macOS unable to open any non-Apple application

Don't you love it the ability to compile and run software on your hardware is controlled by a third party over the internet?

I sure love the SAAS future we are heading forwards.

I will be a full on linux junkie when that happens.

By then it will be too late

It IS, though. SmartScreen on Windows doesn't check binaries created on the same machine, but you'll get flagged if you move the untrusted binary to another machine you own.

Note that SmartScreen has an UI that lets you bypass it without having to disable it system wide, and has a sane timeout (I believe 30 seconds) after which it just pops up a dialogue box telling you that it can't check the binary, allowing you to continue.

I’m slowly transitioning as competently as I can.

Can you elaborate?

I highly doubt corporate interests could eliminate linux. It just will be very difficult to use though no doubt.

>has a sane timeout (I believe 30 seconds)

What the hell? You have to wait 30 seconds before you can run unsigned code on Windows without calling home to Microsoft about it? How is that considered sane? (I mean, forking on windows is slow but it's not that slow.)

How do people (and corporations! Especially ones sensitive to sharing IP!) put up with this stuff?!

well it is more insane because if you have an elevated exe that can span other exe which would trigger smartscreen the elevated exe can actually put a smartscreen filter in it. I mean what is the point in smartscreening an exe that gets spawned from an elevated exe?!

iirc no, there is a "More Info" button in the smart screen pop up that you can click instantly, and from there a button to run the app is available instantly.

Only if the server doesn't respond in time, that is - if you'd wanna prevent it from happening, you could just turn it off in the first place via GPO: https://docs.microsoft.com/en-us/windows/security/threat-pro...

I'd assume that's what most corporations do, since that's what it's there for.

I wouldn't 100% forsake the benefits of this stuff, since it does protect normal users - defender on modern Windows installs is good software and really does its job well, while staying out of your way most of the time. I'd leave it on for my parents.

Smart screen and other measures on windows are so useless that they just encourage consumers to engage in bad security practices.

I downloaded steam from the steam page, windows blocked it. I downloaded Chrome, windows blocked it. What's even the fucking point?

To prevent virus spread by confused deputies: even if you somehow get CreateProcess permission by, ex, getting a service registered, the actual malicious executable will still be blocked.

I'm not sure what they call it, but Windows does get in the way for things you compile on your own machine. I compiled the JuicyPotato exploit and tried to copy it to another local folder and got error 0x800700E1 and the EXE went missing.

I've gotten quite good at recognizing crosswalks, fire hydrants, chimneys and the like. Though I refuse to identify that one mailbox as a "parking meter" even if it means another trial to prove my humanity. Users of the platform get treated as spammers already.

That's Defender behavior -- you'll want to disable antivirus before building viruses :)

Defender is a traditional hueristic-based AV with on-disk and live load scanning and an offline database. SmartScreen is a reputation-based (certs + "how many people ran this") checker, and is much more visible. Win10 runs both.

Unless this is a 2004 feature, it does block binaries compiled on the same machine. Not very fun if you are compiling stuff repeatedly with a couple of second wait-times when running the binary.

Ah right, that makes sense. Yes I did disable it before moving it to Kali :)

well as said its an elevated process that can completly disable smartscreen, so an attacker would only need to run an exe that downloads another malicious exe after it disabled smartscreen that would not be blocked.

Imagine a program, WinSudo.exe. This program runs elevated, by magic. It passes its arguments to CreateProcess(). You call WinSudo.exe Virus.exe. Virus.exe execution is blocked by SmartScreen.

(This scenario is itself a security flaw that existed for some combinations of Windows system utilities, so this is a real concern.)

Now, you could change WinSudo.exe to disable SmartScreen, sure -- but this requires you to be able to modify WinSudo.exe (which should require Administrator), and the mismatched binary would ALSO flag SmartScreen.

You don't like that?! I love teaching self-driving cars how to drive!

Unsure if this is new, but as recently as September 2020, Windows definitely SmartScreen'ed an executable created on the same machine.

Mentally I'm there. But in terms of convenience I'm not. Thankfully my entire workflow has been done with OSS compatible with linux in mind so switching over is little more than an inconvenience for me. It all started because I couldn't use specific software in my workflow with linux...even if I paid for it. So then I started looking for good OSS alternatives and now I've basically become OS agnostic.

I really don't understand your analogy whatsoever.

It's a reference to Google's recaptcha, which in my experience always asks you to try to identify features in tiny blurry low-resolution photos (and I always wonder how users with poor vision can deal with it). And it's not unusual for it to be wrong and insist that a street decoration is a bicycle, or something like that, and not let you proceed unless you agree with its misidentification.

Are you sure? It's happening piece by piece so that its preferable for most people to bear one more bad thing than bear the cost of switching.

> What's even the fucking point?

To make you use Microsoft Store.

Oh I intentionally select the wrong things on that mixed with the right things. Just to screw with google for trying to automate some BS by making us do it.

well WinSudo.exe DisableSmartScreenAndCallVirus.exe Virus.exe might work if the first two are not smart screen detected yet. a simple program might not be detected by smartscreen yet.

This is a big conceit everyone holds - that Linux will be an acceptable substitute for MacOS. To be perfectly honest, if Apple shut down their Macbook factories and got out of the computer game entirely, and everyone flocked to Linux, it would be several painful years before Linux would be as usable as MacOS is today.

This is why I try out Linux every few years, and file lots of bug reports when I run into issues (mostly in applications - the core Linux kernel is solid). I've even contributed code to Linux apps that I don't intend to use right now.

I guess this is where the disagreements about usability on Linux come from. I've been using Linux based OSes since I was a child and IME when you run into brokenness it's almost always the user space (often something flashy from gnome or kde or occasionally freedesktop.org.)

Most things are more than doable on Linux but often you're choosing between stuff that works and stuff that looks pretty.

I don't doubt it. At least on non-server machines. They might not even do it intentionally. When every new machine manufactured in the last 20 years has some kind of secure boot system that prevents "unauthorised" operating systems from being installed, what then? Are you just going to keep your laptop from 20 years ago?

Doing charity work for corporations capped as low as trillions of dollars in your not-free time.

I will begin programming in C when the day comes to my switch as well.

Which is why the default action for unknown programs is to prompt.