Winternals has launched a new product that will let sysadmins sensitively monitor and whitelist all applications running on PCs, allowing only chosen ones to run.
Called Protection Manager, the software also allows you to assign privileges to apps rather than users at a granular level, so for instance an ordinary user can run a legacy program that needs certain admin rights without that user also gaining admin privileges.
If an application is not on the approved list - or has been specifically blacklisted - then it will either be blocked or need to be given permission to be used. It stops malware too, the company said, because it blocks unauthorised downloads from running.
"A lot of companies do white-listed applications - we have white, grey and deny lists," said Winternals VP Mike LaPeters. "The problem is building the white-list, knowing all the apps a user needs, and letting the user request permission for something new in minutes."
Protection Manager starts off in silent-mode and is only locked-down once the system's application mix has been assessed. It also compares apps against digital signatures or hashes, to block spoofs or modified versions.
"The first problem is cultural - how do you avoid people feeling locked down?," LaPeters said "We watch what people execute and don't block anything, the administrator can then sort through the list of applications and allocate them to a white-list.
"Plus, some things need administrator access. So we elevate the rights of the application to admin level, but not the user. You can do the same thing with Microsoft's group policies but it's not as easy to manage."
If a user tries to use a new app once the system's locked down, a box pops up saying 'This application has not been approved for use, would you like to request permisssion to use it?'
You can also allow a one-time run without white-listing, and there are levels of escalation for permission requests. Approval rights can also be delegated to people within departments.
LaPeters acknowledged the similarity with personal firewall software, but said the important thing was that Protection Manager made admins responsible for deciding what can run, not users themselves. He added: "This is different from signature-based malware detection or IPS - it is more proactive than reactive."
Winternals develops system software for Windows, and was the first to announce the 'discovery' of the Sony rootkit. It is also the company behind the popular Sysinternals freeware site, offering tools such as Process Explorer which replaces the Windows Task Manager.
Protection Manager is $250 for a server or $25 a client - "We see it between backup and AV software on price," said LaPeters. He added that the company is recruiting technical resellers to target the UK, as it reckons there are a lot of areas where customers might need help, such as running in silent mode or setting up roles.