About a year ago, while I was still working for my previous organization, I was put on a committee to help address the issues of people installing unauthorized software on the computers in our enterprise. The main concern was malware and spyware that could be used to gather passwords and/or sensitive data, but the approach to the problem was pretty random-- pretty much a black list of the top twenty malware programs to scan for over the network. Since malware programs appear/disappear/evolve on a daily basis, there's a good chance that we would miss something.
Naturally, I suggested inverting the paradigm and using a "white list" approach. In other words, come up with a list of authorized programs and treat anything that wasn't on that list as a matter for further investigation. If it wound up being a benevolent program (i.e. they are using OpenOffice instead of Microsoft Office), then it gets put on our "white list" and will be ignored next time.
Naturally, my idea was shot down before it was even given a fair shake . . . it was too difficult for our organization to come up with a "white list" of authorized programs, blah blah blah.
Needless to say, (but I will anyway) Symantec is now saying that the paradigm for Internet Security should shift from a "black list" approach-- which has the potential to be infinite-- to a "white list" approach (which could be large, but should still remain finite).
Three words: Told. You. So.