March 14, 2011, 11:26 AM — Whitelisting technology that prevents unauthorized software from running on corporate servers and PCs is a way to prevent malware attacks but managing the package keeps the Burton Group, a division of Gartner, from recommending it as a substitute for traditional antivirus software.
[ See also: Free antivirus software: The best and the rest ]
Whitelisting rather should be used as a "complementary" security defense because traditional antivirus software based on "blacklisting" to block and eradicate known malware can't keep up these days, because attack software has become "so prolific," according to the Burton Group's "Application Control and Whitelisting for Endpoints" report published today.
CASE IN POINT: Antivirus didn't help in zero-day attack on power plant
That's mainly because real-world whitelisting deployment "remains challenged by ever-changing user demands, platform complexity, and software complexity," says Burton analyst Dan Blum in the report, which provides an exhaustive analysis of the many types of vendor software and methodologies offered to protect host-based computers through application controls that limit what can be run.
The major uses for application control and whitelisting today are to lock down production servers and embedded or fixed-purpose devices and PCs. Deployment tends to be more complicated in enterprise deployments for general-purpose users that may have constantly changing application needs or wishes.
The report provides an exhaustive summary of the various application-control products on the market today and the platforms they support (smartphones are largely missing). Burton Group details seven main categories of whitelisting software, noting that increasingly, whitelisting is available as capability that's been integrated into software for life-cycle management or anti-malware.