Application whitelisting is the holy grail of security, but it’s always at the top of the list of things people should do but haven’t yet. The reason is because it breaks stuff and it’s almost as impossible to anticipate ahead of time what it’s going to break as it is to fix whatever breaks.
I know. I wanted to do application whitelisting way back in 1997 and failed miserably.
I found a good-enough approach recently, though.
This blog post talks about an approach that uses App Locker, a technology that Microsoft released with Windows 7. App Locker isn’t perfect, but this particular approach is easy. While not as effective as full-blown whitelisting, it gives at least 70% of the benefit while taking less than 10% of the effort and cost of a better approach.
If I’d found that blog post a year ago, I would have gotten a much bigger bonus this past spring.
If you’ve been putting off application whitelisting but want to beef up your corporate environment’s security, a crash App Locker project is the best way to do it. You could have it implemented and deployed to a UAT group in less than a week to prove the concept.
It’s not a perfect technology but the benefits it gives by keeping unwanted software off your network more than outweighs the hiccups you have right after you implement it.
I don’t think this implementation method is really what Microsoft had in mind, but sometimes things work out that way. The technology is still present in Windows 10, so the work will transfer over when you upgrade to Windows 10 as well.