rule

No kink shaming.

It is super bad form for a commercial website to provide software with malware.

Although this happens sometimes when commercial hosts get hacked and have their copies intentionally corrupted. I think the internet has had more than one epidemic, killing the whole download from sources you trust advisory.

Also some types of malware like adware and spyware are more commonly accepted.

I mean. What you gonna gate keep for new grounds back in 99 too?
You either have open systems where yes, some people can do bad things, but people have access and can do cool things, or you make it more exclusive safer less creative less accessible.
You don't get both.
Isnt adware a program that shows you ads outside of itself?
Are there trusted apps that add ads to internet explorer or your taskbar?
- I don't trust them. But some established software hosts provide them.
  Ads are a security hazard themselves and a vector for malware, and people have gotten infected from the Forbes site without adblocking, so yeah, it's a risk. USUALLY the site / developer will report that it's adware so you can make that choice, which makes it slightly less unethical.

There's literal shit on itch.

Damn that game is liquid shit.

Do they actually check for viruses, though? I never even thought about it. I always do a VirusTotal run on anything I download from anywhere.

Antivirus checking isnt really a thing. It protects only against known, old and basic malware. How would you test for something that isnt known....
- Pretty sure unknown new vulnerabilities would be used to exploit things like banks and industry, not little timmy's first porngame, but I guess it's all a statistical outcome.
Likely they do testing for known stuff, you can even get premade malware to attach to your exe files. The main problem is the more custom stuff, which is hard to test for, especially with code obfuscation.
I'm mentally trying to process how that would work.
I'm pretty sure you can literally upload anything. Like I bet I can make a quick game called "I'll erase your hard drive" and the first thing you do is allow me to get admin/sudo access.
And that might live in itch until it's manually removed. (As opposed to automatically)
- Technically it is not a malicious program if it asks for permission (and for added security add a nonliability statement the users agree to).
  How it would work is if somebody uploads something the server does a virus check with any kind of antimalware and then any known worms or trojans do not get visibility or just explicitly do not get published at all.