"This app may harm your device"
Should first come up when you try to install Windows 10.
A developer of a Windows utility has protested that "Microsoft Defender SmartScreen is hurting independent developers" because of the number of warnings and obstacles placed in front of users who download installers that are not signed or sufficiently well known. Tony Pottier is the developer of ImageView, an alternative to …
Devices can be reinstalled and will be fine. It is us, the sorry folks "which do the computer thing", I worry about. What has been seen (er experienced, in this case), can not be made unseen. Though swiss chocolate and Islay malt seem to help (me, so far).
Most applications don't need to open files except the ones the user chooses through a standard dialog box, or access random internet addresses without user interaction, or create dubious constantly-running background processes and "auto updaters", or silently raise their priority or privileges.
Computer science long ago reached the point at which it should be possible to run random applications that meet those criteria in a safe and secure manner. And indeed, that it should rarely be necessary to run applications that don't meet those criteria.
You'd think modern operating systems (and I'm not just looking at Windows) might possibly have caught up with this by now rather than desperately trying to patch up their 1960s pre-network, timesharing model of "security" with anti-virus software and code signing.
Have you tried Qubes? It's a hypervisor-as-OS concept, with each windown on your screen having an unforgeable coloured titlebar indicating which "domain" it is from. So my private GPG key is in a domain which doesn't have access to the internet or usb and none of the other domains have access to this domain's storage. I browse some of the more disreputable parts of a using a VM which disappears when I stop browsing. Intermediate levels are used for banking, work, and personal computing - have a play with it when you have a spare hour.
> Intermediate levels are used for banking, work, and personal computing
Can you set the browser in the 'banking' level to only go to the bank's website and nowhere else? So that you can't absentmindedly forget and go to El Reg from the wrong level, for example.
Each 'level' is really a different VM so try configuring it as you would on your own computer: Limit internet to one site.
But the problem here is that the standard file selector dialogs just return a path and filename and let the application deal with them however it likes. Until those dialogs are changed to return objects that represent the files the user chose (and provide no other way to access the file system outside of the application's install and scratch directories) we are stuck with add-ons and workarounds to flawed security models.
That's precisely what I mean: it's not as if we haven't been wrestling with potential network-borne malware for more than a decade now, there's been plenty of time for evolution of this kind.
You could even make the dialog backwards compatible by creating a temporary ACL permitting access only to the named file identified by the dialog for the duration of the application's execution, though we should by now be beyond that point. We're using the add-ons and workarounds to justify the status quo, not as a short-term bridge to a better solution.
"Most applications don't need to ..."
I think that one is "citation needed" but even if it is true it is not relevant. If you have existing files, written by some other app, my malware can offer to do something helpful with them. That's quite a common pattern for utilities. They provide that little extra feature or capability that wasn't provided in the original app, or they bring together two apps to increase the value of both.
Of course, once the end-user has helpfully pointed me in the direction of some data that I know how to compromise (Thanks, end-user!) I can update it and "helpfully" introduce some vulnerability that my friends can exploit.
"their 1960s pre-network, timesharing model of "security" ..."
Don't hold your breath on that one. The fundamentals haven't changed. If you lose physical security, it's game over for the hardware. If you run un-trusted code, it's game over for that security context. Sadly, the solutions available haven't changed either. There's still no way to establish trust between two parties that know *nothing* about each other. Certificates are an attempt to provide *some* trustworthy background information, but the actually trustworthiness of the various CAs over the years has been patchy.
There are a few problems with this concept, and we can see it on platforms that do have that functionality. I'm thinking of basically all smartphones here. Here are a few of those problems.
First, it reduces functionality. I may get a couple files containing data from a website and save them to disk. Then, I open one or more of them in a text editor and type into them. Then I open them again in a different program which reads it and summarizes the data for me in graphical form. I save the image file of that graph, open a presentation program, and add that file to a presentation. I copy that presentation file into another directory, this one on a network-connected drive so I can pull it up elsewhere. When I have to fight every app to store that file in a location that every app can read from, it's quite the hassle. This is why IOS doesn't work so well for all use cases. It can function fine if you do all your stuff in one app. It can function with difficulty if you use multiple apps but they all support Apple's files system and store their files in those generally-available directories. If only one of your apps stores all its data in app-only storage, you end up fighting the system to move the data around so you can use multiple apps.
Second, it doesn't really fix the security problem. Reading data off disk is bad, and it can at times be worrying. Some other things are much worse. Reading the contents of memory, modifying the contents of memory, activating cameras and microphones, using the radio hardware to fingerprint the device, etc. Limiting disk access doesn't fix this, and if it leads to less effort on general security, that can be bad.
This isn't to say that disk sandboxing is a problem, because it isn't. But we already do disk sandboxing. Usually, it's done between user accounts, and the disks internal to user accounts are considered open to all user processes. I wouldn't mind if we moved that one level down, so users could indicate they wish to sandbox certain programs and not to sandbox others, and I wouldn't mind if we turn that on by default. Eliminating the open disk, however, will break a lot of functionality. Even if many users didn't notice it, many others would. The workarounds created by some operating systems are often frustrating, inefficient, and counterproductive.
The problems stem from the origins of Windows and how Microsoft have refused to improve anything much on the application management front other than make the entire thing an even worse spaghetti mess than it was before...
Microsoft Windows originated as a single user, wholly trusted non-networked windowing environment. From the start, there was no concept of even remotely effective library management, and definitely no concept of secure library management but this is almost forgiveable at this point in time.
As time progressed PCs became networked, although Microsoft tried to fight this as much as possible until the were forced to because otherwise the potential for centralised identity management and the server infrastructures would disappear outside of Microsoft's remit. There was still no concept of local user security though and any user had complete access to the system, the only things secured were server based. Library management and application management was still a mess, with a horror mess of mixed application code, data and configuration settings.
With 32 bit Windows Microsoft had an opportinty to separate data from application code and to enforce some basic level of user access management and to add library management. Naturally, they didn't and Microsoft's applications still to this day store data files in the program files path. As for a safe way to update applications? Nope, not present either. Along the way Microsoft intentionally commingled their applications with Operating Systems in order to maintain application as well as operating system monopolies - this really didn't help security either.
Security is something that is very hard to retrofit; it really must be built in from the start. Microsoft has done an appalling job of transitioning to better security, although it does have to be considered that backwards compatibility is important too. Applications and their data should be entirely, 100% separate from the Operating System that happens to be hosting them. Things get complicated when it comes to applications used by multiple users on a system, as in is the application available to all users on the system, some, or just one? The same goes for the application's configuration files and for any data that it may require or generate. None of these are unsurmountable but even now are neither defined nor catered for at the Operating System level, everything is some kind of bodge, kludge or work around.
...and as for code signing? It does nothing more than indicate that the author paid for a certificate and signed the resultant code. It specifically does not gaurantee that the application does or does not do anything in particular, malicious or not.
The click 'more info' stage is going to stop most normal users, even if it wasn't deliberately low contrast and easy to completely miss it doesn't really hint it will bypass the block.
So many less friends & family demanding free computer servicing. I'll put up with the annoyance and Firefox skips the 1st half of the obstacle course anyway.
>The click 'more info' stage is going to stop most normal users, even if it wasn't deliberately low contrast and easy to completely miss it doesn't really hint it will bypass the block.
I think this deception and deliberate hiding of legitimate options is a big part of the problem. Yes, we want to stop users simply repeatedly clicking 'OK', but what Windows does, does verge on the stupid. I use Remote Desktop Connection a lot, so I've created connection configuration files accessible from the desktop. Windows insists because these files aren't signed they are potentially dangerous so pops up a warning everytime I use them. Seen similar problems with Powershell batch command files (although in this case I could run the individual commands but didn't have permission to run the commands from within a batch file I had created...)
Don't count on it. Apple did a similar thing a while ago, where if you attempted to run an app that wasn't signed, they'd claim there was a problem and refuse to open it. It was very deceptive, and no "more info" present. However, if you went to system preferences, security, and clicked an open button in there, it would still work. I cannot count the number of people I had to tell that to when that particular feature got rolled out. Everyone with applications that didn't come from the app store was on the phone to me asking why the apps were broken and how they could fix it. I'd expect you will start to get those with Windows users too.
Also, if you double click there is no option to override Gatekeeper, but if you right click then choose Open there is.
Whoever thought of that hadn't read Apple's own UI guidelines, it should have been something like shift-double click or holding down shift in the context menu to get Open Overriding Gatekeeper.
Well, to be fair, everything in Windows 10 requires more steps than before. For instance, to set your default printer used to be start -> devices and printer -> right-click your printer and click set as default. Now ... start -> settings -> devices -> printers & scanners -> click your printer -> manage -> set as default printer -> yes to warning that Windows is no longer managing your default printer. What was once 4 clicks is now 8.
Yes, but if windows is managing it you don't need to go in there and set a default at all.
You just select the printer you ant to print from when you're printing and windows remembers that choice for future.
So really, 4 clicks has become 1 additional one within the print dialog.
Unless you want to manually change the default and not have windows manage it which you absolutely can do, but it's probably not the case for most users.
Isn't that rather an edge case as compared to the number of users who remain in a fixed location? If so, then you're asking for an OS to be designed to cater to the edge cases rather than be optimized to benefit the majority - not really ideal, especially for an OS so often used by people with a lack of technical ability (please note: it was not I who downvoted you).
Hey, I own 4 Windows 10 laptops currently. A lot of people may own laptops but they did this due space reasons; it's a lot easier to own a laptop in a small apartment urban setting than deal with setting up a desktop (as industry sales numbers completely prove).
So many laptops do not travel much, and many that do aren't necessarily asked to remote print (because there isn't a printer at Starbucks :p ). My P71 workstation travels and it's not that much of a big deal to select the local printer, out of 4 possible options to me, when I connect to one of my possible location options. The other 3 stay in their locations and this isn't an issue.
I'm not saying that I don't understand the issue. What I'm saying is what is the percentage of overall Windows 10 users that are affected by this, and if the minority should an [mainstream] OS be written to take the minority's conditions into account. I guess there could be 2 different ways of handling the default printer - say one for Windows 10 Home users, who don't often move, versus a different one for Pro and up users - but that's a lot of coding to maintain, and I doubt many users have logged into Microsoft's support site to officially file complaints.
So if you want change, at the least you have to speak up to Microsoft and say something.
Actually, code had to be added in order to implement this fancy new printer management stuff and this extra code has to be maintained. All MS has to do is back off and there will be no extra code to maintain.
In the country where I was born, this is called "to hit your own jaw with a rock and then complain about toothache".
By the way, on my home computers this printer management was happily sending my printouts to OneNote so I was more than happy to calm it down.
Not edge at all. In fact it's very common. The average person has no clue how to make a printer the default nor switch between various printers.
It's a very common trouble ticket.
Move a department of any size, large of small, dozens or one person, and if there is a different common printer in their new area, every, single, one of them will have to be configured. Every single one.
And Microcrap has now made it harder.
Many setting can now still be set in Control Panel, and it usually sticks, but you now have to verify it propagates across the other setting controls.
I have never understood why MS require you to have admin rights to rename a printer on your own machine that you have added yourself (as a normal user) on a networked computer from the network or directory to something useful?
It's a lot harder when the printers do not have any helpful names and are the same models, so it can be quite a lottery as to where the print out goes if you have forgotten where HP3A7CBE is!
It's even worse when a networked printer is turned off for a while, then reconnected and Windows will identify it as a "new device" and install a new ****ing printer driver and printer reference in Windows, while retaining the old one. Now... is the working printer "Printer (2)", "Printer (3)" or has it reverted back to "Pritner" today? FFS.
Somehow I've even managed to get an old printer stuck and unremovable in the list of printers as well. OK, I could probably go on a hunt-kill in the registry but that's a bit tedious.
Along with the switching between settings and control panel for different features or advanced settings.
PNs are another one - used to be easy. You could just click the network icon and connect/disconnect your chosen VPN. Now it has to load up a new 'settings' page just to connect to a vpn.
Seconded, partly because, if you want to apply or change a screen saver, for example, that function isn't anywhere in the Windows Settings because it is still the old Win95 dialog box. The only viable way I've found to call up the dialog is to search for screen saver and hit the link - which makes creating a desktop shortcut impossible!
I have WRT Windows 10 reached the same state as WRT Brexit: I am totally Zen. In both cases, after a lot of initial hand-wringing and a number of anguished nights, I have accepted the inevitable and simply tried to mitigate things as best as I could. In the case of Windows 10 that meant a switch to Linux... so now I can lean back and enjoy the show. As to Brexit... my OH is French and as things have turned out, we'll be fine whatever the shambles factory in No 10 decide to throw at us.
Never attribute to malice that which is adequately explained by stupidity
While I personally believe that Microsoft have lost their way with Windows, as they seem hell bent on destroying a perfect reasonable operating system, I can't help wondering if there are some deeply dodgy business decisions being masked as incompetence. First they started removing non-MS programs with each 'update' and now they make it difficult to install them in the first place - or rather impossible for the less tech savvy. Next they'll be demanding that we rent our operating system and applications for a modest 30% cut.
Is is just corporate culture? Extinguish the competition? Make the plebs pay because we *need* our billions?
I too abandoned Win10 and switched to Linux because I'm able to. My friends have ended up with iPads.
While I personally believe that Microsoft have lost their way with Windows, as they seem hell bent on destroying did destroy a perfect reasonable operating system
FTFY, Microsoft should have stopped at Windows 7, 8 and 8.1 were abominations and 10 is only a small step back in the right direction.
Windows 10 is much easier to install on modern hardware than Windows 7 and an installed drive is portable across hardware. However Windows 7 is much more resilient to abuse than Windows 10. If you upset Windows 7 it will right itself. If you do the same thing in Windows 10 it might right itself but is just as likely to spiral into an unbootable system.
Never attribute to malice that which is adequately explained by stupidity
Adequately Explained is a rather subjective term. If that thing helps towards an agenda then attribute it to that agenda. Even outright stupidity may have been tolerated because it contributes towards an agenda.
The whole thing with viruses means the OS needs regular updates which mean MS have regular access to everyone's computers. Some updates maybe upgrades but generally over time your computer gets slower due to updates. The reason people allow this to happen is viruses.
...because if I don't then somewhere down the line will come the "I'm sorry, this developer hasn't paid sufficient tribute for you to install this application - you will use one of the pre-selected highly profitable (for us) alternatives". They can dress that in whatever language they want, but that's what the popup will actually say, and small development houses and open source projects will be snuffed out. No, you can't use this perfectly good free application, you're going to $CORPORATION and you're installing their awful bloated, add infested, spyware infested "alternative" because they paid to get in this store, and the foss project didn't.
I'm having none of it.
(Finally massively lost my temper with Windows and binned it at home last month. It's still on my 2nd disk in the assumption that I will eventually want to play DooM Eternal, but thus far I've actually not wanted to have to deal with the annoyance of booting Windows again to *do* that)
@theOtherJT
I don't have that game myself, but maybe this will help you play it without having to put up with Windows?
https://www.protondb.com/app/782330
Some non-compatible DRM was added (Denuvo), but there was a backlash from users and so ID Software removed it. The DRM was totally removed with an update and AFAIK is now playable on Linux. ID say that if/when they try adding DRM again in the future they will make sure that it doesn't affect single player. Meanwhile Denovo say "Denuvo Anti-Cheat will have Proton support out-of-the-box for releases beyond DOOM: Eternal". https://www.gamingonlinux.com/2020/05/denuvo-anti-cheat-is-doomed
They've already done it with DEVICE DRIVERS, under the excuse that it's "for your protection" or similar. Devs who do drivers, which is especially important for those who want to create a "software only" device (from MIDI loopback to a userland mountable file-system-within-a-file driver, let's say), *MUST* *NOW* pay the Micros~1 toll to get their drivers "signed" or else the end user must run in a "developer" mode (that's not obvious to get into, requires some power shell magic) and THEN see the watermark in the corner as punishment for having done so... [this started with Vista, but was optional for 32-bit until Win-10-nic, then it became mandatory, and now 32-bit is dying].
Point is this is a model Micros~1 put into place as a TOLL BOOTH for driver developers. Now it appears they're getting ready to put a TOLL BOOTH for APPLICATION developers, first by making it INCONVENIENT, and eventually, make it IMPOSSIBLE, to run a "not blessed by Micros~1" "app" that's not from "the store" - like Apple does. [and how many malwares have been 'missed' in their vetting processes, Apple, Micros~1, Android, all of 'em? False sense of "security" indeed]
At least with Android the steps to install a dev-signed APK aren't that difficult, but they still exist [which can still be problematic since the somewhat well known steps are different for several different Android versions].
What THESE "you must have US sign it and pay the toll" policies do, ultimately, is HARM INDEPENDENT DEVELOPERS and HARM OPEN SOURCE.
From the article: "The cost is trivial for commercial or well-sponsored projects, but can be a problem for small developers."
Exactly!
And you know, it's ONLY going to get WORSE. This article has made it clear, in my bombastic opinion.
I suppose Micros~1 could add a few extra steps to be even MORE irritating, not unlike those Mac vs PC ads that were often played on TV after Vista released... "Cancel or Allow" etc.. Only THIS time it would be "No, seriously, are you REALLY sure? We think you should re-consider this VERY carefully..." with a progressively more aggressive and panicky tone each time they pop up...
[The steps described by the article to install an un-blessed "app" appear even WORSE than the steps you must go through to add a non-microsoft-logon user to your Win-10-nic computer, something you probably DO want to do, by the way... [it helps protect against malware to surf the web as a non-priv user only, for example] and, worth pointing out, back a couple of years when THAT anti-non-microsoft-login policy first started, I often referred to the hoop jumping as "strong-arm tactics" - so what is THIS then, for application signing?]
"It's a deterrent to installation for sure, but the whole rigmarole can largely be prevented by signing code with a certificate"
"It's a deterrent to installation for sure, but the whole rigmarole can largely be prevented by downloading with a real browser instead of Edge"
There, FTFY.
I understand where Tony Pottier is coming from. He's written a great ImageView application, and he knows it does what its meant to, doesn't contain malware and that he's an honest guy.
But the snag is, no one else can assume this. There's a virus panic at some company in five years time and ImageView shows up on someone's corporate laptop. What are the IT department meant to think? Is it dodgy? Who knows??
At least for Macs, Apple have got this right. For £79 you can join their developer program - which, apart from everything else, gives you a Developer signing certificate you can sign as many of your applications as you want with. And that, coupled with their new notarization service lets you distribute trusted software to your customers that will run on their Macs with no warnings - without going anywhere near the Mac app store or paying anything else to Apple.
I wish Microsoft - and other compiler vendors - would do the same.
what do you mean ImageView shows up on someone's corporate laptop ? You don't call it corporate laptop if it's not properly managed. If the company believes there's business value in using that application, it will evaluate it, package it and deploy it in a secure manner.
If someone is looking at an application on a corporate PC and asks himself where the f%$k did this come from and is it dodgy, then there are a lot of people who haven't been fired for incompetence/negligence.
See, no need for Microsoft nanying on this.
As for consumers, put a switch deep in the registry that can allow a responsible user to have control of his Windows. Publish this and ask 7 times if he user really, really wants that, warn him he can't call for support, make him sign or take a solemn oath for that and we will never this discussion again.
You will be paid to use that computer. If you're not happy, change employer (or career altogether).
I'm doing this all the time, I don't like my corporate computer but, hey, I'm being paid for using it, so why not. Does this slows me in doing my work, I document the business case and I will leave it to management to make a choice. I'm not being paid to change the corporate rules.
As for your "special" developer needs, no problemo! You want to manage your own computer ? Fine! I'll dump its network connection on a separate, isolated network segment and you're on your own but please don't call for support.
I never had a problem managing my 350+ users in groups with granular permissions and that long predates the advent of Active Direc5ory and Group Policy. Spreadsheets had just been invented but I had made do with documentation in text files. Still not a problem with thousads later on when AD was all shiny and new.
"what do you mean ImageView shows up on someone's corporate laptop ? You don't call it corporate laptop if it's not properly managed. If the company believes there's business value in using that application, it will evaluate it, package it and deploy it in a secure manner."
You're right of course and for 90% of users that works fine. But there are always exceptions. Maybe the exceptions are carefully managed by Group Policy - but they're there nevertheless.
Funnily enough it always seems that 'Security' are the worst offenders. They give themselves permission to install some essential tool, and its still there years later - even after they're long gone and their laptop's being used by someone else.
"Funnily enough it always seems that 'Security' are the worst offenders. They give themselves permission to install some essential tool, and its still there years later - even after they're long gone and their laptop's being used by someone else."
Then the company needs to learn that when someone leaves and their computer gets reassigned, you erase and reimage it. That's basic security. It's been known for decades. It prevents software being left on the machine. It prevents random files that are not needed taking up disk space, or a broken OS update sticking around for years. Reimage when ownership changes, whether a personal or business machine.
Auditing and reporting is also a part of IT Security job. If they don't do it properly, again somebody (from their ranks this time) needs to answer some tough questions and face termination.
At my last workplace, any attempt to create a local admin account on a PC was automatically reported to our managed security services provider who was automatically opening a ticket in our system and somebody was supposed to remediate the situation. No need to mention that management had visibility of this process. For those who really needed local admin privileges, the exception was documented and re-evaluated once a year. It was not perfect but helped a lot.
They give themselves permission to install some essential tool, and its still there years later - even after they're long gone and their laptop's being used by someone else.
Whoa there! I'd expect any PC or laptop that is being reused to be reimaged with the current corporate OS build before being handed out to another employee. Not doing that is just asking for trouble, especially if you have users classed as 'developers' who can install pretty much anything they like.
If the company believes there's business value in using that application, it will evaluate it, package it and deploy it in a secure manner.
And then forget to keep it up-to-date, so users get some turd 1.0 version while the developer is going at 3.1... Seen this happen. Fortunately the company I work at has not tried to enforce downloading only from the "software central", and in any case I now run Linux on the work computer, which they are enlightened enough to permit.
For £79 you can join their developer program - which, apart from everything else, gives you a Developer signing certificate you can sign as many of your applications as you want with. And that, coupled with their new notarization service lets you distribute trusted software to your customers that will run on their Macs with no warnings - without going anywhere near the Mac app store or paying anything else to Apple. ... for one year.
If you don't rejoin then your cert expires and no one can install the app anymore.
Sorry - late response, but just for completeness...
The developer signing certificate you get from Apple is valid for five years - not one.
On Both Windows and macOS, the certificate check is only carried out when the application is first run. So previously installed software doesn't suddenly stop working when its signing certificate expires.
"At least for Macs, Apple have got this right. For £79 you can join their developer program - which, apart from everything else, gives you a Developer signing certificate you can sign as many of your applications as you want with."
Nope, that's just Apple doing the same thing. It's slightly cheaper for the certificate. That's all. Microsoft is also happy to let your stuff run if you pay a chunk of cash for the privilege. In fact, they're slightly better because they're not necessarily getting any of that cash, whereas Apple definitely is. The problem is that it requires developers to pay money annually in order to distribute software for free. Sure, it's not particularly expensive, but a lot of these developers, including the one mentioned in this article, are not making any profit off this. They may get some from donations, but it's not particularly fair that they need to pay Apple and cert providers to give away the fruits of their efforts. And of course, if they switch cert providers, previous downloads break immediately. If they stop paying, all downloads break immediately.
This might be excusable if doing this actually prevented malware, but because so many certs are issued, malware frequently signs itself because their authors are actually planning on making a profit so can fork out for a cert. As it is, developers are forced to subject themselves to a process that takes healthy chunks of money and still fails to do what it's supposed to.
How could this be done correctly? I suggest a very strict and scary warning message. How does this look?
WARNING. This program may be insecure and could put you at risk.
We don't know where this program came from. If you are not absolutely sure that it came from a reliable source, it's possible that it contains malware that could steal your information or cause problems to your computer. We suggest you do not run this program and delete the file. Please double-check the file and the location from which you received it to make sure they are trustworthy.
[Big button, set as default: Don't run and delete] [Medium-sized button: don't run] [small button over in the corner: Run anyway]
I'm good with that window. It can be helpful. But without that button in the window, including with that button technically there but purposefully hidden, they are preventing me from using the computer I purchased in order to get some extra money from developers.
"I wish Microsoft - and other compiler vendors - would do the same."
NO. It KILLS open source! And it's anti-freedom.
FreeBSD and LINUX do it right. NO restrictions, compile it yourself. No need to download binaries unless you really want to. And you can get them directly from the developers, or from the distribution's repository, alongside the OS itself. Vetting by peer review.
Android almost gets it right by letting anybody download the build environment and build an APK, and then a simple method [on newer OSs, was slightly more difficult before] of THEN downloading the APK onto the phone and installing it like any other application.
If you WANT that kind of "protection" (from pay-for certs by developers) it should be OPT IN ONLY, with NO strong-arm tactics to stop people from BYPASSING it. Worth pointing out, APKs are signed to prevent tampering, but by a key YOU create as the developer, not something you pay $$$/year for or "you must submit it with money to let US sign it for you, if we like it and do not want to block you publishing it" [or whatever].
Exactly. If you want to actually be in control of the computer you own, Linux, FreeBSD, NetBSD etc are the only option (or rather, an up-to-date option, you could also run MS-DOS, DR-DOS or very old versions of Windows... could be sufficient depending on what you do, I heard George RR Martin used MS-DOS and Wordstar to write the Game of Thrones books).
If you WANT that kind of "protection" (from pay-for certs by developers) it should be OPT IN ONLY,
In fact, you do get a certain degree of protection of that kind for Linux binaries, if you use only programs from the official repository of the distribution. These are signed. And it is definitely an opt-in mechanism.
"I wish Microsoft - and other compiler vendors - would do the same.
NO. It KILLS open source! And it's anti-freedom.
FreeBSD and LINUX do it right. NO restrictions, compile it yourself. No need to download binaries unless you really want to."
That's a red herring! You can download Xcode from Apple for free, use it to compile software that you've got the source code for and run it on your computers.
And for Windows you can download 'Visual Studio Community' - which lets you do the same.
The cost is part of the problem, but most of these certificate issuers also demand that you have a landline, listed in one of the official business directories they use. Unless you're a large company or a profitable malware developer, it's just not worth the hassle and cost to release on Windows these days. The easier money is in mobile.
That was one of the reasons I stopped developing application software for Windows.There just became too many obstacles (financial ones for me and over the top warnings for end users). If you are a low volume specialist indie developer, Windows just isn't a viable platform any more.
If you are a low volume specialist indie developer, Windows just isn't a viable platform any more.
Ever consider releasing for Linux then (yes, proprietary software has a place on Linux too, just don't make it impossible for system admins / users to sandbox your app as much as they feel they need to), or have you just switched to mobile?
Whatever version of Windows 10 this guy is using must be missing the 'Settings' option.
I can't remember offhand which box(es) you untick to make all the stuff he's whinging about never appear.
All I ever see is a single UAC warning. That can disabled as well if you want.
A quick online search and you're done. Still he'll be too busy using this an oblique way to promote his 'app' to bother with all that work.
You'd expect a 'computer savvy' person like a developer would know this kind of basic stuff.
>You'd expect a 'computer savvy' person like a developer would know this kind of basic stuff.
They might know all this stuff, however unlike many 'developers' they are thinking of their potential users/customers who aren't 'computer savvy' and are typically using Windows with the out-of-the-box default settings.
Whatever version of Windows 10 this guy is using must be missing the 'Settings' option.
I can't remember offhand which box(es) you untick to make all the stuff he's whinging about never appear.
[...]
You'd expect a 'computer savvy' person like a developer would know this kind of basic stuff.
So the choice for the average user is going into settings and clicking non-obvious places or responding to seven prompts, many in non-obvious ways.
Lucky we have you here to tell us it's easy, you just go into Settings and, er, oh. You can't remember off-hand.
I never see any of those warning.
I downloaded Inkscape not from the store so not signed through the new edge with out a warning the one and only warning was the unknow publisher.
Which is the same warning I have been getting the last couple of days with my companies software installers before I changed them to be signed.
Is my windows 10 broken ;)
It's not about whether a computer savvy person can get the program installed, it about whether I can get a 70 year old book keeper who hates computers to install the program over an email.
If I send her a link and say, install that, she'd do it if it was two clicks but she'd never manage the process that you now have to go through.
Let's face it, the only reason most of us use Windows is for the sake of the users we support. If we were not supporting others then we'd all be on Linux and run the odd Windows only program in a VM when we had to. As Microsoft makes Windows less and less viable for the ordinary user we may as well move them to Linux too.
Of course they can. Malware developers can get a certificate just like anyone else and generally speaking, their rewards make it much more worthwhile. Sure, they may eventually get their certificate blocked, whereupon they just create a new Ltd company and launch again.
"whereupon they just create a new Ltd company and launch again."
Yes, locking down the OS to "protect" us poor users from a computer virus does NOT work (ok it may slow things down a bit but not for long, as you've pointed out). In effect, the computer virus "finds a way" because, that's what it does. Well, the authors do, but still. And locking down the OS is a FALSE sense of security. But those in CHARGE of things, _WELL_, *THEY* get to claim they are "doing something about it", and putting road blocks between you and the computer YOU own and YOUR FREEDOM to use it as YOU see fit, is a big visible part of that. And inconveniencing YOU, the end-user, or even making it IMPOSSIBLE to use YOUR computer the way YOU want to, doesn't seem to matter to _THEM_... at least not in MY bombastic opinion.
icon, because, really, it deserves it.
"We counted seven steps needed to download and install the open-source audio package Ardour 6"
It took me six clicks from your page top get to the download page on Ardour's site.
I don't know how many clicks it would take after the because you have to enter an email address and wait for a link to arrive.
No ta!
I’m the CTO at a Kenyan ISP, registered with the Communications Authority, holding three relevant licenses, publicly available info. We are also an AFRINIC member, with IPv4 and IPv6 resources assigned to us, publicly available info. Yet it was easier for me to personally get a code signing certificate in Spain, than for our company (which was impossible and gave up), as we were not on “Dun&Bradstreet or other reputable public database” and “your information could not be verified”. Africa’s challenges that go beyond the usual crap are worth and article by themselves...
Because it cuts down on the stupid people installing bugs which is better for all of us. If you want an example the only time I have ever had to throw someone out my PC shop was during the Win 7 days, he bought a new PC and wanted me to install Limewire on it. I told him "The FBI shut down Limewire years ago, I will be happy to show you how bittorrent works but Limewire is long dead" so what did he do?
You guessed it, promptly went home, installed a malware program someone had stuck the Limewire icon on, when the AV told him plainly it was a virus he UNINSTALLED THE AV and then when he had his PC completely pwned and was so infested it couldn't even load a webpage he tried bringing it back and demanding I fix it for free. When I threw him out the shop he was screaming "It says right there that it is Limewire YOU MAKE IT WORK!" like a fucking baboon.
So yes people with a BRAIN can get around this, those like Limewire boy? Cannot which is the entire point! Microsoft has realized that there ware waaaay too many computer users that are "sniff your own farts" level of dumb and there is nothing they can do to raise their IQ so making a bar that the truly moronic cannot overcome? I support 110% if for no other reason so we don't get millions of PCs in botnets thanks to these geniuses.
Certificate signing doesn't stop malware. Anyone can get a certificate, either in their own name or the name of a limited company, and Windows will happily drop all the warnings and roll out the welcome mat. If I was developing some lovely money-grabbing malware, the first thing I'd do is register a disposable company and shell out for a certificate.