I would like to see a couple of new features added...

First, when I begin a new program install I would like for DW to ask me if I want to install it as trusted or untrusted. Because it is sure getting old when another program tells me that it could not finish the install for some reason, so it breaks. Then I have to disable DW protection and start the install all over again. I then have to start DW protection again. It is a hassel to do that. Also, the entire system is at risk during that interim just because DW had to be disabled for the install. If DW would ask first and respond accordingly the install could finish without any problems and the system was never at risk.

Second, I have a lot of programs on this newly installed system, and that number is going to go up. The majority of my programs run untrusted because that is where DW put them. Consequently when I am through with email and browsing and I want to close all untrusted, any other program that is running also gets closed if it is untrusted. This is also an inconvenience. I would like for DW to ask me whether I want a new program to be trusted or untrusted.

In other words I would like for DW to show me that it trusts me to make such decisions about my own system. DW comes loaded with a predetermined list of the programs that do connect to the internet. That is good and I am glad of that. One of the things I remember running in the past is a program that searches your HDD for all the programs that have the ability to connect. Some of them really surprised me. But I don't remember what that program's name is. That would be handy.

I think this would make DW much more user friendly without making it less effective. Thanks! :thumbup:

If you prefer DW to trust your own decisions and if you really intend to install something (and you trust it), then you can simply right-click on the installer and selected "Run as trusted" to launch it. It seems convoluted that if you try to install a trusted program, then DW pops up a dialog box and asks you about it and you click "yes" anyway (because you trust it in the first place).

Oh, okay. Thanks Lu Chin.

Well, I may do it as an option, but not more (and this option will be switched off by default). That is all I can do. Anyway, I need more opinions on this as it is popup windows-based feature that are not very pleased by me as you know. :)

BTW, how to determine "new software"? By its hash, by its signature, by its path?

Hi Ilya, I think there can be an option to allow an auto trusted mode when a digitally signed file (e.g. from MS) when the executable runs. Some security programs like System Safety Monitor has this option.

Well, digitally signed executable could be malware if the signature is not signed by trusted digital signature vendor (some malware signed by self-generated sertificates).

I see now. Can the digital certificates that are used to sign executables be verified (say by querying the Verisign website)? For example, in IE I can see the detailed information of a https page by clicking on Properties, then I can see the information on the digital certificate used (e.g. name of issued company, expiration date, etc.). IE will even say if the digital certificate is OK or not. I guess if DW can find out if a digital certificate is OK or not then the idea will work.

Yup, but this requires Internet connections. This could be implemented with following versions of DefenseWall, but not with 2.0.