The endpoint and the end user continue to be the weakest links in most security infrastructures. Commonly used as a security tactic, blacklisting looks at known pieces of malware and adds to a list those bad applications from which users should be denied access.The problem with blacklisting, said Dodi Glenn, vice president of cyber security at PC Pitstop, is that anything else is considered unknown and therefore is able to be accessed."Application whitelisting is used as a proactive detection method to prevent ransomware," Glenn said. "It's the complete opposite of blacklisting. If an app is not on the list of known good files, it doesn\u2019t get to run."Because anything on the list theoretically should\u2019ve already been vetted, only trusted apps are available to run. "The unknown on a blacklist can run; however, the unknown on a whitelist cannot run until it\u2019s determined good," Glenn said.By way of example, Glenn explained that there are sundry vulnerabilities in Flash, and a lot of ransomware creators are tapping into those vulnerabilities. The end user then\u00a0downloads a PDF, the exploit is run, and the payload actually happens and produces.With application whitelisting technologies, though, the vulnerability will execute but the payload won\u2019t run.[ ALSO ON CSO: Deploying application whitelisting? NIST has some advice for you ]"It\u2019s OK for the exploit to run because the ultimate payload can\u2019t run," Glenn said.Some application whitelisting technologies will actually do monitoring of \u2018good\u2019 files to make sure it doesn\u2019t go awry and do something weird. For example, "Adobe should never do X,Y, Z, and memory monitoring capabilities watch for those anomalies," Glenn said.While application whitelisting is not very new, it has been improved. "The big challenge people faced was with its usability and manageability," Glenn said.Traditionally, antivirus was able to set and forget, but the problems came when software that was good but had never been seen before was unable to run. "Let's say a doctor's office was using a custom billing software. It may never have been seen by an admin and now your system can\u2019t perform your billing procedures. That can impact the flow of business," he said.When left up to IT admins, application whitelisting proved to be a lot of legwork. "It\u2019s a lot of legwork for the IT guys to get things up and running. The leg work is what is being changed for the admin," Glenn said.\u00a0With global whitelisting of applications, everybody globally gets a copy of it so that the same software that doctor Joe and doctor Bob use is globally good.According to the Guide to Application Whitelisting from the National Institute of Standards and Technology, "Application whitelisting technologies are intended to stop the execution of malware and other unauthorized software."\u00a0Ransomware or any other malicious software, "If it\u2019s not on the whitelist, it's going to\u00a0block malware in the most general way possible. Traditional blacklisting has always been a cat and mouse game because the bad guys take a few seconds to change the code and now it\u2019s bypassed completely," Glenn said.When they change something in the file, what was blocked by blacklisting no longer exists for this new file. "Gartner has even come up and said there\u2019s too much turn over. The protection is in the whitelist because those new versions will never appear on a whitelist," Glenn said.Still, there are vulnerabilities in whitelisting. "There are some areas that can be improved, specifically in scripting languages. You can\u2019t whitelist a document. There are malware that are purely script based, though not as common. That is a little more difficult," Glenn said.Because you can\u2019t whitelist a script, Glenn said, that\u2019s a battle that you\u2019ll never be able to win. All you can do is protect yourself in the best armor and try to anticipate the tactics that your opponent will bring to the battleground.