undefined | Better HN

0 pointsk32sic7y ago0 comments

I will always put more trust to downloads form web sites that have an owner, than apps coming from an app store. It is very easy to put my trust in an app when I see the amount of work has been put in setting up a site (documentation, history of development, etc).

The app stores do not offer any kind of information that would help to put my trust in the developer and application.

Certifactes are a fallacy that tell nothing about the security of the app. They just tell that the app was signed someone that has a security certificate.

Also why do all security experts want to shove their security agenda to the world ? If you are dealing with life or death matter than it is probably better not to expose your world to the wild. For everything else it is OK to live without the safety net, it is OK if someone looses some money or your mum's disk gets encrypted. People fall every day and I sencerly hope that there will not be some police that will force you to wear a helmet ass soon as you get out of the bed.

0 comments

close047y ago

> I will always put more trust to downloads form web sites that have an owner, than apps coming from an app store.

The article is about signing the Windows binary that you download from the developer's site so when the UAC dialog pops up on installation it shows a valid publisher. Nothing to do with an app store.

> The app stores

Again, different topic.

> Certifactes are a fallacy that tell nothing about the security of the app.

Actually they do. It's a 0 effort way for the user to tell that the installer was not modified between compilation and installation. How do you tell that the developer's site wasn't hacked and the installer doesn't have some bundled malware?

> Also why do all security experts want to shove their security agenda to the world ?

Because that 1 million computer botnet attacking your site may just be made up of a lot of people who don't know what certificates are for, how to check if a download is legit, etc.

j / k navigate · click thread line to collapse