Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Whitelisting and the Decline of Anti-Virus

First published: 30th June 2007

In an article published in The Register, consultant Robin Bloor argues that the time for anti-virus has passed, and the future is security through whitelisting. He points to the recent acquisition of SecureWave by PatchLink as demonstrating the rise of whitelisting vendors; suggesting that there is no need at all for AV once you have whitelisting and, "we'll never stop the global virus plague until AV becomes defunct".

While the business implications of the acquisition will be interesting to financiers and investors, security experts and IT users should look at the technical and social implications, in particular:

Whitelisting enforces what software is allowed to run on a machine. The controller of the centralised list would wield enourmous power. Suppose it was controlled by a company, call them "Monopolistic Software", how could competitors and open source developers get a guarantee of fair treatment in the validation process? Anti-virus does not have this problem because preventing a rival's software from running would require a positive act, blacklisting, that can be verified, demonstrated and used as evidence in court. The unfairness of "delays" in validation could be glossed over.

Then there is the problem of what happens when bad software is validated. It will happen, developers will be running unprotected machines, or they wouldn't be able to run the software they are creating, and some devlopers will be malicious. Whitelisting is therefore a fragile "solution", that does not cope well with failure.

In fact, the function of "Perfect Anti-virus software" is exactly the same as "Pefect Whitelisting software", they allow good programs to run, and stop bad programs from running. As we know that it is impossible to create "Perfect Anti-virus software" (Dr. Cohen provided a mathematical proof), we know that "perfect Whitelisting software" cannot exist. We live in the real world. Design your security strategy with defence in depth to cope with the imperfect solutions we have available.

Updated: 29th June 2007

The comments on The Register article are well worth reading, Vesselin Bontchev points out the flaws in whitelisting and Trusted Ownership. One commentator dramatically demonstrates his ignorance by questioning Dr. Bontchev's expertise, rather like saying Stephen Hawkins doesn't know physics!


More Information