Forrester analyst Chenxi Wang says it's not that common to hear about retailers subject to PCI rules using whitelisting as an approved substitute for A/V, but this phenomenon is occurring a lot outside the PCI-focused world.
Even though antivirus software is still widely used, there's increasing skepticism about the value of antivirus to prevent malware infections, Wang says. "If you ask them, 'do you use A/V today,' they say 'yes.' But if you ask them how effective it is, they all say A/V hasn't worked in a long time."
The downside of whitelisting has often been considered the difficulty in updating legitimate applications, but Wang says that this issue is fading as whitelisting products have gotten better. "It's not that much of a burden on the user experience," she says.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: email@example.com.
Read more about wide area network in Network World's Wide Area Network section.