More of a Gray Area

Blacklisting's about to become passe as major AV companies look to whitelisting's potential

Dark Reading Staff, Dark Reading

February 26, 2007

2 Min Read
Dark Reading logo in a gray background | Dark Reading

5:25 PM -- Will anti-malware companies convert from blacklisting to whitelisting? According to Ken Steinberg, CEO of Savant Protection, which sells hybrid whitelisting/blacklisting software, senior technologists at five top antivirus companies tell Savant they will eventually drop blacklisting for whitelisting.

"And it's going to hurt," he says of them shifting gears. (He can't name names, but he says "all the major vendors" will make the move.)

The likely suspects? That would include McAfee, Symantec, Sophos, Kaspersky, and Trend Micro, among others. Still, no one's saying and none of these vendors have given the slightest indication publicly they're headed in this direction.

Savant has made a name for itself with its hybrid, but heavily whitelisting-leaning, approach to anti-malware. Steinberg describes it as a dalmatian: "It's 90 percent whitelisting, and 10 percent blacklisting," he explains, kind of like the spotted dogs of Disney and firehouse fame.

OK, so whitelisting isn't new, nor are mixed-bag approaches to security. But Steinberg argues that blacklisting's days are numbered, and whitelisting is more efficient and effective. Whitelisting has traditionally gotten a bad rap for being labor-intensive, with massive databases of application data, but he argues that was just a client-server whitelisting solution problem. "That made analysts roll their eyes and run."

Blacklisting obviously has its weaknesses, namely that it's all about known threats and can't detect zero-day threats. But Steinberg maintains you can't drop it altogether. "Whitelisting suffers from the ability to do friend-or-foe analysis and interception," he says. "And you can mitigate the time delay problem of blacklisting by doing whitelisting in primary mode," like Savant does.

But like anything, it's not really black and white. And apparently not all major security vendors are ready to make such a drastic change in technology strategy: "One of the top 10 software companies in America is stuck in analysis paralysis -- they can't decide what to do [here]," Steinberg says. Stay tuned.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights