Just wanted to find out what everyone is doing with code signing on windows. I remember a topic a little while ago where some people weren’t bothering whilst others decided basic certificates were enough.
It seems to me that windows defender/edge browser have become far more picky about what they like people to download. Recently users with defender as their av have reported that it warns of a trojan whenever they try to download our stuff. I sent the files off to windows for scanning and they basically said “yeah, your files are fine but we don’t trust the certificate yet because you haven’t used it enough”. Seems astonishing that something “untrustworthy” is immediately labeled as a trojan… The issues thankfully go away when people use chrome combined with other av software.
tl;dr are small developers bothering with the extra expense and hassle of EV code signing certificates or is it just accepted that these types of messages pop up on windows occasionally (here we are Mac users for years so don’t know the current expectations)?
Thanks for any opinions/thoughts you can provide,