Thanks for adding them, Nick. I see from the 1.1.1 release notes that you also added JS, JSE, and PS1 on top of the Windows default list of 30 executable file types.
by default %programfiles% and %programfiles(x86)% are whitelisted, so for most users pretty much that's exactly what they will do with Lockdown, launch it click Enable and that is all that needs to be done. Granted you do need to worry about specifically whitelisting programs not installed to those locations, which are few if any for most people, and actually it wouldn't be a bad feature idea to add an automatic scan for them since some apps insist on running from nested %appdata% folders...
I'm interested in where you can you get a code certificate for $99? My renewal is coming up and I'm paying $699/annual for a extended validation cert; I'm willing to consider a standard cert but even they are $499/annual. Buying a 3 year cert provides very little discount... that 3 year ev cert on Lockdown and my other apps is a $2000 deal.
That's a yearly cost, but you only need to keep renewing if you are signing and releasing new apps or updates. Existing apps you've signed will remain valid if if you don't renew your cert (unlike websites etc.)
Also, it seems that the LARGE cost for the EV certs is only really needed for things like Windows drivers.
wow, I hadn't researched in a while, but that looks sketchy. I purchased one that cheap some time around 2011 and the company ended up having certs revoked and went out of business, and the next best thing I found was digicert at a fraction of the cost of the comodo and the like.
they do have EV for $350/annual or $750/3 year cert so I might try that it is certainly cheaper than digicert.
and yes EV is good for more than drivers, it allows EXEs to bypass smartscreen prompts that would otherwise trigger on standard certs that have to go through reputation checks in smartscreen.
not quite "two billion" lol and the cheapest I know of is Digicert. You're looking at $499/year or$699/year for the extended validation cert (this is a higher quality cert that passes more security checks.) What is this validation you ask? All kinds of identity verification on the business and it's owner to ensure they are who they say they are and they are located where they say they are. The idea is that bad actors aren't willing to pay $$$ annually for any reason much less to expose their identity. Lockdown uses the EV cert.
SRP isn't Applocker, and Lockdown IS in fact digitally signed... By your rationale it would be a bad idea to use most any software worth using. Also what if the tool were open source would you use it then, or would you not be able to "verify" that I wonder. Not everyone can verify PS scripts either, so what would be the recommendation for those who couldn't?
