Definition

application blacklisting

Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs.  Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters.

Blacklisting works by maintaining a list of applications that are to be denied system access and preventing them from installing or running.  However, because the number, variety and complexity of threats are constantly increasing, a blacklist can never be comprehensive -- and as a result is limited in its effectiveness.

The opposite approach to blacklisting is application whitelisting. In the whitelisting approach, a simple list of authorized applications is maintained. When an application tries to execute, it is automatically checked against the list. If it’s not on the list, it is not permitted to run.  

Some security experts argue that, although whitelisting is a more thorough solution to the problem, it is not practical because of the administrative resources required to create and maintain an effective whitelist. Other experts, however, insist that the blacklisting approach is simply too error-prone to be acceptable.

Marcus Ranum, CSO of Tenable Network Security, explains the folly of blacklisting:

“For a number of years - about twenty - I've been saying that ‘default permit’ security is stupid. Basically, you're adopting the approach that ‘everything is allowed’ and then trying to identify the things that are known to be dangerous, in order to block them. We've seen this approach used in virtually every area of computer security, and it has been a failure every time.”

 

See also: drive-by download, pop-up download, application security, Trojan horse, barnacle, rootkit, malvertisement, spyware, adware, clickjacking, scareware

Related glossary terms: application whitelisting, virtual patching
This was last updated in June 2011
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: