Note this isn't even about admin vs non-admin installations. I guess the Store is another way to have "trusted" applications, but you only have to look at the Google Play or iOS store to see how well this ultimately works out (for both malware and legitimate authors). Without this, malware gets executed directly and now you're dependent on (very imperfect) anti-virus software. As the de-facto support person for family that don't understand computers. The SmartScreen stuff is another attempt at this - software that's not frequently seen is flagged as a potential problem. What's the equivalent to the "URL bar" for software? What's the equivalent to the ACME domain validation challenge? This is akin to LetsEncrypt for certs - can have a valid cert but it doesn't mean it's legitimate. Giving out free code-signing certificates also makes it easier for malware to get legitimate certificates. What can Microsoft do, as an alternative, that doesn't result in an identical or worse situation? ![]() ![]() Let's move this to a productive conversation though. Establishing trust is very hard problem, though. I get the sentiment here, it's very annoying for developers (including me).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |