Application whitelisting

Application whitelisting is a computer administration practice used to prevent

unauthorized programs from running. The purpose is primarily to protect
computers and networks from harmful applications, and, to a lesser extent, to
prevent unnecessary demand for resources.
The whitelist is a simple list of applications that have been granted permission
by the user or an administrator. When an application tries to execute, it is
automatically checked against the list and, if found, allowed to run. An integrity
check measure, such as hashing, is generally added to ensure that the
application is in fact the authorized program and not a malicious or otherwise
inappropriate one with the same name
Blacklisting, the opposite approach to whitelisting, is the method used by most
antivirus, intrusion prevention/detection systems and spam filters. The
blacklisting approach involves maintaining a list of undesirable applications
and preventing them from running. However, the ever-increasing number and
variety of threats in existence means that a blacklist could never be
comprehensive, and as a result is limited in its effectiveness.
There is no consensus among security experts over which technique is better.
Proponents of blacklisting argue that application whitelisting is too complex
and difficult to manage. Compiling the initial whitelist, for example, requires
detailed information about all users' tasks and all the applications they need to
perform those tasks. Maintaining the list is also demanding because of the
increasing complexity and interconnections of business processes and
applications. On the other hand, proponents of whitelisting argue that it is
better to put in the work to protect systems in the first place -- and save the
resources required to deal with undesirable programs and the resulting
problems that the blacklisting approach fails to prevent.