Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

SmartScreen is functionally useless, though. All it provides is a UAC warning for unsigned code, the likes of which through a legitimate user has clicked an untold number of times for perfectly legitimate reasons.

Here's a video where the malicious file is executed. Nothing immediately seems amiss: https://youtu.be/DD9CvHVU7B4?t=1m43s



What you see in that video isn't SmartScreen, SmartScreen is disabled in that video.

Here is what SmartScreen actually looks like and actually does[0] on Windows 10 when attempting to download an unsigned installer.

If Microsoft is aware that the file you're attempting to download is malware, they will block the download entirely (in IE/Edge).

[0] http://imgur.com/a/l5JzM


The issue is that due to the high costs of getting a certificate, a lot of legitimate software for Windows is still unsigned.

I know several large FLOSS projects, with hundredthousands and millions of users, that ship only unsigned binaries, telling their users to turn off SmartScreen.

If Microsoft would have used a GPG-like mechanism, or provided certs for free, it would look very different.


Ah, yup. Good catch!




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: