application whitelisting

This definition is part of our Essential Guide: Secure Web gateways, from evaluation to sealed deal

Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.

The whitelist is a simple list of applications that have been granted permission by the user or an administrator. When an application tries to execute, it is automatically checked against the list and, if found, allowed to run. An integrity check measure, such as hashing, is generally added to ensure that the application is in fact the authorized program and not a malicious or otherwise inappropriate one with the same name.

Blacklisting, the opposite approach to whitelisting, is the method used by most antivirus, intrusion prevention/detection systems and spam filters. The blacklisting approach involves maintaining a list of undesirable applications and preventing them from running.  However, the ever-increasing number and variety of threats in existence means that a blacklist could never be comprehensive, and as a result is limited in its effectiveness.

There is no consensus among security experts over which technique is better. Proponents of blacklisting argue that application whitelisting is too complex and difficult to manage. Compiling the initial whitelist, for example, requires detailed information about all users' tasks and all the applications they need to perform those tasks. Maintaining the list is also demanding because of the increasing complexity and interconnections of business processes and applications. On the other hand, proponents of whitelisting argue that it is better to put in the work to protect systems in the first place -- and save the resources required to deal with undesirable programs and the resulting problems that the blacklisting approach fails to prevent. 


See also: application security, Trojan horse, spyware, adware, drive-by download, pop-up download, barnacle, rootkit, malvertisement, clickjacking, scareware

This was last updated in June 2011

Continue Reading About application whitelisting



Find more PRO+ content and other member only offers, here.

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you unwhitelist files?
We've always used an ever-changing list of USE THIS, NOT THAT (or whitelist, blacklist if you prefer).

When we launch a new project, we expect our hire to follow the list. Since many arrive with installed programs, we test those while closely track their use. By the time the project wraps, the new programs will be on one list or the other.... 


File Extensions and File Formats

Powered by: