Regarding
This whole thing is so silly. I mean its a Revit addin we are talking about here, not an attempt by Anonymous to destroy everything Revit in architectural firms all over the globe.
as Matthew Taylor points out, that is not the case. The AutoCAD Medre virus stole 100's of thousands of documents and emailed them to China. But the threat being real doesn't justify a lacking implementation on our part.
While we made every effort to sign all Autodesk add-ins, it sounds like we missed a few. In general, if an Autodesk add-in is not signed, that should be treated as a bug and reported to Autodesk support so that we can fix it. I'm unfamiliar with the Roombook add-in, but I'll see that it gets signed.
Unlike Windows, Revit has a mechanism for remembering that you've said "Always Load" on an unsigned add-in. If that box isn't working for you, whether the add-in is signed or not, that is a bug (provided that you're not updating the add-in between uses). Besides just being unfriendly, as Matthew points out, repeatedly seeing that dialog leads to user fatigue. This contributes to users making bad security choices when a dialog is presented for a real threat. (Even I find myself reflexively clicking the "OK" buttons on security dialogs - very bad.) In short, I view excessive dialogs as a security problem that we must fix. I'm not exactly how to investigate this problem further. I'll talk to our support organization and someone will get back to you.
Neil
PS: I think I've already mentioned this, but I'll repeat it: I think that code signing and user prompts are not a great design. They interrupt workflow and rely on users making difficult decisions based on limited information. Not a recipe for success. Unfortunately, code signing and user prompts are state of the art. Windows, Linux, and MacOSX, along with major browsers use this mechanism. We'll continue to fine-tune our implementation and investigate alternative technologies as they become available.