This new approach manipulates executable file permissions to proactively allow, deny or limit the running of any computer program. Instead of trying to recognize malware, this approach uses whitelists, blacklists and policies to set Windows permissions for executables, even if logged in as an Administrator.
SecureWave's Sanctuary, Green Border Technologies' GreenBorder Pro, Savant Protection and Winternals Software's Protection Manager are some products in this category.
For example, Protection Manager uses Windows privilege levels to deny the running of an unknown application, run a known application with reduced privileges, or allow an application full access to files/directories, including operating system directories.
Letting a program run at a lower privilege level denies the program access to Windows system directories and files, for example. Doing this lets you allow Microsoft Word to have free access to all directories except system directories.
Beyond whitelists, Protection Manager works "on demand" to let users dynamically adjust an application's privileges, or (if desired) stop an application. Prices start at US$25 (£13) per managed computer.
When a user unwittingly clicks on a web page link that downloads malware on a machine protected by the software, Protection Manager intercepts the launch of the malware and prevents it from running. Its features can be managed from a central location, and it integrates with Active Directory to let administrators protect groups of users.
As if to prove the truth in good humour, Microsoft was so impressed with Protection Manager that it bought the Winternals Software company.