Our colleagues over at InfoWorld took a look at six of the top application whitelisting solutions in the market. Here are their findings:
Application whitelisting in Windows 7 and Windows Server 2008 R2 Microsoft's AppLocker, the application control feature included in Windows 7 and Windows Server 2008 R2, is an improvement on the Software Restriction Policies (SRP) introduced with Windows XP Professional. AppLocker allows application execution rules and exceptions to them to be defined based on file attributes such as path, publisher, product name, file name, file version, and so on. Policies can then be assigned to computers, users, security groups, and organizational units through Active Directory.
Application whitelisting review: McAfee Application Control McAfee Application Control 5.0 (due out Dec. 15) is the result of McAfee's acquisition of Solidcore and the integration of Solidcore S3 Control with McAfee ePolicy Orchestrator (ePO). McAfee Application Control rivals SignaCert for the broadest client support among all the products in InfoWorld's review. It also boasts write protection and ownership protection of whitelisted files, good reporting and alerting, and no significant cons.
Application whitelisting review: SignaCert Enterprise Trust Services SignaCert was one of the first whitelisting products available, and it now boasts more than 1 billion predefined file signatures as part of its Global Trust Repository service. It also offers file authenticity ratings, wide platform support, extensibility through XML, and excellent documentation. SignaCert's significant weakness is that it does not natively block file executions -- the only product in InfoWorld's review that does not include this ability as a standard feature.
Application whitelisting review: Lumension Application Control Lumension Application Control is a strong whitelisting solution with broad file coverage, excellent reporting, and a complete set of Windows file definitions that can be used to spot potentially troublesome changes to system files. Its one noteworthy shortcoming is the inability to create whitelisting rules based on the digital signatures of application publishers.
Application whitelisting review: CoreTrace Bouncer CoreTrace's Bouncer 5 is application control and more. Bouncer is the only product in InfoWorld's review that successfully protected against buffer overflows. It also offers unique write protection of whitelisted files and does a nice job of handling updates to controlled applications.
Application whitelisting review: Bit9 Parity Suite As many product vendors can readily tell you, this reviewer is the ultimate computer security cynic and a tough writer to please. I'm unsparingly critical of overhyped products. Although I've evaluated a number of excellent products over the years, I've never given a perfect 10 in any scorecard category -- until now. Bit9 Parity is one of the few computer security products that, if deployed in your Windows environment, will radically and immediately reduce your enterprise's level of security risk. It's not perfect, and it did not score a perfect 10 in every field -- but it earned the highest score this reviewer has ever given.