A different approach to protection
To understand why whitelist protection is different, you first should know how the blacklist works. Traditional antivirus, blacklist, works by making a list of all the known “bad things” and then blocking them from a computer. This approach means you need multiple layers of protection.
Often, you’ll see firewalls, email scanning, and antivirus packaged into one. It looks like a great deal! One company is offering to provide all these different services in one bundle. You should, however, rethink why all of those services are necessary. Shouldn’t an antivirus be intelligent enough to protect you?
Enter whitelisting. Frequently people ask us at PC Matic if we filter emails and provide firewalls. We tell them, “no, because we don’t have to.” Whitelisting works differently than traditional antivirus to keep you from needing those bundles.
How whitelisting works
Our CEO, Rob Cheng, equates whitelisting to home security. Traditional antivirus as home security would look something like this. You buy a home and then give out keys to everyone who is not a known criminal. Even when the new guy moves into the neighborhood, he doesn’t have a rap sheet so he gets a key to your house.
It doesn’t sound like a smart idea when you frame it that way, huh? Whitelisting, however, would mean you only handed out the keys to your house to people you knew and trusted. Makes a lot of sense.
Default-deny
Whitelisting is a default-deny approach. That means that, by default, a whitelist will deny anything unknown. This is a much better form of protection because it blocks even new and unseen threats. There are people that will argue this isn’t as sound as traditional antivirus (trust me, I’ve seen all the comments), but that’s an antiquated way of thinking.
Default-deny doesn’t mean it’s permanent either. If something unknown comes in contact with the whitelist, it’s analyzed to see if it is good. Once analyzed, an unknown can be added.
False positives
False positives are good programs blocked by the whitelist because they’re unknown. At PC Matic, we have two ways of dealing with false positives. First, we allow our customers the ability to locally whitelist something. This means they can allow it to run on their machines or their network. A word of warning, though. This should only be done by someone who knows what the program is before allowing it.
Second, all blocked samples are sent to our researchers. From there, they will categorize as good or bad. The good ones make it to the global whitelist. This makes the list smarter and more efficient with every new unknown that’s encountered.
Since we’ve been doing this for quite awhile now, the whitelist allows you to work uninterrupted.
Changing the game
New things are hard. Human beings are inherently resistant to change. But we’re living in the innovation age, and new and emerging technologies are the only way to keep progressing forward. Whitelisting has become commonly accepted as the future of antivirus. It’s time to jump on board.
For more information about PC Matic, whitelisting, and how PC Matic protects better, visit us.
