Of all the anxieties that gnaw at you, the thought that malware may have slipped under your antiviral radar and taken root in your system has to be one of the most galling. You simply don't know for sure. All you know is that the risk of infection increases every day, as malware morphs and multiplies at astounding rates.
More and more, I find myself believing that application whitelisting is the best way to really protect Windows computers.
[ How hard is it to detect malware? As InfoWorld's Woody Leonhard points out, it took Microsoft two years to get its Malicious Software Removal Tool to look for Zeus. | See InfoWorld's complete review of the Bit9 Parity Suite. | Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]
Maybe Symantec, Trend Micro, McAfee, and the rest have done too good a job of scaring the hell out of me, but if the number of malware exploits knows no bounds, how can you possibly defend against all of them? For business computing, at least, it makes more sense to bite the bullet and declare: The only executables that can run on a given system are known, good executables.
Application whitelisting starts with a clean, malware-free image of a desktop or server. Then whitelisting software is run to uniquely identify files using cryptographic hashes. From that point on, monitoring agents installed on managed systems flag the presence of any executables not on the hash list -- or prevent them from running. Most companies create standard system images, so whitelisting can be a highly effective way to lock down security.
"There are 15,000 legitimate executables on the average Windows computer," says Tom Murphy, chief strategy officer of Bit9, a whitelisting software vendor whose Bit9 Parity Suite won a 2010 InfoWorld Technology of the Year Award. Isn't it a little easier to bless 15,000 legitimate executables and prevent anything else from running than to try to recognize and block every malware exploit on the planet, including those being invented this second?