Cyber Scarecrow

(www.cyberscarecrow.com)

606 points toby_tw | 2 comments | 18 Jun 24 08:08 UTC | HN request time: 0.016s | source

Show context

scosman ◴[18 Jun 24 08:25 UTC] No.40715334[source]▶

Fun concept.

If the creators read this, I suggest some ways of building trust. There’s no “about us”, no GitHub link, etc. It’s a random webpage that wants my personal details, and sends me a “exe”. The overlap of people who understand what this tool does, and people who would run that “exe” is pretty small.

replies(7): >>40715364 #>>40715425 #>>40715446 #>>40715473 #>>40716059 #>>40716538 #>>40723731 #

CyberScarecrow ◴[18 Jun 24 08:55 UTC] No.40715473[source]▶

>>40715334 #

Author of cyber scarecrow here. Thank you for your feedback, and you are 100% right. We also dont have a code signing certificate yet either, they are expensive for windows. Smartscreen also triggers when you install it. Id be weary of installing it myself as well, especially considering it runs as admin, to be able to create the fake indicators.

I have just added a bit of info about us on the website. I'm not sure what else we can do really. Its a trust thing, same with any software and AV vendors.

replies(18): >>40715568 #>>40715665 #>>40715733 #>>40716043 #>>40716134 #>>40716229 #>>40716260 #>>40716317 #>>40716684 #>>40716889 #>>40719030 #>>40719198 #>>40719439 #>>40720186 #>>40720416 #>>40720493 #>>40723898 #>>40727328 #

efilife ◴[18 Jun 24 09:40 UTC] No.40715733[source]▶

>>40715473 #

It ceases to be a trust thing once you open source the code

replies(1): >>40719834 #

1. wongarsu ◴[18 Jun 24 16:52 UTC] No.40719834[source]▶

>>40715733 #

In a world where everybody builds from source or downloads from a trusted build service

replies(1): >>40720042 #

2. shadowgovt ◴[18 Jun 24 17:16 UTC] No.40720042[source]▶

>>40719834 (TP) #

... and trusts their entire toolchain hasn't been compromised.

↑