AppLocker, which is built in to Windows 7 Enterprise and Windows 8, prevents unknown programs from running unless installed or otherwise pre-cleared by an admin first. This provides tremendous protection against malware. Even antivirus companies are publicly saying that antivirus provides little protection against current malware. Rather than attempt to enumerate what's bad, application whitelisting technologies like AppLocker enumerate what's good, and deny everything else. This turns out to be a lot easier than it sounds.
Current Status
AppLocker policies are in place for most campus computers. The policy is maintained by Information Security.
References For Understanding AppLocker
- Application whitelisting explained
- Using Event Viewer with AppLocker
- Display a custom URL when an application is blocked
- Free, almost perfect malware protection with GPO AppLocker
- A pragmatic approach towards AppLocker policies
- DSD confirms: application whitelisting is the go
- AppLocker Guide for Technical Decision Makers
(Yes, AppLocker makes even more sense for servers, which run a more predictable set of software.)