Suggestion to avoid Windows Smart Screen warning
chybeat opened this issue · 10 comments
I readed the Docs, this is only a sugestion
My Windows version is 10 21H1 1v9043.1766 I search the web for Markdown viewer, a lot of times in a lot of sites. This work as I espect but the samartscreen...
So, you try InnoSetup?
https://jrsoftware.org/
Source code https://github.com/jrsoftware/issrc
The problem with SmartScreen is the unknown publisher, and with innosetup you can set a publiser like your installers has your name. But may be can help, I dont know, im not expert on installers. Is just a suggestion.
Thread closed by author (ChyBeat), beacuse is just a suggestion and i don't know where can I write one.
Thanks for program, is goooood for that I needs! :)
Thanks for the suggestion!
But:
- InnoSetup must be integrated into my toolchain. I use currently electron-builder to build packages for all Windows Linux and MacOS. And to my knowledge, InnoSetup is not supported as an option for Windows setups.
- The setup already contains my name and even a digital signature (see right-click, "Properties" on the setup file). The problem with this signature is, that it is only self-signed, i.e. with my "homegrown" signature. To get a proper one, which would be (potentially) accepted by Microsoft (i.e. SmartScreen), I'd have to pay money to some signature authority, which I don't want for that hobby project.
So, I think as long as Microsoft doesn't accept my self-signed setup or there is some way to get a proper signature without paying money (like a Let's Encrypt for setup/exe files), SmartScreen will always scare off potential users.
Thanks for program, is goooood for that I needs! :)
Glad to know🙂 You're welcome!
I recommend looking into sigstore.dev. It's been described as Let’s Encrypt for Code Signing.
@jordanbtucker Thanks for this suggestion! I'll take a deeper look at the next release and give feedback how it works.
@jordanbtucker I took a short look at sigstore.dev but it appears that they don't offer additional trust from Microsoft yet. See this issue comment in the sigstore/fulcio repository.
This is clearly a problem. So I filed two issues, one for Windows (Microsoft) and one for macOS (Apple):
I will keep an eye on this problem. But please let me know, if you (or anyone) have an additional suggestion or something new appears that could solve this problem.
That's a shame. I'll keep an eye out for any other free or low-cost solutions.