While I can understand it being a hassle, it's for the safety of everyone using this software that it's released open source.
Though I consider it too much of a hassle myself to push for, I'd argue that it shouldn't be allowed to post closed-source software on the forum. The chance for abuse and the danger to the community is, generally speaking, too much. Also, though don't quote me on this, I've heard of cases where a user sued a forum for "supporting" malicious code by leaving it up. So there could even be legal repercussions for FB in an extreme case.
All that said, this is SUPER not ok. Literally no one should use this program currently. There is exactly zero cases where it is EVER a smart thing to give something like this administrator privileges.
*Saving requires the program to be launched with Administrator access!
this is SUPER not ok. Literally no one should use this program currently. There is exactly zero cases where it is EVER a smart thing to give something like this administrator privileges.
Hypothetically, if Vexus had malicious intent, this app could have dropped a keylogger onto your system without your knowledge. If run in administrator mode, it could be even worse. I still don't recommend running this app unless the source is available.
Edit: To be clear, I'm not accusing Vexus of ill-intent. As a programmer, I try to pay attention to possible security issues.
As I said, while I disagree in principle it's not really terrible or anything.
But what is terrible is requiring admin privileges. From discussing with experienced developers who have used the same frameworks as Vexus, there's no reason that admin privileges should be required. That itself should be quite terrifying to any user. At the very least it's irresponsible development, at the most it's something malicious. Neither are alright.
Edit: as with Chthonium, this is a worry that comes from being a developer. I'm not saying Vexus personally has ill-intent, just that the dangers outweigh the benefits for a user in this case. A developer as a responsibility to be transparently secure with their users, especially when we're random people on the internet.
If you know a way for an app to create files on a system without administrator/permissioned access I think Microsoft would like to hear about it. When testing with crew, one person had UAC enabled in Windows and was unable to save files without launching the program as admin (it did nothing). I'm not a pro; if there's some method I'd need to include to let users save files with their user permission alone, I don't know it. If someone knows it, please let me know; I can add it in an update. As for security, my identity is known, and I'd probably go to jail if I included malicious code. In addition, just because something has open source code does not mean the downloadable binary isn't built with malicious code - so being open source doesn't change much unless you build everything yourself, which most users don't do. I appreciate the concerns though.
You still have permissions to create files; perhaps the wording of you need administrator access scares you a bit and that is understandable. I'll see if I can get some more functional way for the app to write a file with obtaining user permissions first. I disable UAC on my systems so it's not a common problem for me. Thank you!