Recently, developers noticed that Microsoft introduced a new 'feature' in Internet Explorer 9, named '
Smart Screen Filter'. In most cases, it manifests as annoying and scary looking popups which appear after you downloaded some program from the Internet, telling you that this particular program is evil. This 'smart' screen filter simply checks if the binary has been signed, and if not, it apparently checks if the program is very, very popular at least. If both of this isn't true, and this is the case for 90% of all programs, it tells the user that the program is probably harmful. For people downloading my WebGL 3D editor
CopperCube, it looks for example like this (german version):
If you want to run the just downloaded installer, you need to click through two very scary popups, and they even try to hide this option for you, putting the 'run anyway' option under the obscure 'Actions' button.
So, as developer who wants people to actually use my software, the only apparent way to circumvent this harassment is to buy a certificate (usually this costs 100$ dollar a year and involves some senseless bureaucratic phone calling) and sign the binaries with it. Of course, for the end user, this doesn't change anything, there is no reason why a malware or virus developer couldn't do this as well. And unsurprisingly, most people searching for
Smart Screen Filter in Google, are apparently looking to 'turn off' and 'disable' this thing. :)
But in contrast to some fellow developers,
I'm not going to anything about it. Here is why:
This new filter currently annoys the crap out of the users. Instead of trusting IE9, telling them that the program they downloaded is evil, they find ways to get the program anyway. Either they find the hidden option to run the program anyway, find ways to disable that filter, or they even simply start using another browser. Some users even sent me a support mail, asking me how to get the software, and they were happy to install Chrome after I told them to.
So as developer, instead of supporting this senseless security 'feature', I'm simply not using signed binaries and training people to ignore these warnings. It's the 'dancing bunnies' problem again: If people want to see it, they will get it, it doesn't matter if you throw obstacles and warnings to them. And it is good that way. If your operating system is designed to be able to harm itself, then fix your operating system, do not try to prevent the user installing stuff on it.
So I think it's a bonus for corporate devs, for whom $100 a year and a morning of set up time isn't a big deal. However, it IS a pain in the ass for open source / hobby projects.