WebMonitor4
Maybe its time for users/surfers to acknowledge download executable or other potentially dangerous file formats download
same way as Vista does when user starts application.
We are using Gfi WebMonitor4 which on gateway detects payload hidden in http and asks user for interaction if executable is detected.
Administrator on gateway can select which file types and sites are OK same way as firewalls are enabling ports.
Vista’s problem is that approving is not customizable so attacker can copycat it and trick user to click on such approval but I guess this would be tackled
when first such exploits will be found in future.
IMHO this without any AV will catch ~60% of all web based exploits ... wouldn't catch 0 day exploits, which contain malicious payload directly in exploit
Hey but my comment is biased so take it with care ;)