[ColinWright]

Here's a framing of the problem.

There's software called PuTTY, and non-technical or less technical people, or even technical people who are running on autopilot, might reasonably expect that it's hosted on putty.org.

They just need to be more careful.

Here's an analogy.

Even capable programmers keep screwing up when using C and end up with memory leaks and security vulnerabilities. But that's no reason to stop using it ... people should just be more careful.

No analogy is perfect, every example has problems and loopholes, but this seems a reasonable one. Just as people should use programming languages that make it harder to make mistakes, so companies should not behave in deceptive manners, and when they do, they should be called out on it.

[112233]

It is good analogy.

Similarly, telcos keep accepting and showing any cooked up caller ID over their SS7, and when someone gets scammed because they trusted the caller ID, the messaging I hear always actually is "people should just be more careful."

Same as banks requiring only card number to give someone money from the account. "you shoul be more careful with your card number."

It is sad to hear the level of victim blaming from the big industry.

[GoblinSlayer]

Nontechnical people afraid of a scary console window use putty?

[meepmorp]

Yes. Unfortunately.

[asimops]

I don't think the issue really stems from putty.org being there. It stems from a "trusted" third-party, the search engine, suggesting you the wrong place.

Therefore I think you are missing the point with your analogy.