Try App Whitelisting to Mitigate Malware
By Paul Paget
There will always be a threat from malware – malicious software that is designed to steal or corrupt data on computers. Malware affects everyone from security services to silver surfers, and when it isn’t checked it can wreak havoc.
Ultimately, it doesn’t matter what size your business is, whether you’re a multinational or a sole trader, the threat from malware is real and present, which means that you’ll need a solution. Usually this means anti-virus software, but keeping on top of updates and distributing these to all of the computers in your organization requires regular attention.
So can application whitelisting help? Is it even a valid alternative, or should your business stick to the tried and tested solution of anti-virus software and malware removal tools that detect and quarantine malicious software, keyloggers, rootkits and Trojans?
The Typical SME Approach to Anti-Virus and Malware
If you are responsible for managing online security in your organization or you’re involved as a stakeholder or an engineer, then you will appreciate that most businesses take a reactive approach to virus and malware threats.
If a virus or malware infects one or more computers, steps are taken to update the AV software (typically by downloading the latest virus signatures) and remove the infection. In most cases this is successful – anti-virus software is generally fit for purpose. However, there may be cases when virus signatures are yet to be added, making it difficult for the anti-virus software to find and remove the infection.
When malware is uncovered and the anti-virus solution is unable to deal with it, as is the situation in most cases, then the latest version of one of the popular anti-malware tools should be used.
You might find that running the removal process in Safe Mode works best. Although it typically takes over an hour for a single infected computer, you should eventually be able to diagnose the machine as safe to use. In extreme cases, it can take a few hours to rebuild the machine because remediation efforts fail.
It’s all rather slow, though, isn’t it? More to the point, it is reactive rather than proactive.
How Application Whitelisting Can Help
In the horrific circumstance that all of your computers have been infected with malware you might be pulling your hair out trying to raise as many engineers as possible while making alternative arrangements for users affected by the problem.
Or, you could be carrying on with the expected day’s work, safe in the knowledge that there is no outbreak; no malware has been installed and no data has been lost or stolen.
Unless you run a computer network that has no Internet connection and a “no disks” policy, the only way to fully protect your users from malware is to employ a solution that uses application whitelisting, a process that protects the software that controls the behavior of your computers. If the software is not on the whitelist, it won’t run.
It’s the doorman of the software world, in many ways. Basically, if your name’s not down, you’re not coming in.
Is Application Whitelisting the Solution or Part of the Equation?
As things stand, no single solution can exist as anti-virus software companies are busy keeping their applications up-to-date, with both virus signatures and tools to prevent the applications themselves being targeted by viruses. This means that it is unlikely at present that any AV or anti-malware developer will branch out into providing a complete application whitelisting solution.
Similarly, application whitelisting cannot claim to be the complete solution as it cannot deal with the task of removing threats.
It is, therefore, the perfect companion to anti-malware applications. When correctly configured application whitelisting can protect individual computers, servers and the entire networks from malware.
Be Proactive, Not Reactive
Whichever way you look at it, the reactive solution of anti-virus and malware removal tools is only a single item on your network security utility belt. It has been proven to work in quarantining the offending code but is largely useless in actually protecting computers from being infected in the first place.
This is why application whitelisting is vital as a proactive solution. Using both in tandem can leave you with an extremely secure network that is protected against malware and anti-virus however they might be introduced (targeted attacks, USB sticks, or malicious attachments to emails.)
Whitelists are widely used in website blocking and spam email management. Employing an application whitelist to protect your computers from malicious code that tries to run or install is a logical step to take in the fight against malware.
Paul Paget is CEO of Savant Protection based in Hudson, NH. He was previously CEO of Core Security and SVP Americas for Baltimore Technologies. He’s held VP Sales positions at GTE CyberTrust, and IDG World Expo. You may contact_him at firstname.lastname@example.org