I've noticed that some firewall/HIPS combos, particularly Privatefirewall and Outpost Free, have trusted digital signatures for certain vendors. In Privatefirewall you can supposedly remove the exceptions, but exceptions will in fact remain even after "removal"; in Outpost, as far as I can tell, you simply can't even pretend to remove any of them. Is it just me, or is this a bad idea? How hard can it be for a malware writer to forge a "valid" digital signature, bypassing the execution control complete? Have there been any ITW examples of such?