> By the way iOS is the only popular operating system I know that doesn't allow to execute files downloaded from web or emails.
Windows 8, 8.1, and 10 don't allow it either. SmartScreen will block unsigned executables by default[0]. Enterprise customers should be using AppLocker which does a lot of what SmartScreen does, but with more flexibility and control.
The issue arises when [bad] System Administrators disable SmartScreen because it is a "hassle" and don't deploy AppLocker in its place. This effectively sends their users back to a Windows 7 level of security.
If Microsoft forced either SmartScreen OR AppLocker, then we'd have people on here screaming about freedom, Microsoft is evil, "Embrace, extend and extinguish," year of the Linux desktop, and so on. This is the best they can without treating System Admins like babies (even when they're going to use that power for "evil").
Fortunately because of how signing works it makes malware that is signed incredibly easy to detect, since by the very nature of the signature the malware's contents cannot be altered.
Plus signing is costly, and that within itself can make malware attacks uneconomical. It also makes getting a signature rather complex since you need fake identification and payment to avoid being carted off by the authorities.
Overall signing requirements are a huge net win for the "good guys." And while it isn't a hard security boundary, it is a damn effective one in the real world.
"If Microsoft forced either SmartScreen OR AppLocker"
Meh, just add a button or clickable link that allows the sysadmin to swiftly disable such warnings. Just make sure to put a scary-enough disclaimer that doing so can expose you to very bad, malicious stuff, from ill-intentioned people. It might get more application publishers to implement signing, just as Vista and 7 got rid of the "run everything as administrator" mentality through the use of UAC warnings.
Whatever the default level SmartScreen is already has a ding and a warning pop up about unknown executables. But it's amber and not red, and most people just click through it (I know I do).
I think there should be a separate UI for installing or running a downloaded program (with a huge red warning) so the users cannot accidentally run anything.
The problem here is that the system is not secure by default, one needs to hire a qualified specialist to set everything up. By default the user can run executable attachments or files downloaded from browser and it is a wrong design decision made many years ago. Users do not understand what is an "executable file", they got used to click an icon to see the file contents. This is just poorly designed UI that helps to deceive a user.
> If Microsoft forced either SmartScreen OR AppLocker, then we'd have people on here screaming about freedom, Microsoft is evil,
There could be a separate UI for installing software or even a package manager. Microsoft doens't want to change anything because it is still the leader and earns huge profits.
Windows 8, 8.1, and 10 don't allow it either. SmartScreen will block unsigned executables by default[0]. Enterprise customers should be using AppLocker which does a lot of what SmartScreen does, but with more flexibility and control.
The issue arises when [bad] System Administrators disable SmartScreen because it is a "hassle" and don't deploy AppLocker in its place. This effectively sends their users back to a Windows 7 level of security.
If Microsoft forced either SmartScreen OR AppLocker, then we'd have people on here screaming about freedom, Microsoft is evil, "Embrace, extend and extinguish," year of the Linux desktop, and so on. This is the best they can without treating System Admins like babies (even when they're going to use that power for "evil").
[0] https://blogs.msdn.microsoft.com/ie/2012/08/14/microsoft-sma...