Several problems spring to mind immediately:

1) Who decides what goes onto the whitelist?

2) How does the whitelist get updated when patches are released?

3) How much bandwidth are you willing to throw at downloading new signatures for "allowed" binaries?

4) This doesn't help when it's an allowed binary that's got the problem (e.g. if javascript can send your username/password to a website without coming out of IE to do it).

There's a similar style solution that IS in use, that of signed binaries. Something like the iPhone has this already (although with the ability to get anything signed for $100, it's not much in the way of security), and I've seen people doing projects at university to add this to Linux (a long time ago).

You still have the problem of getting everything you need signed, signed. There are so many applications out there that this is a major task.