search

stargatedaw / stargate

Innovation-first digital audio workstation (DAW), instrument and effect plugins, wave editor
GNU General Public License v3.0
652 stars 32 forks source link

Windows Defender, "Smart Screen" warnings and random bugs #3

Open ghost opened 2 years ago

ghost commented 2 years ago

Problem: I have, at the moment, chosen not to give a Microsoft "partner" all of my personal information and a lot of money to buy a code signing cert, therefore Windows "Defender" and "Smart" Screen try to scare you out of installing my software, and sometimes inject random bugs into my code by rejecting syscalls.

Solution 1: Tell users to partially or fully disable Windows Defender if having problems with Stargate. Note that people already do the same to work around similar issues, even with apps that are code signed, like Steam (the Valve gaming platform)

Solution 2: Buy a code signing cert. Frankly, this is only going to happen if the project takes off in a major way and gets turned into a company or charity, as I am not going to be buying a personal code signing cert that will display my legal name to the user every time they install

Solution 3: Stop providing Windows builds. Obviously I would prefer to make my application available to that 87% of the world's computer users, but if it is going to be a terrible experience for both of us, I am better off focusing on Linux instead

webprofusion-chrisc commented 1 year ago

Hi, reviewing your downloads you specifically call out SmartScreen in your docs: https://github.com/stargatedaw/stargate/edit/main/docs/troubleshooting/windows_install.md

While I can see you want to convey to your users that the signed installer is not strictly necessary the tone of the article is combative and conspiratorial which potentially gives the reader a negative impression of you/your project.

Consider rewording your docs to simply state a fact or policy rather than an opinion. e.g. It is not practical or cost effective for us to sign our Windows installer at this time.

While SmartScreen is a hinderance for developers it's also a genuine (if debatably effective) safeguarding step. Microsoft do not charge developers for these certificates and they don't require you to be a partner, the issuing Certificate Authority is the body charging a lot of money for the certificate and they generally equate this cost with the overhead of performing effective identity validation (which is obviously a strict requirement for certifying a developer/organisation).

L3337 commented 1 year ago

Thanks for the feedback. I am actually in the process of acquiring code signing certificates, hoping to have them for Windows and MacOS in the next month or 2. I found some legal maneuvering that will allow me create a business for cheap with minimal ongoing legal and tax burden, that Microsoft Partner CAs will accept as a proper legal entity and display yet-to-be-determined business name instead of my name.