If they only cared about thwarting malware they could have just relied on code signing via public certificate authorities, like with binaries on Windows.
The point is so that most people can’t or won’t figure it out or get discouraged.
So that in time, google’s “unwanted” software will be starved of attention and funds to continue being developped and these “weeds” in their garden slowly wither and die
Code signing offers slight protection from malware but not as you might think. If a company signs an installer, or executable then it tells you it came from them but not what it does. It could still be malicious, or it could be inadvertently bundled with malware in DLLs or scripts and you wouldn’t know. You’re just hoping the company has done its due diligence and you trust them to run.
Microsoft does have an antivirus system on top and fingerprints downloads too and applies some kind of trust score that is better if an exe is signed. There is probably no single mitigation that stops malware infection but apply lots of smaller mitigations in in depth and most people will be safe.
The irony is Microsoft still lets people run files ending with .scr way too easily. Much of the malware on torrent websites is a file ending with .scr knowing the OS will hide the extension, e.g. movie.mp4.scr appears as movie.mp4 in File Explorer and people click through and get infected.
If they only cared about thwarting malware they could have just relied on code signing via public certificate authorities, like with binaries on Windows.
The point is so that most people can’t or won’t figure it out or get discouraged. So that in time, google’s “unwanted” software will be starved of attention and funds to continue being developped and these “weeds” in their garden slowly wither and die
Code signing offers slight protection from malware but not as you might think. If a company signs an installer, or executable then it tells you it came from them but not what it does. It could still be malicious, or it could be inadvertently bundled with malware in DLLs or scripts and you wouldn’t know. You’re just hoping the company has done its due diligence and you trust them to run.
Microsoft does have an antivirus system on top and fingerprints downloads too and applies some kind of trust score that is better if an exe is signed. There is probably no single mitigation that stops malware infection but apply lots of smaller mitigations in in depth and most people will be safe.
The irony is Microsoft still lets people run files ending with .scr way too easily. Much of the malware on torrent websites is a file ending with .scr knowing the OS will hide the extension, e.g. movie.mp4.scr appears as movie.mp4 in File Explorer and people click through and get infected.
These arguments would apply the same to Google’s approach. My argument is that Google appears to have another agenda.