Skip Navigation
BlackBerry Blog

The 'Off White' List (or the Slightly Murky Brown List)

NEWS / 05.27.15 / Braden Russell

The early days of antivirus were easy. So little malware, so few signatures needed. You could even fit them on a floppy disk on the back of your monthly issue of PC Magazine. Then we built an entire industry around malware signatures. We built research teams, we compared DAT sizes. Everyone was jealous of each other.

But malware developers pretty quickly figured out how to maintain the lead in that arms race. Every year we saw an explosion of new malware that shocked and awed us. But we just kept throwing more signatures at it. That’s what we had. It’s what we knew. We worked harder, but maybe not smarter.

Then somebody got smart. What if instead of trying to block malware, we just block everything except what we know is safe, only allowing those files to run? Brilliant. There’s a limited set of known good applications, we whitelist those and malware can never run. Goodbye signatures, goodbye arms race.

Unfortunately again, it wasn’t so simple. This idea was perfect for fixed-function devices, or ones that we knew should never change. Most of us lowly users who actually wanted to use computers to get work done were stuck. That’s because software is constantly changing and new apps are released daily. Keeping up with that is no small tasks. It requires signatures.

So you either open up giant holes in your application control policy to allow software to update and administrators to make changes, or you rely on human analysts to review everything a user wants to run and allow or deny it. In either case, your whitelist isn’t really all that white anymore. There’s no telling what has wormed its way into that supposedly clean set of known good applications. Your whitelist is now a bit dingy, a bit murky.

But let’s not throw the whitelist out with the murky bathwater just yet. All we need is a way to make sure the whitelist stays white, and a way to keep users safe who don’t live in a fixed-function world. That’s what you get with Cylance Protect with Application Control. Application Control provides the peace of mind that once a known good configuration is locked in, it cannot be changed. Advanced machine-learning-based malware detection ensures that your whitelist is always pristine.

There’s no need for those giant security holes to let users in more dynamic environments get their work done. Holes so big that Arnold can drive his Hummer through them (sorry for the California humor). Cylance Protect already does that, in real time, before anything has the chance to run. One agent, one console. Math-based detection to keep you safe, Application Control for peace of mind.

So come on in. The water is fine. And still not a signature in sight.

Braden Russell

About Braden Russell

Fellow Emeritus | Advisory Board Member at Cylance

Braden Russell is an Advisory Board Member at Cylance, and the President and Founder of cybersecurity firm Boldend.