Long answer: Windows has a few conventions that make it "better", like a predictable place to install your files, a global authoritative "registry", and never having dynamically linked (and separately installed) dependencies. By sheer virtue of not having a good package manager, Windows has avoided dependency hell. That does, however, still leave it without the utility of a package manager.
Windows checks the code signing certificate of the exe, and if it isn't present and the binary not widely used shows you a big scary warning to discourage you from running it. And if the exe is signed that at least tells you where to send the police after you were infected.
Of course open source projects rarely sign their exes because those certificates are expensive ($300+/year).
> Windows checks the code signing certificate of the exe, and if it isn't present and the binary not widely used shows you a big scary warning to discourage you from running it.
Actually even if the file is correctly signed but is new users will see the warning banners. (Unless using the more expensive EV Code Signing certs)
> Of course open source projects rarely sign their exes because those certificates are expensive ($300+/year).
If the open source project is widely recognizable I'd suggest contacting https://signpath.org/ to get code signing for free (as in beer) via simple Github Action workflow.
That's great to see that they are so cheap now for open source work. I must have remembered the price of EV certificates (which are handy for completely getting rid of the warning screen and for getting Windows Defender off your back)
