Firewalls to block the downloading of executables?
At first glance this looks like a "magic fairy dust" solution for where there is no easy fix.
Presumably the answer to all attacks - as long as the firewall can:
(1) Identify all potential executables including interpreted scripts.
(2) Not block anything covered by (1) that you really do want to download.
I would be interested to know if this is a realistic proposal.