Saturday, February 23, 2008

what is a blacklist?

a blacklist is, simply put, a list of known bad things that we would like to avoid, block, weed out, etc... a blacklist is generally used in situations where everything is allowed by default except those things on the list... this is sometimes referred to as 'default allow'...

a classical real world example would be the TSA's no-fly list, an example that's often dredged up to support the argument that blacklists are themselves bad... another example would be the registered sex offenders list, a third would be the list of things you shouldn't take when you're pregnant, and a fourth would be the list of things you tell your child not to do... the argument against blacklists in general starts to fall down when you start to consider those kinds of examples - whether a particular blacklist is bad or not is not determined by the mere fact that it's a blacklist...

in the anti-malware context, the most well known example of a blacklist is a known-malware scanner (more commonly referred to as a virus scanner)... that's just a blacklist of bad programs, however... you can also have lists of bad behaviours, behaviour combinations, bad websites, bad (spammy) words in emails, etc...

back to index

0 comments: