Microsoft does some really nice work sometimes. The half-assed Smart Screen filter is not one of those nice pieces of work. It is shit. I’ve posted about this before, but there have been no changes to this filter over the last few years and it still has some major problems.
Problem 1
The messages that are shown to the user don’t show them that they can run your software. The messages instead tell them that they are being protected from malware, EVEN IF YOUR SOFTWARE IS NOT MALWARE. Users must ask for more information to get to the proper point where they can then click a button and run the software. I think that a class-action lawsuit on behalf of all small developers would be in order. MS telling users that the software is malware when it is not seems like libel or slander.
Problem 2
Renewing a code signing certificate isn’t really renewing it at all. It’s just a way to buy a new different certificate. After renewal, the Smart Screen filter again tells users that my software is malware. This is even more offensive to me because I specifically paid for the privilege of being more efficiently tracked by the Smart Screen filter, and my tracking information is no longer meaningful. They didn’t track me, my software, or my reputation; they tracked only that one now-obsolete code signing certificate.
It took months to get enough downloads to be trusted before. now my poor users are stuck with Smart Screen filter hell again.
Wow, I must have been really angry when I wrote that post. I just noticed that someone linked to it in an article about false-positives from malware detection and the similar problem with the Smart Screen validation. So I thought that maybe I should at least apologize for using profanity.
I have a longer post elsewhere that describes what the Smart Screen validation messages looked like for when my software had not been downloaded enough (for the SS filter). I still stand by my comment that saying “malware” in a message to the user in regards to software that has not been proven to be malware, is obscenely rude and potentially illegal. At a minimum, I find it a bit unethical on the part of MS.