Whitelisting explained: How it works and where it fits in a security program https://www.arnnet.com.au/article/6...d-how-it-works-where-it-fits-security-program
I have always used white-listing, I first started with System Safety Monitor and then I switched to EXE Radar. It's a pretty good way to block malware from running and even if they manage to run, they can't simply abuse system related tools, because that's monitored too.
For me it was: Process Explorer, System Safety Monitor, Malware Defender, SRP. I liked Malware Defender the most but don't use whitelisting approach at the moment.
So you have also stopped using SRP, that's news to me I thought you was a big fan of this approach? I haven't even used an AV since 2008, if you download apps from trusted sources you should be able to stay safe. I do use VirusTotal, but it's not bulletproof of course. And I rely heavily on behavior blockers like SpyShelter.
Yes I switched from whitelisting to blacklisting awhile ago. At the moment I see no need to use whitelist approach and prefer to just use set-and-forget blacklist solution.
That's my solution also due to its features and avaliable security profits - granular controll/rules and processes/locactions restriction are probably the most important.
I would love to use a blacklisting solution, but most if not all AV's are crap IMO. They are either too bloated and/or bad for privacy, I don't really trust them. Yeah, I always monitor apps for suspicious behavior. But advanced malware will probably easily bypass SpyShelter. And no matter what some "experts" say, I believe that outbound firewalls remain important, most malware will need to connect out.
Haha...finally...the voice of rationality According to SS...I know that's the very powerful app altough probably we could find malware able to break its protection but...at present I didn't see an examples "in the wild" or as a result of some tests.
Well, I still think SS should be improved, it should have the ability to automatically block process hollowing and malware trying to access browser data.
