To put it simply, the concept of "white listing" is to define a set of software, a set of vendors, and allow only those trusted applications or files from those vendors to run on your machine. If a file or application is not approved, it will not run. This is the opposite of how we've blocked malware from our machines in the past.
In 2007, Symantec detected more than 1 million viruses, with two-thirds created within the calendar year. Loading 1 million antivirus signatures or even a percentage of that if generic signatures are used is a pretty serious undertaking. The idea here is that maybe we should only be loading signatures for the good files.
So far, the idea is only being implemented in the enterprise space. Still, it's a interesting idea. On the desktop it's already being used to stop spam, so why not use white lists to block malware as well?
Massachusetts-based Bit9 has created one of the largest catalogs of "known good" and "known bad" applications. Its Global Software Registry (GSR) serves as the policy enforcement center for Bit9's enterprise offerings. Recently, desktop antivirus vendor Kaspersky announced a partnership with Bit9 that will allow it to use the GSR in its upcoming desktop products in 2009.
This week on the Security Bites podcast, CNET's Robert Vamosi talks with Tom Murphy, chief strategy officer for Bit9, about white listing and its potential for the future.
Listen now: Download today's podcast