If you’re still thinking that antivirus software is focused purely on apps that can add a virus or bad program to your computer, you’re way out of date. In fact, modern anti-malware software like PC Matic can help your computer stay free of malicious browser helper objects, browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, adware, spyware, infected and malicious URLs, spam, scam and phishing attacks, online identity threats, and ransomware. That’s a lot of threats. How does it all work? To find out about how whitelisting helps protect a PC, I asked PC Pitstop [makers of PC Matic] head of Cybersecurity Dodi Glenn. Here’s what he shared…
Q: Let’s start with the basic concept. What’s the point of “whitelisting” programs on your Windows computer?
A: Think of this form of protection as analogous to how people protect their homes. In a blacklist world, everyone would have a key to your house, unless they’ve been convicted of doing something bad. That means that anyone can freely come into your house, do as they wish, and leave. I personally don’t like that approach. In a whitelist world, only trusted people, such as your spouse or your children, have a key to your house. The people are trusted individuals, and can freely come and go as they please. If they aren’t on the whitelist, they can’t access your house.
Q: Everyone having a key to my house sounds like a really bad idea. But do you have a default list of good and bad programs so I don’t have to start from scratch?
A: Yes. PC Pitstop’s research team searches the Web for clean applications, so that they can be added to the global whitelist. This global whitelist is used by all PC Matic customers, taking the burden of maintaining the list off of consumers’ shoulders. The result is that customers only need to scan their machine once, when they first install the program. After that, PC Matic will protect the computer using the Super Shield technology, which monitors the computer for programs that are not on the whitelist.
Q: Is this whitelisting feature something that every antivirus program includes?
A: No. In fact, traditional antivirus programs have been fighting a losing battle for years with increasingly outdated tactics. Popular hacker exploit kits pounce on new vulnerabilities quickly while advanced tools such as polymorphic viruses propagate their malicious intents. As a result, signature databases (known as “blacklists”) have ballooned in size, causing strain on a company’s infrastructure and endpoint performance. Combined with the fact that antivirus vendors miss a significant number of the unknown or zero-day threats, many security professionals are left questioning their antivirus approach to endpoint protection. As the number of malware samples rise, this traditional “Whack-A-Mole” blacklist strategy of signature-based antivirus protection is simply insufficient.
Application whitelisting is a form of application control by which only trusted applications/processes are allowed to run, while everything else — including potentially malicious code — is blocked by default. Since the technology doesn’t require constant updates by a central console, solutions in this market offer protection even when endpoints are off-network. Like application privilege management, whitelisting’s success is primarily fueled by its effectiveness at preventing zero-day malware.
Q: Wait, what’s a “hacker exploit kit”? Can people just download and use these without fear of being arrested?
A: If you know where to go, you can certainly download exploit kits, or even purchase “ransomware-as-a-service”. This means that you rent out another hacker’s backend system, and use it to deploy your own ransomware. You collect the money from the ransomware, and pay the other hacker a small percentage. Scary, huh?
Q: I’m sold on having a whitelist approach in my antivirus, but is this just some add-on to PC Matic or more central to its design?
A: There are other security programs that incorporate a piece of application whitelisting. However, PC Matic is the only security solution that uses this default-deny approach as its primary method of malware detection. PC Matic uses an automated, global whitelist, called Super Shield. As the core of malware prevention and detection, Super Shield is PC Matic’s primary defensive line against today’s cyber security threats.
Q: Great stuff. One last question, Dodi: How did you end up as Head of Cybersecurity at PC Pitstop?
A: Actually, I’ve been in the cyber security industry for over 13 years. I previously managed an antivirus lab, and am currently on the Board of Directors for the Anti-Malware Testing Standards Organization (AMTSO). Lots of threats, lots of solutions. My years of experience in malware techniques and understanding of the latest threats is what led me to becoming the Vice President of Cyber Security at PC Pitstop.
Thanks for that informative interview, Dodi. If you’d like to learn more about how PC Matic can help keep your computer free and clear of viruses and the rest of the malware hoard, please check it out at pcpitstop.com
I think that the real life whitelist example was a bit extreme. It’s more like you’re the only one who has the key to his house and allows people to enter or leave at will. However, you can’t easily tell who has good intentions and who doesn’t. The Whitelist is something like a guard who prevents people with potentially malicious intentions to enter your house. This is probably a more suitable example.