|
|
|
|
|
|
by donmcronald
2209 days ago
|
|
|
Scam companies are making several hundred dollars per victim, so the ROI on an EV code signing certificate is pretty good in that context. I can’t count the number of PCs I’ve helped people fix because they’re infected with some fake antivirus that came in with an EV code signing certificate. And who cares if you guys crush 10 or 50 or 100 small developers for every malware distributor that gets stopped, right? SmartScreen is a bad solution. The underlying issue is the pathetic identity validation industry where $ = reputation. All SmartScreen does is add popular = reputation on top of that. Both suck! What we need for modern software development is a proper identity validation system that doesn’t cost an arm and a leg and lets us tie the validation to our developer accounts and long lived digital identities. Code signing is good for the rent seekers charging a fortune to provide terrible service. SmartScreen is an awful black box that you think is good because you worked on it and are privy to the internals. Maybe it was well intentioned when it started, but now SmartScreen is a a non-issue for industrial sized malware distributors, but is devastating for small, independent developers. |
|
|