I still believe blacklisting is the best way to go.
Whitelisting has many disadvantages.
Whitelising on works on digitally signed files-
many vendors don't sign all of their files especially open-source freeware. Therefore these files always get flagged as false positives. Even Microsoft don't digitally sign all of their files.
A lot of drivers for video graphics, sound cards and other third-parties don't digitally sign their files either.
So why wouldn't vendors sign all of their files? because it costs money to do so.
The files have to be digitally signed each time the files update to new versions.
Whitelisting is better for paid software but bad for freeware.
Freeware vendors like NirSoft and many vendors on Sourceforge have had so many problems with security software flagging their products as malware because of whitelisting.
Yes whitelisting offers better security but at a disadvantage to free software developers and novice users who don't know how to tell the difference between real malware and false positives.
This could also cause an increase in prices for paid products and slower development for freeware because vendors would feel obligated to take more time making sure their files were digitally signed to avoid detection of security products.
It is also impossible to keep an updated whitelists since it will have to be much larger than the blacklists. There are more safe files than malware files.
Good concept, but I don't think it will benefit in the long run.
Thanks.