I'd love to hear how this isn't grounds for a product disparagement lawsuit. Are any attorneys familiar with SmartScreen Filter?
A couple of relevant points that may be overlooked:
1) Signing your code, even with an expensive class-3 Authenticode certificate from Verisign that allows you to sign kernel drivers, is no guarantee that IE will not accuse you of distributing potential malware.
2) Contrary to various postings by Microsoft, there appears to be no avenue for appealing IE's poor judgement calls. This happened to me a few months ago -- again, with a signed .exe -- and all of the links on microsoft.com that I followed to submit my download to a whitelist went nowhere useful.
3) Mentioned in the article but worth emphasizing: the ridiculous "This application is not commonly downloaded" criterion almost seems designed to penalize smaller vendors who release frequent updates.
This SmartScreen bullshit is one of those cases where if you're not outraged, you're either not paying attention, or you're profiting from the scam somehow.
Do you have a better idea? Signature-based malware scanning is a joke and a half. I know CA"s can be gamed but unless you're proposing a better solution then don't complain.
Yes; they can do what they're doing now, but drop the scary language. Scaring users with non-specific threatening language does not enlighten them.
Since it's almost unheard-of for malware to be signed with a legitimate, unrevoked certificate, they could also afford to give signed executables much greater leeway when deciding what to report to the user. People seem to be assuming that signing the .exe is enough to keep the dire warnings from appearing. That is not the case, or at least it wasn't the case a few months ago.
Finally, they can provide a standardized method for whitelisting URLs (and not individual executables) instead of what they're doing now, which is apparently nothing.
They are giving signed EXEs much greater leeway, since the publishers is verified by a CA, providing a secure base on which the publisher's reputation is determined.
A couple of relevant points that may be overlooked:
1) Signing your code, even with an expensive class-3 Authenticode certificate from Verisign that allows you to sign kernel drivers, is no guarantee that IE will not accuse you of distributing potential malware.
2) Contrary to various postings by Microsoft, there appears to be no avenue for appealing IE's poor judgement calls. This happened to me a few months ago -- again, with a signed .exe -- and all of the links on microsoft.com that I followed to submit my download to a whitelist went nowhere useful.
3) Mentioned in the article but worth emphasizing: the ridiculous "This application is not commonly downloaded" criterion almost seems designed to penalize smaller vendors who release frequent updates.
This SmartScreen bullshit is one of those cases where if you're not outraged, you're either not paying attention, or you're profiting from the scam somehow.