| ▲ | deltaknight a day ago |
| The EV cert system is truly terrible on Windows. Worst of all, getting an EV cert isn’t even enough to remove the scary warnings popping up for users! For that you still need to convince windows defender that you’re not a bad actor by getting installs on a large number of devices, which of course is a chicken-and-egg problem for software with a small number of users. At least paying your dues to Apple guarantees a smooth user experience. |
|
| ▲ | jonathanlydall a day ago | parent | next [-] |
| No, this information is wrong (unless it’s changed in the last 7 years). EV code signing certs are instantly trusted by Windows Defender. Source: We tried a non-EV code signing certificate for our product used by only dozens of users at the time, never stopped showing scary warnings. When we got an EV, no more issues. In case it makes a difference, we use DigiCert. |
| |
| ▲ | e40 18 hours ago | parent [-] | | Not true for us. We EV cert sign (the more expensive one) and my CEO ( the only one left that uses Windows) had this very problem. Apparently the first time a newly signed binary is run it can take up to 15 minutes for defender to allow it. First time I saw this, it was really annoying and confusing. | | |
| ▲ | jonathanlydall 16 hours ago | parent [-] | | Interesting. I regularly download our signed installer often within a minute of it being made available, never noticed a delay. Maybe it’s very the first time Windows Defender sees a particular org on a cert. I renewed our cert literally on Friday, tested by making a new build of our installer and could instantly install it fine. You sure there was no other non Windows default security software on your bosses machine? | | |
|
|
|
| ▲ | ryandrake a day ago | parent | prev [-] |
| Wow. I haven't written software for Windows in over a decade. I always thought Apple was alone in its invasive treatment of developers on their platform. Windows used to be "just post the exe on your web site, and you're good to go." I guess Microsoft has finally managed to aggressively insert themselves into the distribution process there, too. Sad to see. |
| |
| ▲ | jeroenhd 16 hours ago | parent | next [-] | | > Windows used to be "just post the exe on your web site, and you're good to go." That's also one of the main reasons why Windows was such a malware-ridden hellspace. Microsoft went the Apple route to security and it worked out. At least Microsoft doesn't require you to dismiss the popup, open the system settings, click the "run anyway" button, and enter a password to run an unsigned executable. Just clicking "more details -> run anyway" still exists on the SmartScreen popup, even if they've hidden it well. Despite Microsoft's best attempts, macOS still beats Windows when it comes to terribleness for running an executable. | | |
| ▲ | ryandrake 9 hours ago | parent [-] | | I just wish these companies could solve the malware problem in a way that doesn't always involve inserting themselves as gatekeepers over what the user runs or doesn't run on the user's computer. I don't want any kind of ongoing relationship with my OS vendor once I buy their product, let alone have them decide for me what I can and cannot run. |
| |
| ▲ | etbebl a day ago | parent | prev | next [-] | | I get that if you're distributing software to the wider public, you have to make sure these scary alerts don't pop up regardless of platform. But as a savvy user, I think the situation is still better on Windows. As far as I've seen there's still always a (small) link in these popups (I think it's SmartScreen?) to run anyway - no need to dig into settings before even trying to run it. | | |
| ▲ | Archit3ch an hour ago | parent [-] | | Are you sure? I had not used Windows for years and assumed "Run Anyway" would work. Last month, I tested running an unsigned (self-signed) .MSIX on a different Windows machine. It's a 9-step process to get through the warnings: https://www.advancedinstaller.com/install-test-certificate-f... Perhaps .exe is easier, but I wouldn't subject the wider public (or even power users) to that. So yeah, Azure Trusted Signing or EV certificate is the way to go on Windows. |
| |
| ▲ | a day ago | parent | prev [-] | | [deleted] |
|
