MorkTheFiddle wrote:Windows 10 did not want to run the exe. When I said run it anyway, my virus protector, AVAST, intervened, called it 'very rare' and sent it to their "labs" for analysis. When I can say more either here or at GitHub, I will.
Thank you very much for letting me know!
The first problem you encounted was that "Windows 10 did not want to run the exe". This happened because I haven't yet purchased an "Authenticode" certificate to "sign" the *.exe file. Sadly, these cost
$199 to $499 per year. I really ought to buy an Apple code signing certificate as well, but that would require me to become an official registered Macintosh developer (for $99/year), and possibly then buy a second certificate from them as well. (It's theoretically possible to use the Windows certificates to sign Mac apps, but I hear that most people spend a weekend trying to get it to work and then give up.)
So basically, I'd probably be looking at $400/year to get rid of those warnings.
As for your anti-virus software, various security experts have told me that most anti-virus software actually makes your security
worse.
This is because
most anti-virus software is full of embarrassing security holes and it actively subverts browser security features. However,
Windows Defender may be a happy exception to this. Even better, Windows Defender is free. I don't know if you have the option of switching or not, and it's been a long time since I've payed much attention to the Windows anti-virus market, but maybe it's worth a look.
Sorry, I wish I had better answers to give you. But purchasing signing certificates for all the major platforms and renewing them every year would be a noticeable drain on my budget. So in the meantime, people can either click through the "Unknown application author" warnings, or they can follow the instructions to compile substudy from source themselves if they're feeling paranoid.
But thank you very much for the bug report—I'd forgotten the current state of Windows code signing as it applies to command-line tools.