Security Assistant detects removable media immediately on insertion and blocks execution of all files until they are determined to be on the white list or not executable. Any executable not on the white list remains blocked. All insertions of removable media are logged, even if no executables are found. This avoids Wagner-type episodes.

Security Assistant detects all writes to fixed drives, blocks execution until, as above, the file is determined to be on the white list or not executable. If on the white list, integrity of the file is verified before it is released to execute (a few milliseconds at worst). If not on the white list, or if the integrity cannot be verified, it remains blocked and the Security Assistant user is notified. This avoids TJX-type episodes.

No file can execute until Security Assistant verifies both that it is on the white list and it has not been corrupted. This stops anything that might have sneaked through.

Security Assistant's white list contains all executables and shared libraries for the OS and all authorized applications. Each patch or update changes one or more of those files, so white list maintenance could be a nightmare except for one important feature -- as Security Assistant deploys patches and updates, it automatically updates each device's white list. Once it determines the deployment was successful, it removes the pre-patch versions of files from the white list; falling back to a pre-patch restore point will be immediately detected because the pre-patch files will no longer be on the white list and cannot execute. You'll never unknowingly drop a needed patch.