Attacks by malware usually work by getting a binary to be executed. Sometimes users are unaware that such binaries are being executed. The end result is that attackers can either compromise a system or get it to fail. One defence against such attacks is to ensure integrity of files [3]. A more comprehensive mechanism is binary authentication (code signing is also a form of binary authentication) which tries to ensure that any binaries loaded by the operating system and software applications are first authenticated [1], [2], i.e. the content of the binary is known and is trusted. To have full protection using binary authentication, it makes sense to have a default deny policy where binaries which do not pass authentication are prevented from executing. However, if an operating system employs mandatory binary authentication for protection purposes, the end result may either be not user friendly or not very usable. In this paper, we discuss the issues and difficulties of making binary authentication usable on the Windows operating system.