Smartscreen warning
rocksdanister opened this issue · 33 comments
Basically the lively installer is blocked by windows smartscreen filter, can be bypassed by clicking More Info -> Run anyway.
https://support.microsoft.com/en-in/help/17443/microsoft-edge-smartscreen-faq
SmartScreen also checks the files that you download against a list of files that are well known and downloaded by many people who use Internet Explorer. If the file that you're downloading isn't on that list, SmartScreen will warn you.
It will go away after some amounts of download, but the problem is as I update my application with new version, the new installer will also get flagged unless I sign & let windows know its the same application.
Microsoft recommended EV Certificate is expensive, there are some free alternatives for foss projects.. after looking at it the documentation requirement is huge though, lots of work, not sure if I want to spend time on it...will have to look into it later.
Some old discussion on it: MonoGame/MonoGame#3189
I believe for now the best course of action should be "don't worry about it" ?
probably; its just people don't read properly and start telling others "windows is saying this is a virus" :/
Would be great if the installer triggered 0 warnings.
I'll have to do it sooner or later, probably when I hit v1.0.
damn, yeah they are expensive..
So I need help using github if anyone knows how to help will be appreciated
Looks like I won't be able to do it for v1.0, hardware is required now for signing which will take time for me.
Lively v0.9.6 setup does not give smartscreen warning anymore I believe(?), has over 100k downloads.
Sadly this will reset with every setup, I also don't think a private key will help with it either(?)
@LivedWhistle52 To avoid going off-topic, you can have talk about things in lively reddit discussion thread instead https://www.reddit.com/r/LivelyWallpaper/
how do I know this is safe
- Inspect the code? Lively and all its libraries (libmpv, libvlc, cefsharp..) are fully opensource.
- Lively is relatively popular on github with 300K+ downloads and 1K stars.
- Most Commits have detailed description:
https://github.com/rocksdanister/lively/commits/dev-v1.0-fluent-netcore - There is a Reddit and Discord community with active users.
- Verified by third party:
https://www.softpedia.com/get/Desktop-Enhancements/Other-Desktop-Enhancements/Lively-Wallpaper.shtml - See the application in action: https://youtu.be/1EygCDN4NHc
If I'm trying to make a malware, why put such efforts into attention to details. - I fixed almost 100 issues:
https://github.com/rocksdanister/lively/issues?q=is%3Aissue+is%3Aclosed
If I'm trying to make a malware, why go through all this effort. - See the docs and api support:
https://github.com/rocksdanister/lively/wiki/Web-Guide-IV-:-Interaction
If I'm trying to make a malware, why go through all this effort. - Lively is localized to over 18 languages by the community
https://github.com/rocksdanister/lively-translations/tree/master/v1.0
If I'm trying to make a malware, why bother. - Lively does not require admin rights to run and does not make any modifications to system files.
The Uninstaller will remove all the changes; if .net core is not installed, admin permission might be required. - Most of the third party anti-virus software detection are just AI based guess which is not very unusual for unconventional app like lively.
- Lively v1.0 onwards works only on Windows 10 1903 or above due to some of the latest technologies used.
If I'm trying to make a malware, I'm not doing a very good job expanding its reach.
What code signing does is it verifies the installer has not been modified - if you download from the official website you are fine.
Lively is just a fun learning project for me to try new things, I don't plan to make any profit from this project ..if it sounds too good to be true that's why.
well thats the only confirmation I needed 😄 thanks 🚀
Any reason it can't be deployed through the windows app store? I have a wpf app that is deployed that way and Microsoft takes care of the signing.
Oh I thought third party key was still needed!
So no yearly fees and just one time payment... sounds nice.
I will probably have to drop Unity and external app wallpaper support for store, will look into it.
Thanks.
The Git Extensions project was gifted an Open Source certificate from signpath.io. You may be able to reach out to them.
Thanks for letting me know, I'll send them a mail.
every time i launch it i get a BSOD
If your getting a bsod from running a web browser/ videoplayer it is more likely your system has some underlying issue that need fixing.
Also try to keep this discussion on track, create a new issue with more details so that I can have a look at it.
nope its just this
Over 400k download and first time I'm hearing of this, take it as you will.
Not sure if spam or not, you are clearly not interested in helping to trace the cause of the issue and just want to make claims without much information in an unrelated thread.
buenas tarde era para reportar un erro que me sale que dice ``este programa no es compatible con la versión de Windows´´ no se porque no es compatible si yo tengo Windows 10
Lively require Windows 10 version 1903 or above.
Check Certum, they have pretty cheap code signing certificates for open source, they even have signing in cloud (however it is more expensive, but you don't need any HW)
https://en.sklep.certum.pl/data-safety/code-signing-certificates.html
Got a problem, it just shows black screen.
Yeah looks like situation changed and they provide cloud signing.. good to hear 😃
For the time being I managed to get it released on Windows store (had to remove xaml island, some store validation issue 😭)
(testing, private for now.)
Hello, it just started working after turning on my computer again sorry for thinking its a bug
Does this work on a 49" wide screen? I have a Samsung 49" C49J890 Curved 144 Hz 32:9
And also, when i try to install it, it says this. How do i solve it?
nvm, i solved it
This is a discussion for about smartscreen warning only, for other problems create a new Issue:
https://github.com/rocksdanister/lively/issues/new/choose
Windows store version released: #213
Its signed by microsoft, so no smartscreen warning.
Windows: this application looking sus and its time to play
us: Run anyway
Windows: good luck realizing it is not sus OH WAIT
Discussion is going off-topic, locking for now.
Update
After some observation - currently installer smartscreen warning goes away after ~10,000 downloads..
Thanks to existing Lively users, it takes around 2 days to reach that number 😄.
Since its just a few days waiting time between each update, this issue is not a priority right now.
Looks like will need to buy code signing cert either ways:
https://twitter.com/dwizzzleMSFT/status/1511368944380100608
✅EXE signed or rep REQUIRED