The practice of 'whitelisting' is actually one of the original computer security models. Twenty years ago, computers and devices used to arrive with all features, services, and ports turned off by default and that's where they stayed until someone enabled them through the process of whitelisting, which allowed only the running of known or good applications and features. Computers no longer arrive at our business or in our homes with all features locked down. Rather, they are now delivered with everything open and enabled. The idea of an application whitelisting approach to security seemingly all but died. What happened? Why was this effective security model all but abandoned? More importantly, why is it now coming back?