search

triplea-game / triplea

TripleA is a turn based strategy game and board game engine, similar to Axis & Allies or Risk.
https://triplea-game.org/
GNU General Public License v3.0
1.34k stars 398 forks source link

Windows Defender activates when installing pre-release #6407

Open tvleavitt opened 4 years ago

tvleavitt commented 4 years ago

How can the problem be recreated?

Download latest pre-release, attempt to install it. The following window pops up.

2020-05-05 15_59_29-Window-TripleA-dontrun

After clicking on "More info": 2020-05-05 16_35_13-Window-Defender-runanyway

What is an expected fix?

Windows Defender doesn't activate. Users aren't forced to unintuitively click "More Info" in order to see a "Run Anyway" prompt (or this behavior is sufficiently well documented so that they know what to do when they see it).

Ideally, UAC doesn't activate for both the installer, and the "uninstall" program as well (note: Avast! also is triggered by the "uninstall" program, which intervenes to delay execution for a few moments while it satisfies itself that the program isn't a threat).

Which Engine Version are you using?

2.0.19187

(Optional) Additional information

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. If there is something that can be done to resolve this issue, please add a comment indicating what that would be and this issue will be re-opened. If there are multiple items that can be completed independently, we encourage you to use the "reference in new issue" option next to any outstanding comment so that we may divide and conquer.

tvleavitt commented 4 years ago

Two takes:

a) we consolidate these into a single issue, under the a broad topic head, such as "Security Warnings from Operating Systems, Browsers and Anti-Virus Software" or something more generic like "Code Signing" (probably not generic enough); we might even create a separate issue for "Project Governance and Stewardship and Legal Structures" since that's part of the solution :)

b) we leave these as separate issues, on the principle that some of them may be more easily solved than others, or that some of them won't be solved; that would seem to be within the overall philosophy of the project

That said, right now, my sense is that the unofficial consensus is that this overall issue is not within the capability of the project as it is now constituted to address, and is simply not a priority. If so, that's fine, but I suggest that we make the implicit explicit.

If we're going to simply expect end users to barrel their way through all the warnings and flags by the browser, AV and OS, I believe we should at least make a token effort to document the problem and provide answers and a walk through for the most common issues (such as UAC, which I think work has already been done on). Having dealt with end users in a variety of roles over the year, I am certain that we're losing a non-trivial percentage of potential users by not addressing this either by solving the underlying problem or at least addressing it in the form of a prominently displayed link to a FAQ at the point of download.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. If there is something that can be done to resolve this issue, please add a comment indicating what that would be and this issue will be re-opened. If there are multiple items that can be completed independently, we encourage you to use the "reference in new issue" option next to any outstanding comment so that we may divide and conquer.

DanVanAtta commented 4 years ago

Summarizing from #6598, we won't pursue code-signing:

I think that means we go with option (b). We fix what we reasonably can. For the most part we likely will favor investing time in straight development and keeping our pipeline simple.