For genuine but rarely used apps which will never develop a reputation, Microsoft is scaring off average users by showing "This is is not downloaded frequently and could cause harm to your computer". The user prefers to not install the app rather than risk infecting his computer. Thus, Microsoft is successfully preventing not just malware but also apps without reputation from installing.
What if my app's setup installer name changes, or the mirrors from which it can be downloaded change (as in case of open source apps), or a new version is released with different EXE. Some apps will never develop a reputation and IE9 will just scare users off them.
You’re about to install a new piece of software. Is it safe? Is it reliable?
Those are the two questions you should ask before you install a new program on any device—PC, smartphone, tablet—regardless of what operating system it runs.
The trouble is, most people don’t ask those questions at all. And even when they do, the answers can be hard to come by. I regularly download and test Windows programs (I test Mac software, too, but not as often). For special-purpose utilities in particular, making trust decisions is difficult. They often lack digital signatures, and even those that do come from sites that are unfamiliar.
Is there a way to get those answers?
Apple’s solution for iOS devices is the app store. It’s heavily curated—you don’t get in unless you pass Apple’s stringent tests. Beginning with OS X Lion, Apple has extended the same concept to desktop apps. For Windows 8 apps, Microsoft plans to offer a similar option.
For a customer, an app store has obvious advantages. It represents a one-stop shopping opportunity, with assurance from the store’s operator that the product you’re about to buy is safe and reliable.
For developers, there are advantages, including the potential of striking gold by being promoted on the app store’s front page or making it to the top of a category list. But there are disadvantages, too: You have to play by the store’s rules, which might limit your ability to add features or capabilities to your program. You have to pay a commission to the store’s owner, you lose the opportunity to sell directly to your customers, and you are unable to create relationships with customers that aren’t mediated by the store’s owner.
Linux users can rely on repositories, where available software is certified as legitimate and compatible. That works great for free software, but it’s a nonstarter for commercial software developers who want to sell software to customers.
For traditional Windows and Mac software, there are no stores and there are no rules. That means when you download a piece of software, you’re on your own. You can search for reviews, but how do you know those reviews are reliable and accurate?
One possible solution that is just beginning to take root involves the use of reputation systems. Microsoft has built a feature called SmartScreen Application Reputation into Internet Explorer. It does a good job of identifying potentially dangerous software, and in my experience it offers tremendous advantages over other Windows-based browsers.
See also:
Symantec also offers a reputation-based screening system as part of its Norton Internet Security Product. For the past month or so, I’ve been using the 2012 version of NIS, which adds a new and important feature to that reputation analysis. It ranks a program’s reliability as well as its safety. Here’s the report for the latest release of Firefox, for example:
I love this feature. It has steered me away from a couple of utilities that have been known to cause reliability problems.
See also:
Today I decided to compare the results of these two reputation systems by using one of the most scam-ridden categories of all: Windows registry cleaners. I’ve made no secret of my dislike for this category of software in general. By and large I believe running a registry cleaner is far more likely to screw up your system than to fix it.
But still, people use this stuff, and scammers love to take advantage of them to push malware and adware. So what happened when I went looking for a registry cleaner? I found the top three “system optimizer” programs being sold through lots of sites that use the same templates and sell the same software under affiliate arrangements. The programs themselves are legit and virus-free, although I don’t recommend them.
But it didn’t take me long to find a suspicious one. And it illustrated both the strengths and weaknesses of reputation systems. The gory details are available on the next page.
