What Does Whitelisting mean?
The term “whitelist” refers to a list of products allowed to function on a system. Such lists can be maintained manually (meaning they’re updated and maintained by users) or automated tools like installers and software protection programs. The latter method relies on end-users notifying developers when unauthorized programs try to install themselves on the whitelist.
Whitelisting is the process of approving a particular computer program to run on your computer. It implies that you permit an application to be installed, started or executed while blocking other applications from performing these tasks.
This way, authorized apps always get through, but unauthorized apps do not; only if the user tries them will they ever make it onto the whitelist (meaning the end-user further authenticates them).
Whitelisting is one of three main approaches to controlling what a computer system does, the other two being blacklisting and gray listing.
A whitelist (or approved list) is like a ‘little black list’: It includes only items allowed to be used on a system.
Since every entry in a whitelist must be specifically approved for use by an administrator, software developers can control exactly which programs run on their systems without further human interaction. This differs from blacklisting, where no software is authorised explicitly for installation or use, so any piece of software may be installed without permission.
As with all security measures, it cannot guarantee that unauthorized software won’t find its way onto a user’s computer or device, but it can reduce the likelihood. Whitelisting is so effective at this goal that some companies have been known to block legitimate programs from running if they were installed after a specific date. Companies also use whitelisting to prevent authorized users from adding new devices to their networks without approval.
Whitelisting is one of the most secure software development approaches, but it also comes with some drawbacks. For example,
- When end-users are allowed to add or remove legitimate programs from the list, they may not do this for everything running on their computers.
- Users might not understand what each entry does in a list and might accidentally block an essential system utility or application, which could cause problems on the device down the line.
- It’s also easy for them to forget any programs that aren’t listed and allow unauthorized software onto their systems.
- The benefit of using a whitelist is that it offers complete control over which applications can run, but this also means that both regular users developers need a lot of training to make effective use of this approach.
For instance, some operating systems offer an added level of security for apps that are natively installed by blocking non-native applications from running by default.
- The nature of whitelisting makes it very restrictive. This approach isn’t great if you think you need an application at some point, but you can’t remember if it’s on the list or not.
- In addition, some unauthorized programs might be able to evade traditional whitelisting controls by dropping a copy of whitelisted application code onto disk and using that as part of their installation process.
- In this way, they manage to get past any protections before they’re even installed.
- It usually takes a lot of experience to configure these types of systems well enough that end users don’t override them when they install legitimate software programs and remove them to be able to run non-native applications instead.
Blacklisting is the process of blocking software that you don’t want to run on your system. It implies that you deny an application from being installed, started or executed while allowing all other applications to perform these tasks.
This technology uses lists of known unauthorized products and programs developed by human experts (e.g., police) or artificial intelligence (e.g., virus scanners). The term “blacklist” refers to a list of products that cannot function on a system. Such lists can be maintained manually (meaning they’re updated and maintained by users) or automated tools like installers and software protection programs.
As with all security measures, blacklisting cannot guarantee that every piece of unauthorized software won’t make it onto a user’s computer or device, but it can reduce the likelihood. Blacklisting is one of three main approaches to controlling what a computer system does, the other two being whitelisting and gray listing.
- The advantage of blacklisting is that it’s comparatively easy for end-users to update and maintain lists of applications that are not allowed to run or install. For instance, you might want to block every application except the ones you need right away because blacklisting makes it easier for users to understand what they’re doing.
- The primary downside of blacklisting is that it can leave devices vulnerable to attack.
- While some programs are more critical than others, sensitive computer systems will always benefit from additional security measures like whitelisting when possible.
Why Blacklisting Is Preferable
There are many security software programs that can help you with the black listing. However, there are not that many options for whitelisting or greylisting. For this reason, it’s probably best to stick with a black listing if you’re new to security software.
This is because while some security apps like ransomware protection might be more challenging to deal with in terms of management and usability, they’re still preferable to not having enough control over what your computer does when it comes to running your applications and accessing your files.
Greylisting is the process of allowing an application to be installed, started or executed, but not without further authentication by end-users.
It implies that you allow an application to be installed, started or executed only if it’s also present on a list of authorized programs; otherwise, it may not function (a ‘blacklist’).
When implemented in software protection products like installers and updaters, greylisting relies on end-users notifying developers when unauthorized programs modify whitelisted products.
Only after establishing communication with the developer can unauthorized programs make it onto the whitelist; this way, authorized apps always get through when they need to do so (like when updates are released), but unauthorized apps do not.
If all an application does is update or patch software, this approach can also be applied to certain parts of the file system outside which users are permitted to make any changes.
Software developers will sometimes go so far as to block all access to the file system while their programs are running. This way, users cannot add or remove files, even if authorized for this task. This extreme step ensures that only the developer’s program can change files on its behalf; unauthorized applications won’t get through no matter how much you wish them to be there.
There are a few advantages to greylisting over blacklisting and whitelisting. For example,
- Greylisting can be far more efficient than these other approaches because you’re essentially telling the computer security software only what applications should be allowed to happen under no circumstances.
- All other programs are permitted from running or installing by default, but if they try, that could trigger authentication by end-users who have been trained on what each application does. This is preferable for those who think they might need an application at some point but cannot remember whether it’s on the list or not.
- Unauthorized users can add any additional programs and remove legitimate programs to make them work.
- You’re likely to find more grey-listing tools than blacklisting or white-listing applications because it balances security and usability well enough that many people find it appealing.
- One main disadvantage of greylisting is that it’s not suitable for users who think they might need an application at some point but cannot remember whether it’s on the list or not.
Whitelisting vs Blacklisting vs Greylisting:
The main difference between whitelisting and blacklisting lies in what actions the lists allow versus deny
|You allow a specific software to run or install.||You do not allow a particular software to run or install.||You let a certain software run/install, but only after authentication by the end-user. All other programs are blocked from running or installing.|
|It cannot guarantee that unauthorized software won’t find its way onto a user’s computer or device, but it can reduce the likelihood.||Blacklisting cannot guarantee that every piece of unauthorized software won’t make it onto a user’s computer or device, but it can reduce the likelihood.||When implemented in software protection products like installers and updaters, greylisting relies on end-users notifying developers when unauthorized programs modify whitelisted products.|
These approaches serve the same purpose – they help you define which applications should and shouldn’t be allowed to run on your system – but each approach is different in how it selects its entries and how it handles them when changes occur (e.g., updates).
“Whitelisting” is a process where specific applications are approved to run while blocking all others from running. The term “whitelist” refers to an approval list of programs that are allowed to function on a system, similar to other lists like the blacklist (a list of programs that should not be allowed). There are advantages and disadvantages to black-listing or whitelisting systems.
Black listing security software will leave devices vulnerable while whitelisting security software gives complete control over which apps have permission to run, but it also has many downsides.
Greylisting security software is less user friendly but easier to manage a system that works in most cases. For this reason, many security software apps today use hybrid systems that combine these two approaches.
The benefit of whitelisting is that it can allow for more secure computer systems. However, the downside is that it’s difficult for regular users to manage and maintain these lists themselves. Hence, blacklists are typically much easier to deal with if you want an added level of security over something like greylisting.