Malware is the key attack act in the cyber space.
Black list is used in anti-malware protection, anti-spam or web site filters for blocking the bad. This will require frequent update of the black list definition because new species will evade the filter. Then we don’t know what we don’t know.
To nail down to the scenario we know what we know, white list defines trusted components or connection and permits their execution. Examples are application white listing technology or firewall rules.
So, what about something in between? This is because either white list or black list demands regular definition update for effective protection. Sandbox technology provides an isolated environment to execute and observe behaviors of codes to determine if hostile or not.
The ideal solution is a combination of these technologies for best defense. Of course, this is still not 100% guaranteed to be cyber secure.