Why Windows considers Rust a danger?

Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.

1 Like

What do you mean “Rust” in your question? If it’s a binary compiled from your Rust project, afaik windows considers binaries which isn’t signed with some registered keys a potential security hole. This doesn’t related much with the Rust compiler and also rustc can’t help you much(maybe there some cargo plugins for it?).

But if it’s the Rust compiler and official toolchains, It really seems like an issue for Rust internals. I don’t use windows currently so I can’t say much for it neither. But core teams consider windows support very important, your report will be very helpful to them.

Because even though glass doesn’t have any iron to oxidize, the surrounding frame might and if that part rusts it can endanger the glass too.

To prevent this make sure you use aluminum frames or some other material that doesn’t contain iron

(sorry but not sorry for the corny joke! :wink:)

3 Likes

Security is a complex topic, and you can’t rely on windows to decide for you what is dangerous and what isn’t, it’s a guide at best. You should invest time in understanding security. If you downloaded a binary from https://rust-lang.org, you can be sure that only the person with the certificate can communicate with you. There is also work going on w.r.t. reproducible builds so you can verify the compiler by building it yourself and checking the bytes match.

Is rustup-init.exe signed? AFAIK SmartScreen thinks everything is a danger, unless it has seen the same exe used by multiple users, for over a month.

Without signing this timer resets with every change to the executable, so Rust’s installer is likely to be classified as dangerous for a month after every release.

2 Likes

The infra team is investigating signing rustup-init.exe but it hasn’t happened yet.

5 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.