> after the download my Windows Defender instantly detecting a virus.
> (because i am often working with programms which triggering the defender i just ignored that)
This again shows the unfortunate corrosive effect of false-positives. Probably impossible to solve while aggressively detecting viruses though.
I think to an extent Microsoft is the guilty party here. For may cracks Windows Defender will trip saying "Win32/Keygen" even if there's no actual malware
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclo...
This trains people that do a lot of piracy to be used to turning off their antivirus to let something through, which is fine until it's not. It's like drugs, if we know a subset of the population will do them no matter what, we should make it safe for them to the extent we can. False positives, causing people to ignore actual positives, creates a market for these things.
But sorta possible to solve with source-based distribution and totally possible to solve with pure reproducible builds.
It's entirely possible to ship malware in source form... Just look at the numerous supply chain attacks. Nix is a cute project but entirely irrelevant here.
It is possible but visible, and it means burning an identity, so it's not irrelevant
What systems have pure reproducible builds? Does Nix? Any others? From what I understand, it is a very difficult problem.
https://stal-ix.github.io/ and Guix, but the definitions of purity are different for them.
Yes, a very difficult problem, compilers must be pure functions with thin effectful wrappers.
If only there were a great Windows app store or a package manager to help with the impossible...