As the battle to prevent spam raged in the past decade, vendors developed many schemes for managing your inbox. The one we preferred for our small business computer consulting customers was the method referred to as whitelisting. The beauty of whitelisting is that only the email addresses that you say are OK get to drop mail in your inbox. The biggest hassle to this approach was that you had to know, in advance, from whom you might want to receive email. Even this got tackled by a few vendors who sent a challenge email in response to the first message from a new address. When companies with competing solutions started calling these challenges spam, the system started to fall apart again.

Today, the war against spam is about as effective as the war on drugs. Lots of talk. Lots of money being spent. Problem growing ever larger. But many of those same vendors who are collecting our spam prevention dollars are now turning to the whitelist approach that they derided for preventing spam and suggesting it as a useful way to keep malware (all those misguided software applications intended to do harm) from running on your computer. They want your network administrator to create a list of all the programs that are approved to run on your PC. Any other that you try to run, or that tries to run itself, will be denied. They figure this is easier than the current approach of trying to develop a blacklist of programs that should not be allowed to run. In order for this to work successfully, someone will have to spend a great deal of time generating and maintaining this whitelist. Right now there are thousands, perhaps tens of thousands, of software applications on the machines on the typical office network. Good luck!

Hopefully this switch to whitelisting will be a quickly passing fad – an attempt to offer something different to the marketplace. Otherwise, I’m afraid our war on malware will turn into a battle of slogans. Just say No.