Yup, just what's I think, most dev will be forcing the other dev(that might not care about security) to improve the security, and Windows XP is getting cracked down for Win XP user, they will be leaving with a security issues, and so did the Gov.
(Fun fact, Malaysia gov webpage that contain personal information is just HTTP+IP address link...)
Just tested Process Lasso installer, and also the SHA2 only installer, no SmartScreen pop out now, so it is "safe" (for Bitsum) now.
And interesting, I just running a SHA1 signed installer on Windows 7, but no SmartScreen pop out, maybe it is disabled by some software...
I may need to check for it tomorrow..
(BTW, the password is wrong and I just guessed it right, but I will let the other user to guess the right password, it's just need some "backspace" to found it.)
----A little Off-topic
For security reason, I tested how's the extract tools will do to the "downloaded from Internet" files that label by browser, did they will label extracted files or not.
Windows File Explorer - Pass
WinRaR - Pass
2345好压 - Failed
So as you can see, any software that focus on adware function will not take care some little security on the files, even they did provided scanning engine that will scan the files before extract/run it.
This is caused by users asking for FEATURE!!! that can be seen, not small (security) detail that can't be feel, it also shown how's meticulous the devs are.
It will also be interesting for Antivirus, did they will look on this label or not, and doing some "heavy" scanning on the downloaded files.
Anyways, case closed, and Windows XP should be saying goodbye for next year.
Just kidding, big company will still be supporting SHA1 for XP users, and increase danger for most modern Windows user.
This Chicken & Egg, or that Chicken & Egg? (compare with forcing user to use up-to-dated Windows with modern security supported, but reduced software compatibility)? https://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind/http://arstechnica.com/security/2015/12/sha1-sunset-will-block-millions-from-encrypted-net-facebook-warns/
Maybe blocking their SHA1 cert is a good idea, before browser start blocking them next years.