Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The whitelist is a simple list of applications that have been granted permission by the user or an administrator. When an application tries to execute, it is automatically checked against the list and, if found, allowed to run. An integrity check measure, such as hashing, is generally added to ensure that the application is in fact the authorized program and not a malicious or otherwise inappropriate one with the same name.
Blacklisting, the opposite approach to whitelisting, is the method used by most antivirus, intrusion prevention/detection systems and spam filters. The blacklisting approach involves maintaining a list of undesirable applications and preventing them from running. However, the ever-increasing number and variety of threats in existence means that a blacklist could never be comprehensive, and as a result is limited in its effectiveness.
There is no consensus among security experts over which technique is better. Proponents of blacklisting argue that application whitelisting is too complex and difficult to manage. Compiling the initial whitelist, for example, requires detailed information about all users' tasks and all the applications they need to perform those tasks. Maintaining the list is also demanding because of the increasing complexity and interconnections of business processes and applications. On the other hand, proponents of whitelisting argue that it is better to put in the work to protect systems in the first place -- and save the resources required to deal with undesirable programs and the resulting problems that the blacklisting approach fails to prevent.