There are two basic approaches to blocking malicious software - the same two approaches used for blocking spam. You can "blacklist" those programs (or that email) that is known or suspected to be bad and allow everything else. Or you can "whitelist" only those programs (or messages) that are known to be good/safe and block everything else. There are advantages and disadvantages to both methods. The National Security Agency (NSA) has developed a whitelisting approach that will involve configuring military computers to run only programs that have been administrator-approved. One advantage is that it's a relatively inexpensive way to provide high security.
Read more here: