We know that...
However, there is additional concept of white listing all operating system's files and not allowing any other applications to run, e.g. Bit9 Parity product.
It can prevent from unauthorized applications to execute.
If the operating system is already infected, the malicious activity will continue to operate.
- If the protection is based on MD5 hash, it can be bypassed using MD5 collision attack.
- Sometimes runtime environments might be used for malicious software execution, e.g. if Java Runtime Environment (JRE) is installed on the operating system, then malicious java code can run (currently still work on Bit9 Parity).