Java-Gaming.org Hi !
Featured games (91)
games approved by the League of Dukes
Games in Showcase (806)
Games in Android Showcase (239)
games submitted by our members
Games in WIP (868)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Reality Check on "Unrecognized Applications"  (Read 1155 times)
0 Members and 1 Guest are viewing this topic.
Offline philfrei
« Posted 2018-08-27 06:12:52 »

I have packaged a Java application with InnoSetup5 into a Windows setup.exe. When I run the setup file, I get the following message:
Quote
Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
More info

Clicking "More info" allows one to get past this warning. Once past the warning, the Java application is installed on Windows as a "native" Windows program, and the application itself runs without complaint.

I have been trying to better understand what all is involved here. Seems like it would be a good thing to avoid getting this message, if possible. Researching on itch.io (where I plan to publish), I found the following forum response to a question about this warning popping up, and whether itch.io games were safe. The answer is from an Admin there.

Quote
Windows has default security settings that show a frightening warning when you download any executable off that internet that isn't signed with a paid certificate. You can get around this warning by using our desktop app. Additionally, our desktop app has a sandbox mode that you can use to run games is a environment with restricted settings. https://itch.io/docs/itch/using/sandbox.html

To answer whether games are safe, in general, yes they are. But, keep in mind that anyone can publish a project page on itch.io. You should use the same discretion you use when downloading any program off the internet. If you think something is suspicious then don't download it and report it. We process reports daily and if we find anything malicious we instantly ban the page.

So, if I understand this correctly:
1) itch.io customers, when they download a game directly, will get this message unless a paid certificate is involved
2) if the customer uses the itch.io desktop app, this message does not come up

I've also come across the following:
> Publishers of apps who say they aren't going to pay for a certificate, and just explain to the downloaders that they will need to bypass this safety warning (seems like this is actually pretty common)
> multiple tiers on paid certificates, e.g., ones that are lower cost but will generate the warning until a "track record" of some undefined sort has been established, and a higher cost (something like $300-400 a year) for a certificate that immediately grants "safety"

Here is an explanation from Microsoft.

I'm still not entirely clear on who one buys these things from and whether you are getting the right thing or not. A lot of searches I have done have turned up certificates pertaining to encryption or to SSL connections, as opposed to whether one's particular .exe is "recognized" or not. StackOverflow questions more often than not are geared to C++ and C# or other Windows entities such as programs created with Visual Studio.

I'm hoping someone here that is more experienced might be able to explain for the first-time Java app wanna be publisher what the options are and provide some guidance as to process for those options?

For my particular case, I will also be checking in with the forum at InnoSetup. Even though I specified a "Publisher" name to the .iss file, it is not showing up on the Windows Defender "More Info" message. And I assume that if I do end up paying for some sort of certificate (assuming the right thing is found and purchased), I'll have to ask the folks at InnoSetup how to get it integrated into the setup.exe that is generated.

Thanks!

music and music apps: http://adonax.com
Offline Riven
Administrator

« JGO Overlord »


Medals: 1371
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #1 - Posted 2018-08-27 06:27:29 »

You may want to google for "code signing certificate" - comodo (the dreadful certificate company) seems to have low-end pricing at $70/year (or 3x $60 for 3 years).

Keep in mind that certificates don't buy you safety. Like you can get infected through HTTP and through 'secure' HTTPS.

The 'only' thing such certificates guarantee is that your data was not altered (be it corrupted or infected) after it was signed, and before it is installed.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings!
Offline philfrei
« Reply #2 - Posted 2018-08-27 07:18:30 »

Thanks, Riven.

Do you know if this also has anything to do with helping get Windows Defender to not give an "unrecognized app" warning?

music and music apps: http://adonax.com
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline nsigma
« Reply #3 - Posted 2018-08-27 07:39:17 »

Ah, so Microsoft is copying Apple now. Great!  Roll Eyes Signed code isn't a bad idea, but be good to feel this was actually about security and not them controlling the means of distribution. Hopefully we'll see Let's Encrypt or similar provide free code signing certificates soon. Keeps coming up!

Praxis LIVE - hybrid visual IDE for (live) creative coding
Offline beeaware
« Reply #4 - Posted 2018-08-29 12:26:28 »

FYI:
If you ever decide to publish on Steam, you won't run into that problem.
Installing takes place through SteamPipe, without the need of an install package like Inno Setup.

Grtz, Danny.

You know you're getting old when you played Pong while it was still hot...
Pages: [1]
  ignore  |  Print  
 
 

 
Riven (587 views)
2019-09-04 15:33:17

hadezbladez (5529 views)
2018-11-16 13:46:03

hadezbladez (2410 views)
2018-11-16 13:41:33

hadezbladez (5790 views)
2018-11-16 13:35:35

hadezbladez (1233 views)
2018-11-16 13:32:03

EgonOlsen (4669 views)
2018-06-10 19:43:48

EgonOlsen (5688 views)
2018-06-10 19:43:44

EgonOlsen (3205 views)
2018-06-10 19:43:20

DesertCoockie (4104 views)
2018-05-13 18:23:11

nelsongames (5125 views)
2018-04-24 18:15:36
A NON-ideal modular configuration for Eclipse with JavaFX
by philfrei
2019-12-19 19:35:12

Java Gaming Resources
by philfrei
2019-05-14 16:15:13

Deployment and Packaging
by philfrei
2019-05-08 15:15:36

Deployment and Packaging
by philfrei
2019-05-08 15:13:34

Deployment and Packaging
by philfrei
2019-02-17 20:25:53

Deployment and Packaging
by mudlee
2018-08-22 18:09:50

Java Gaming Resources
by gouessej
2018-08-22 08:19:41

Deployment and Packaging
by gouessej
2018-08-22 08:04:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!