Avatar
waxwing 1y ago

Does anyone know if it's even possible to build an executable for Windows using e.g. Rust (though this might apply to other langs), without buying a signing certificate, and have it runnable by users without false positive virus/trojan warnings (which, actually, make it effectively impossible for users to run).

I did a lot of searching and found a huge number of developers reporting this problem, but actually no solutions. Is it just impossible to distribute binaries as an independent developer? Is it just isolated to Rust and maybe Go etc? Or ...? Anyone experienced this and found a way round it?

Reply to this note

Please Login to reply.

Discussion

Avatar
sedited 1y ago

No, you are pretty much forced to get a cert. Same with macos now too.

Avatar
sedited 1y ago

I hate the certificate cartel.

Avatar
Empka 1y ago

One of the many steps in turning an "open" platform into a walled garden :/

Avatar
franzap 1y ago

I don't use Windows but heard similar stories, unfortunately, and it's not exclusive to Rust

In one way or another, I will fix this with nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0

Avatar
Jeroen Ubbink 1y ago

I don't think there are ways around it. I have a friend who still ships a Windows app and he had to go to loads of effort to to get a signing device.

I would urge you to stop developing for Windows. The signing does not stop bad actors as the verification process is done by some Indian call center that calls you on any number you provide and all you have to do is answer and say "yes that's me."

This should not be encouraged. People are making money off of you just because you comply and for the consumer it adds no safety.

Avatar
waxwing 1y ago

Agree in general. The problem for me is not that they have an app signing process ... even if it's bad. The problem is that removing users' rights to execute programs (as per Stallman's framing) is profoundly morally wrong.

Avatar
calle 1y ago

macOS let's you jump through hoops to still execute whatever you want (they just want to stop most newbie users from doing it). I can't imagine windows doesn't have that option but I don't use it and have no experience.

Avatar
waxwing 1y ago

Defender is installed by default and will quarantine a simple rust binary and often tell the user they have been infected with a trojan. I know that sounds ridiculous but i spent a lot of time looking into it.

The problem is they have no incentive to not false positive.

Avatar
Braydon Fuller 1y ago

Even though GNU/Linux systems don't have these types of restrictions, it would be great to have better sandboxing between desktop apps for a given user. Despite the intentional malware, software exploits and RE bugs exist and would be nice to mitigate with limited scopes and etc. Does Qubes provide better isolation or are there better alternatives?

Avatar
ChipTuner 1y ago

Not saying I agree with it, but as advertised: I'd argue that's the point of application signing on Windows. There shouldn't be a way around it, and I don't know of any that don't require user intervention.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

stop using rust

if it's pure go, there's no need to do any bullshit, it makes .exe files... WOW64 or WIN32 at your choice

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

um, wait, you mean "for distribution on gay homo windows store?

cos nothing is stopping anyone from building .exe files and/or even building installers to place them into neat folders in a user's directory

all the permission required is

"administrator"