Military computers soon will be programmed to carry out only administrator-approved software applications in certain parts of a computer, part of the Defense Department's approach to the application whitelisting strategy that focuses on where downloads are permitted to launch in a system, according to Pentagon officials.

It is meant to be a relatively cost-efficient protection against downloads that antivirus programs fail to catch as threats. The approach developed by the National Security Agency (NSA) essentially blocks every application from running until a network administrator has approved, or whitelisted, it.

NSA's approach lets administrators focus their efforts on fewer possible entry points for viruses, thus lowering the time involved in installing new applications. NSA is currently arranging for the baseline configurations of all new Defense computers to use the tactic, an official says.

This strategy already has blocked one kind of worm that antivirus programs failed to catch. An email attempted to install malware, and on the newer baseline computers, the administrators could view this malware, whereas on the older models, the antivirus was unable to protect against it initially.