Suggestion to avoid Windows Smart Screen warning

Question

Suggestion to avoid Windows Smart Screen warning

chybeat opened this issue 2 years ago · 10 comments

I readed the Docs, this is only a sugestion

My Windows version is 10 21H1 1v9043.1766 I search the web for Markdown viewer, a lot of times in a lot of sites. This work as I espect but the samartscreen...

So, you try InnoSetup?
https://jrsoftware.org/
Source code https://github.com/jrsoftware/issrc

The problem with SmartScreen is the unknown publisher, and with innosetup you can set a publiser like your installers has your name. But may be can help, I dont know, im not expert on installers. Is just a suggestion.

Thread closed by author (ChyBeat), beacuse is just a suggestion and i don't know where can I write one.

Thanks for program, is goooood for that I needs! :)

Answer 1 · 2022-11-10T19:28:42.000Z

Thanks for the suggestion!

But:

InnoSetup must be integrated into my toolchain. I use currently electron-builder to build packages for all Windows Linux and MacOS. And to my knowledge, InnoSetup is not supported as an option for Windows setups.
The setup already contains my name and even a digital signature (see right-click, "Properties" on the setup file). The problem with this signature is, that it is only self-signed, i.e. with my "homegrown" signature. To get a proper one, which would be (potentially) accepted by Microsoft (i.e. SmartScreen), I'd have to pay money to some signature authority, which I don't want for that hobby project.

So, I think as long as Microsoft doesn't accept my self-signed setup or there is some way to get a proper signature without paying money (like a Let's Encrypt for setup/exe files), SmartScreen will always scare off potential users.

Thanks for program, is goooood for that I needs! :)

Glad to know🙂 You're welcome!

Answer 2 · 2023-03-17T16:06:42.000Z

I recommend looking into sigstore.dev. It's been described as Let’s Encrypt for Code Signing.

Answer 3 · 2023-03-18T18:38:07.000Z

@jordanbtucker Thanks for this suggestion! I'll take a deeper look at the next release and give feedback how it works.

Answer 4 · 2023-04-12T20:39:08.000Z

@jordanbtucker I took a short look at sigstore.dev but it appears that they don't offer additional trust from Microsoft yet. See this issue comment in the sigstore/fulcio repository.

This is clearly a problem. So I filed two issues, one for Windows (Microsoft) and one for macOS (Apple):

I will keep an eye on this problem. But please let me know, if you (or anyone) have an additional suggestion or something new appears that could solve this problem.

Answer 5 · 2023-04-12T21:31:54.000Z

That's a shame. I'll keep an eye out for any other free or low-cost solutions.

Answer 6 · 2023-07-27T17:12:32.000Z

While this issue could be seen as duplicate of #27 and #28, I reopen this issue anyway until it is solved.

To anyone: feel free to provide additional suggestions.