The extended validation code signing certificate you need to avoid having your installer blocked by Windows SmartScreen is quite a bit more expensive.

https://stackoverflow.com/questions/48946680/how-to-avoid-th...

For Open Source Software, you can use SignPath for free: https://signpath.org

That's what we did for DB Browser for SQLite (sqlitebrowser.org), and it works well: https://sqlitebrowser.org/blog/signing-windows-executables-o...

SignPath also does stuff for commercial places too (https://signpath.io), but I have no idea of the pricing.

Well, you can still run unsigned software (by clicking through to a bit of a hidden option in the popup dialog), and they also even remove that through "reputation" if enough people approve said binary (exact bitwise binary, so every new version released will go through the same issue).

Signing on Windows is a pain in the arse and gets more expensive every year. I dread having to renew my certificate. Also they keep reducing the maximum certificate length, so you can't just do it once every 5 years, like you used to be able to.

I can't remember how difficult it was to set up my initial Apple developer account (trauma related memory loss, perhaps) but it is dead simple to renew. Just pay the $99. I did it yesterday. Took about a minute.

It's expensive. I don't agree that it's harder, in the sense of TFA's technical struggles getting it to work. If you've got the money for the certificate, passing OV and signing the binary is easy. The difficulty of signing isn't the big problem we face on Windows. The main issue is that signing barely does anything: you still get hit with SmartScreen blocks even though it's signed. The return on your investment of time and money is just showing your name as the publisher in the SmartScreen prompt. The only way to avoid the SmartScreen prompt is by building reputation with lots of installs.

I still prefer this over having a Microsoft developer account and publishing in the store--I hate having to put my software through arbitrary store review processes--but it's not a good situation. SmartScreen is just about the worst thing ever to happen to indie developers on Windows. We're right there in the thick of it with macOS developers: different details, same struggle. Both of our corporate overlords want you to distribute software in their store, and you get the sense that they would end self-distribution entirely if they thought they could get away with it.

I note that TFA's author edited the post after-the-fact, changing the line about Windows. It originally claimed that Windows worked fine and they got "just an EXE" and that was that. I assume they finally tried it for real on a civilian computer and saw the SmartScreen block.

Yes, Windows is terrible, too. The entire desktop software world has lost its collective mind and the platforms are turning themselves into locked down game consoles just so that grandma doesn't accidentally install malware.