Comment Re:Hash (Score 3, Informative) 195
Exactly. Windows has a means of doing this built in from at least XP, but no app provided to automate it's management. You can setup the system so it will only execute binaries with approved hashes. Back around 2002/2003 we were playing with a program in house that would build a baseline of approved hashes on a clean system, then push that list out to our workstations. To get an app approved we would then fire up the clean box, install, update, push, etc. We never got it past the budget phase though, but it accomplishes exactly what OP is asking about. For point of sales terminals, etc that shouldn't be a moving target I'd say heck yes they should be in whitelist only mode.