Jerk Question: Trust and security of companion software/hardware

LagunaSeca

100RPM
May 8, 2018
103
76
I think I am going to be hated by lots of people because of this post. I apologize in advance, but I really really want to know how other people think about this issue.

I got this question because a while ago I was searching for a way to let the rumble function of my clubsport v3 pedals to work with AC. Then I came across with fanaled and simhub. Software like these just blew me away about the possibilities and amount of customization you can have with your rig. And I have huge respect for the developers behind them.

But I did not install them in the end, because there is no blue UAC screen (a certification of verified publisher) and they are not open source (no GPL licence. Simhub has github but there is no source code there).

Maybe I am just a paranoid person, but bad things can happen with software like that. Also, some hardware makers don't bother getting a certification. Like the SRD-R3 display https://store.renovatio-dev.com/index.php?route=product/product&product_id=76
(Let's say if they decide to get a certification and bump the price for 100 usd, I will buy it instantly. I never ask people work for free, and I am happy to pay more.)

I understand that getting a certification can be a hassle and will run someone around $500 every two years, but UAC does tell people that the software is endorsed by authorities and is safe to use. I guess that is also the point of having google play/app store. If getting a certification is not an option (I hate the overpriced cert industry as well), why can't software like simhub/fanaled be distributed through platforms like steam? Simhub asks users to donote to get 60fps anyway, so why don't make a free steam version and a DLC? If the author don't like valve getting a cut, they can bump the price. If simhub is now available on steam and costs 60 USD, no problem, I will buy in an instant. Getting simhub for 60 bucks feels much more worth it than getting CoD. Like I said earlier, I am not asking anyone to work for free, I am just more concerned (paranoid) about cyber security, and I am more than happy to pay more for the trouble of the developers.

Another reason why I believe getting a certification is important is software like these operate in a sensitive context. In order to do what it is supposed to do, it needs to read your memory, manipulate data over network and sometimes read your input. What does it sound like? A malware, right? So security is an issue. Even if the author of these software are known by the community, we still need to make sure the version we download is not altered. (For ex, in the release note of notepad ++ 7.6.4, the author lost the digital signature because it expired. He encouraged people to run the checksum to make sure the package is not altered.) Moreover, if some small company decides to sell something like LCD display, it would be professional to get a certification.

So what do you think about this issue? Will you be concerned if software like this can compromise your system? Are you willing to pay a little extra for it to appear on steam? Or are you a person who cares about things like UAC/open source at all?


(PS: Another thing I do as a paranoid person is disabling autorun. Every time I got a custom made wheel or button box. I would plug it into my PC and run the device manager immediately. Some virus hides inside the onboard memory of USB controllers and it can infect your PC if you have autorun. If the USB devices does not have onboard memory, then everything is fine. If it has, then my alert gauge will fill up instantly.)
 

BenKay

100RPM
Jul 17, 2018
145
38
36
The fundamental big issue, is that whilst you personally would be, and are, happy to pay more for a certified product.....how many others fall into that category? I suspect you're the minority, by quite a long way.

The fact is that a developer has to weigh up the cost/benefit of certification...I would imagine that especially in this niche market, the way to maximise sales would swing way towards having a cheaper product, than having a UAC pop-up to appease the relatively small number of security-conscious users.
 

LagunaSeca

100RPM
May 8, 2018
103
76
The fundamental big issue, is that whilst you personally would be, and are, happy to pay more for a certified product.....how many others fall into that category? I suspect you're the minority, by quite a long way.

The fact is that a developer has to weigh up the cost/benefit of certification...I would imagine that especially in this niche market, the way to maximise sales would swing way towards having a cheaper product, than having a UAC pop-up to appease the relatively small number of security-conscious users.
Yeah, figured as much. What upsets me is not the fact most people don't want to pay more, but the fact the cybersecurity issue is often overlooked. Let's say someone installs the simhub and turns UAC off. One day some hacker hacks the developer's website and injects some malicious code into the program and push a new, bad update. Then this guy's PC, along with all the personal info which might include bank account, social security info, etc, is f**ked. His other device on the same home network might be f**ked as well. We really need more awareness for cyber security.

Time to buy windows pro and run simhub in a sandbox....:geek: