| |
| ▲ | electroly 5 hours ago | parent | next [-] | | Perhaps not legally, but technically, you have an option: don't use the Microsoft Store. This isn't as wild a suggestion as it may seem to non-Windows users: the store is barely used by Windows users. You can get your own code signing certificate from a public CA, sign your own installer, and post it on your website. This is still the primary way that Windows software is distributed. Microsoft does not have a hand in any part of it; they can't cancel anything. Their only role is including the public CA in their root certificate store. If you're not shipping a kernel driver, you don't need Microsoft's permission for anything. You can still ship an .msix installer which is the same technology used by the Store. I recently de-listed my app in the store and closed my Microsoft developer account. I was wrong for having bothered with it; just a waste of my time for no benefit. Stick to your own deployment. | | |
| ▲ | trinsic2 3 minutes ago | parent | next [-] | | Yep. OS level stores are just way for the org to exercise control over installs. I have stay far away from that process for a long time. Apple MacOS seems like the worst in that department IMHO. | |
| ▲ | ComputerGuru 3 hours ago | parent | prev | next [-] | | It’s become neigh impossible to get your own code signing cert these days. The 2025 update from the CA forum required code signing certs to be short lived (no more three or five year certs) and stored exclusively on an HSM. As a result, most companies cross-signing these certs have moved to a subscription PaaS model where you are issued a cert but never receive custody of it, and perform signing via their APIs, and are at their mercy should they decide to block your account. Anyway, even if you could get your own cert it would be same thing: MS could revoke or blacklist your indicate cert (though usually the grounds for doing so are much less shaky than your account being suspended for vague “tos violations”) | | |
| ▲ | electroly 27 minutes ago | parent [-] | | I was afraid of the HSM at first but for an open source developer (rather than a big company) I found it wasn't a big deal. I can't sign in GitHub Actions and I have a USB stick that lights up when I sign releases, but it hasn't been a blocker. I got mine from Sectigo Store. This isn't hypothetical, I really did it, I've got the HSM, it works. It wasn't difficult. It just cost some money and a little bit of time. "Nigh impossible" is a tremendous exaggeration. I'll concede "annoying and expensive" perhaps. If you've got the money, you can get the HSM. You don't have to re-buy the HSM when you renew your certificate. The Microsoft Store account was painful to set up, I'll note. My developer account had also been cancelled by Microsoft for unknown reasons, and I ultimately had to set up a brand new one. New email, new name. My new account has my middle initial because I couldn't clash with the existing, closed account. My first and last name alone are banished forever from the store. The "same thing", as you concede, isn't the same thing. Quantity has a quality of its own: one happens all the time and we're reading an article about it happening right now. In the comments there's another prominent maintainer who it happened to, and it happened to me personally! That's three right here! The other happens so infrequently that people in this same HN thread are complaining that it isn't happening enough. Can you find an example that's like Veracrypt and WireGuard? In practice, it seems they rarely do this, even when they should. You can actually view the list under "Manage computer certificates" > "Untrusted Certificates." On my computer the entire list is 20 certificates. I'm standing by my suggestion, 100%. These aren't equivalent risks at all. |
| |
| ▲ | rkagerer 3 hours ago | parent | prev [-] | | Thank you for that. Although it may be unlikely, I'd love to see a mass exodus away from their failed attempt to emulate all the worst aspects of appstores popularized in other platforms. I grew up being able to download software and install it, and actually prefer that model (relying on reputational trust of the party publishing it, my own verification from other signals researched, or sandboxing techniques where appropriate). Most users may not be aware, but a rare gem of a version of Windows that refreshingly doesn't even come with the store (or a bunch of the other unwanted bloat) is IoT Enterprise LTSC. As a lifelong Windows user, the premise of Microsoft controlling what goes on my PC is revolting. I'm buying a tool from them, not a set of handcuffs. If it was some non-profit, open-source group running the store I might be more inclined to trust it. But ultimately the only gatekeeper on a product I own should be me. Otherwise I don't really own it, which leads to problems like this one. |
| |
| ▲ | shelled 10 hours ago | parent | prev | next [-] | | Realistically speaking - anything could be a reason. A shakedown or blocking based on some "nudge" (this might come across as tin-foiled though). Some flag/trip-wires going wrong, more worryingly due to a bug/false alarm - and this is more worrying because in this case semi-incompetent large orgs like MSFT find it really hard to accept it, fix, and move on. Some change in OP's account that either they don't see or haven't realised - some edge case, you never know. And of course, it doesn't affect their earnings and there are no consequence, or significant, so they won't care and won't respond or tell what went wrong. Can one move legally? Sure. But then it effectively is a combo of who blinks first and who can hold their breath longer. | |
| ▲ | politelemon 10 hours ago | parent | prev | next [-] | | This is a concern and risk that has realised itself multiple times over the past decades. There have been multiple stories linked to multiple developers in the past. If you publish to any closed platform including ios, mac, win, android, this is the risk you run and a condition of operating you will need to accept. | |
| ▲ | lossyalgo 3 hours ago | parent | prev | next [-] | | According to this: https://x.com/EdgeSecurity/status/2041872931576299888 > ...it seems like they instituted an identity verification policy, didn't notify me about it, and then I guess they suspended accounts who didn't do the verification. So, make sure you verify your account? Check spam folder regularly? Log in via web interface at least once a year? | | |
| ▲ | hulitu 2 hours ago | parent [-] | | > So, make sure you verify your account? What ? On my computer ? Microsoft really has some nerves.
My Microsoft account is scheduled for deletion. | | |
| ▲ | lossyalgo an hour ago | parent [-] | | I guess we can assume you won't be releasing any software for Windows in the near future :) |
|
| |
| ▲ | technion 9 hours ago | parent | prev | next [-] | | There's more to it. Signed desktop software can be signed by any CA. Veracrypt has kernel drivers. Microsoft's ability to control what you can sign is specific to kernel drivers, and Microsoft's trigger finger around bans exists in the world where bad drivers BSOD machines. In general this isn't your problem. | | |
| ▲ | raxxorraxor 8 hours ago | parent [-] | | Speculation as well and highly unlikely. Microsoft drivers can very well BSOD your machine as well, not a significant or convincing threat scenario and certainly not something that lead to certificate revocation of driver developers. There is zero quality control or review by Microsoft here. Not for their own products and not for third party ones. | | |
| ▲ | steve1977 7 hours ago | parent | next [-] | | Exhibit A: https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_ou... | |
| ▲ | fluoridation 6 hours ago | parent | prev [-] | | That's not entirely true. Certain classes of signing keys require driver developers to put their driver through a test battery and submit the results to Microsoft. | | |
| ▲ | rkagerer 3 hours ago | parent [-] | | I wish Microsoft expanded and built on that model, instead of moves like firing swarthes of their QA staff. It could have grown into a massive, self-service testing playground where any developer could submit their product and put it through an arsenal of basic, automated evaluations (e. does uninstall leave tidbits behind?), with paid upgrades to more tailored services. They could even publish scores to help consumers coarsely compare workmanship across different vendors, and encourage an emphasis on quality across the whole ecosystem. Instead they decided to just become overpaid bouncers who take your money, check your ID, and don't even bother about what you bring through the door. |
|
|
| |
| ▲ | actionfromafar 7 hours ago | parent | prev [-] | | You just have to start living like they do in Russia and comply in advance. Don't do anything "interesting", no encryption, or if you do, make sure you leave breadcrumbs, scratch that, a bread trail for them to easily get access to customer data. An Oracle or Sharepoint integration maybe? |
|
