Not Created Equal

Whitelisting is Effective, but Automating is a Must…

With cyber security threats growing, businesses must take a proactive approach to their data and device security.  According to SC Magazine, there is one methodology that has been proven to be effective in blocking modern cyber threats, including ransomware.

“According to numerous resources on ransomware, one strong and effective technique for dealing with end-user equipment is to implement application whitelisting.”

However, the use of whitelisting isn’t always efficient.  Philip Moya, IT director at the San Antonio Gastroenterology Associates, tested the implementation process of an unnamed whitelisting solution.   After conducting his study, he reported,

“…without helpful automation, the amount of time and effort involved in whitelisting makes it impractical and infeasible.”

For those considering the use of whitelisting, this feedback is incredibly valuable.  Users must understand how whitelist solutions may, or may not, automate the process of whitelisting.  Without proper automation, the IT admin could face a significant increase in workload and a decrease in office productivity.

What Does PC Matic Automate?

PC Matic focuses on automating the process of whitelisting new, good applications that are unknown. Good software applications are constantly being created or updated and released to be installed by consumers all over the globe. This presents challenges for IT Admins that must stay on top of the applications their employees need to utilize. Instead of leaving this work to the IT Admin, PC Matic automates the process and tackles 99% of the work with Global Whitelisting.

How Does PC Matic Automate the Whitelisting Process?

When a PC Matic user attempts to run an unknown application, it’s immediately blocked from executing. However, the chain of events doesn’t stop there for the PC Matic team. In fact, it’s just beginning. Following the block, if this is the first time any of their customers have run this file, information about the file including the file itself is uploaded to PC Matic servers behind the scenes. This requires no action by the user or IT Admin.

Next, that application enters several stages of confidential analysis by the PC Matic malware research team and their automated protocols. If the application is deemed good, it will be added to the global whitelist for all PC Matic users to run immediately. If the application is bad it will be quarantined and removed from endpoints in the future.

This whitelisting process also applies to another aspect of an application: digital signatures. Digitally Signed software follows best practice recommendations by most experts and Microsoft themselves. It also ensures that software is coming from that publisher and hasn’t been tampered with or altered along the way. PC Matic’s research team maintains an expansive list of trusted software publishers allowing any software they have digitally signed with a valid signature to run without ever being blocked or going through a categorization process. This process helps to reduce the need to individually whitelist every single good application in existence.  

How does that differ from normal whitelist solutions?

Traditional whitelist solutions offer the same default-deny security approach that PC Matic does, however they require the admin to take on all of the work. All applications must be approved to run in the environment. This can often entail weeks worth of work over the learning process to begin installs. Following a full deployment, the work doesn’t end.  Now, each new unknown application that wasn’t in the original whitelist needs to be vetted by the IT Admin and a determination must be made whether it should be whitelisted or not.

Several newer whitelisting solutions have added ways to make whitelisting slightly easier. This often includes starting with a known clean golden image to build the whitelist and then creating all other computers from that image. This could work great for a new environment but not an existing one. There are also ways to whitelist by directory or folder on the machine.  This is not, however, the best option, as it may open up security holes allowing anything that executes out of that directory to be trusted.

Finding the Right Solution

There is no doubt, whitelisting is the most effective means to block modern cyber threats.  However, from a business perspective, a security solution cannot just be effective, it must also be efficient.  Running a program that interferes with daily tasks, decreases productivity, or creates more work for the admin is not feasible.

Until recently, application whitelisting was known as an effective, but inefficient solution to data and device security.  Now, there is a whitelist option available that is not only effective but properly protects network devices and data without impacting the functionality and efficiency of business operations.

2,567 total views, 1 views today

(Visited 1 times, 1 visits today)

6 thoughts on “All Whitelisting Solutions Are Not Created Equal

  1. When PC Matic is first installed on a PC does it check the apps on that machine to determine if they are safe?
    In other words are ALL apps vetted when they first start to run? Is a hash of the app and/or digital signature
    checked each time an app is invoked? The scenario here is a malicious app that has somehow gotten on to
    your PC masquerading as a legitimate app. Last question, can digital signatures be forged?

    • Hey Rex, these are all great questions! I’ll answer them broken out below.

        1. When PC Matic is first installed our real-time protection component SuperShield is put in place. SuperShield checks all applications at execution, so once it is in place anything that attempts to run after will have to be on our whitelist in order to execute. A scan and clean of the machine can also be done with PC Matic to remove bad applications and put them in quarantine right after install.

        2. Yes, the hash of the application and digital signature is checked at each execution to see if it’s on our global whitelist or the users local whitelist.

        3. Even if the application goes by a normal vendor name or product name the hash and digital signature cannot be faked. We’ll see it as an unknown application and it will be blocked from executing.

        4. Digital Signatures cannot be forged, anyone can get a digital signature but we keep a specific list of trusted software publishers to allow by digital signature like Microsoft, Google, Adobe, etc.

  2. Is it possible for a hacker to spoof an originating URL the same as email addresses and phone numbers?

    If so, that blows all whitelisting solutions out of the water, surely.

    • PC Matic’s whitelist focuses on executions on the device by looking at hash or digital signature of a file to see if it’s trusted or not. This means it doesn’t matter what website or email it came from, once execution comes our whitelist check is made to prevent it.

  3. I am partially disabled, elderly and am afraid of updating to Windows 10…due to short term memory issues that preclude me from being able to “remember” about all the new items…where they are, etc. etc. WILL MY LIFE-TIME PC MATIC SUBSCRIPTION include the “automated whitelist service-stuff” that will keep me safe from unwanted intrusions, malware, ransomeware, etc.” ???

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.