Re: code by known malware authors
Within a secure network, regardless of credentials of the user/admin trying to run something, refuse to run any code other than by whitelisted authors.
For that application, code signing is far more reliable, simple, and scalable.