From default restriction to explicit permission of activities
Conventional programs can stop only known malware but are defenseless against new and unknown malware. Application whitelisting technologies hava a different approach:
Rather than blocking malicious files and activities, only permitted activities are possible with this technique. The definition of allowed activities is realised through whitelists. Only files with known and correct hash can be executed. Therefore only permitted and known processes are executable. These processes again can only access files and network connections which are known and permitted.
PSIsecure offers a recording mode to tape all activities that take place. They are taken for an automated generation of whitelisting rules.
Further advantages of application whitelisting are the small footprint of resources and the possibility to integrate legacy systems. The fact that no pattern update is necessary is important for closed systems like control systems.