Whitelisting to detect Malware

According to this article instances of malware infections have been increasing over the past few years. In fact, nowadays malware typically makes up the majority of all new software applications developed for Windows-based PCs. As a result, it is becoming more and more difficult for security products and vendors to detect them all.

The typical way they do this is by blacklisting these programs. As soon as malware shows up on your computer, they can (usually) be detected. Since malware is becoming harder to blacklist, one suggestion is to keep a whitelist— a list of all programs that should be trusted. This differs from a blacklist, which lists programs that should not be trusted.

This suggestion was implied by both Dave De Walt, CEO of McAfee and John Stewart, CSO of Cisco.

I think this is potentially a bad idea, especially as it pertains to PCs. A personal computer that maintains a whitelist opens the door for the legitimate flagging of completely harmless programs as malware. Although it is likely that a whitelist approach will detect more malware with less effort, we have to consider whether or not its worth it to have a high number of false positives as well.

People have gotten used to security programs only telling them what programs are not safe. I’m not so sure they will respond so well to a security program only telling them what programs are safe.

It will change the way people interact with their computers— users exercising a more conservative approach to adopting software at the suggestion of a security vendor could inhibit the use of new or unknown software, regardless of whether it is safe or not.