> Isn't this already what Windows does? It's warned about unsigned binaries on first run for a while now, no?
Sort of? There's three I know of
1. the generic warning for files you downloaded off the internet
2. the UAC warning when you try to run any program as admin
3. the smartscreen warning for uncommon files.
The first two has the "run/open" equally as visible as the "don't run/cancel" button. The last one is the one where the "run" button is hidden.
>And I can see some argument for that, even if in practice it feels more like teaching users to blindly ignore warnings.
That's exactly the problem. The first two warnings show up for everything, so users are trained to click through.
>But holding uncommon or un-Microsoft-sourced (that is, signed) to a higher standard feels wrong.
The problem is that without a digital signature, you can't tell whether a binary from a legitimate developer and a malware developer. Hence the need to rely on file hashes and needing to warn users for uncommon binaries.
Another interaction before 3. is the Edge / SmartScreen integration where it won't download files thought to be unsafe "This is unsafe to download and was blocked by SmartScreen Filter" and you need to explicitly download them, e.g. screenshot in this blog:
Sort of? There's three I know of
1. the generic warning for files you downloaded off the internet
2. the UAC warning when you try to run any program as admin
3. the smartscreen warning for uncommon files.
The first two has the "run/open" equally as visible as the "don't run/cancel" button. The last one is the one where the "run" button is hidden.
>And I can see some argument for that, even if in practice it feels more like teaching users to blindly ignore warnings.
That's exactly the problem. The first two warnings show up for everything, so users are trained to click through.
>But holding uncommon or un-Microsoft-sourced (that is, signed) to a higher standard feels wrong.
The problem is that without a digital signature, you can't tell whether a binary from a legitimate developer and a malware developer. Hence the need to rely on file hashes and needing to warn users for uncommon binaries.