False positives happen and it seems like they already resolved it.
It’s unfortunate that MS makes it so hard to take them at their word when they’re so aggressive with forcing Edge down everyone’s throat. That makes even obvious bugs seem nefarious.
A little context, one of the larger exit nodes was compromised and would send malware to your computer. The behavior shield probably caught this and correctly marked the program as a trojan, since, by definition, that’s literally what it was acting as when connected to that node. More advanced AVs (like malwarebytes) will instead block the malicious connection rather than blanket-banning the entire program.
Hot take, I see no issue with this. If you’re savvy enough to know about Tor and its purpose, you’re also savvy enough to know how to add a security exclusion in Defender. People who don’t know how to whitelist a program in Defender probably did not install Tor themselves and won’t be safe using a program with the capability to access the dark web.
It’s extra frustration for those trying to legitimately use Tor, but it’s also a safety check in the case of an unintended install.
I’ve run into antiviruses blocking code I’ve written just because I pulled in certain cryptographic libs. Literally pulling in some Microsoft cryptography libraries in c# made it think I was writing a crypto locker.
It blows my mind that Windows can be and is so incompetent. If they did not hold the level of market share that they do, that would be out of business.
People are literally locked in because the software is not made for Linux. But Linux keeps marching and getting better.
We have the games, now all we need are a few professional applications and then Windows can easily be replaced.
It’s not just defender, Window has so many problem. Like constant ads to try to get me to use Bing and Edge. It is bundling a bunch of random software and games during install. It is forcing users to create a Microsoft account when setting up the computer.
On top of all of this, it is the only operating system to crashes on on me during use. Even though it is on my most powerful hardware, it is the computer that runs sluggishly all the time.
You don’t have to create a Microsoft account to use Windoows. In corporate environments most issues are usually mitigated by administrators via group policy. Crashing and bad performance are not typical. Windows is very reliable,
It’s better to use Whonix or Tails if you want to use TOR browser securely. If I ever had to use Windows again it would not be for anything private.
I’m certain there are people who use Tor in a way that it would make sense to use a secure OS.
But I use Tor to get around stupid public wifis and suchlike that have content blockers. I’m not scared that the police are going to beat the shit out of me so I just use Windows or Android.
I'm confused about what you meant by your last sentence. Are you trying to throw a hint that using distros such as Whonix and Tails means you will be doing something illegal?
I'm not afraid of the police coming after me because I've done nothing wrong. One of the reasons I use Linux distros and distros that are specialized like Whonix and Tails is because I value my privacy which Windows won't give you.
No, I’m making a comment about the word “securely” in the post I responded to. i.e. “Secure” means different things for different people.
I like to use Tor on occasion for the reason stated but I’m sure as hell not booting up an OS to do it for my use case. That would be inconvenient especially as I’m using Tor to subvert a stupid netnanny, and not endangering myself or putting myself in legal peril. So using Tor this way is plenty secure - I can hold a secure conversation with a website of my choosing without netnanny interfering.
Other use cases may vary and your need for “secure”. Maybe you absolutely value your privacy above all else, or are up to something you don’t want others to know about. In which case do, go and use Tails or whatever.
I’m not sure about the browser, but a lot of malware used to ship with the tor binary and used it to connect to the CNC. I can totally see it ending up in the indicator list.
I love bashing MS as much as the next guy, but this is not completely indefensible behavior given typical user use cases and needs. As long as it’s easy to add an exception of you installed it on purpose.
Yeah I’m guessing this is a false positive based on heuristic analysis, i.e. the TOR program has a lot of the same behaviors as malicious programs. Of course it is more accurate to say that the malicious programs are copying TOR behavior or just straight using TOR code, whatever the case may be.
My main issue is that it kind of shows a lack of due diligence. I assume the official TOR binaries are signed, so the official TOR binaries should be exempted from these heuristic positives. If the binaries are unsigned/have no valid certificates, then I can totally understand the false positive. At that point, the user should know they are installing software that cannot be automatically verified as being safe, and antivirus should never assume that something is safe otherwise. Like you said, for typical users this should be the expected behavior. Users can always undo Windows Defender actions and add exemptions.
Because it makes it the easiest thing to spoof an .exe which enables attacks of which you will never get out of. A legit.exe vs a spoofed legit.exe will be the exact same in every way except the coding in spoofed fucks you.
Edit: you’re trading security risk for security risk that makes it easier to hide. Not worth it.
Edit 2: their is nothing 100% secure MD5 and Sha1 are both spoofable. Checksums and anything is capable of being man in the middle. You people act like you just found something that can’t be broken. This is the real world the moment you switch most black hatters and white hatters will switch too…
I’m not sure that these things work the way you think they do… an antivirus wouldn’t just look for the name of an executable to be “legit.exe” but rather would look at what the program calls itself in it’s manifest, compute the hash for the executable binary file, and compare that hash against a database of known good hashes. If the contents of the executable compute a hash identical to the known good hash, then you know the contents of the executable are clean.
Still getting into programming and having a bit of trouble understanding what a “manifest” is. What does this technically entail? Are “manifests” implemented differently by PL or OS?
The manifest (at least how I am using the term) is whatever metadata a file has, and the format and location of this metadata can differ between operating systems. Usually the manifest is generated by the operating system based off of header data from the file itself, and details about the file that the operating system can deduce, such as file size, origin, location, file type, etc. In Windows you can view this info by right clicking/opening the context menu on any file and selecting “Properties”, on macOS by opening the context menu and selecting “Get Info”, and on other OSes such as linux/freeBSD it will be something similar.
There are other usages for “manifest” depending on the context, for example a manifest.xml would be something a developer would include with an android app that has configuration settings and properties for the app.
Lmao your edit 2 is completely silly. SHA-256 is what would be used for checksum verification, and SHA-256 is pretty much collision resistant, and even then if two files computed the same hash they would have such different contents/properties that it would be obvious they are not the same file. MD5 and SHA-1 have been phased out for any serious usage for a while now.
Seriously tho, if you don’t know what you are talking about you should probably stop making a fool of yourself
Windows has both WDAC and Applocker for allowlisting, not just for exes, but stuff such as powershell scripts and what drivers run in the kernel as well.
In it’s strongest form (a signed WDAC policy) even admin access can’t easily override it, and a well written policy can even enforce stuff such as downgrade protection (example: only allow firefox.exe signed by Mozilla at or above a certain version) which prevents an attacker from loading older versions of an executable.
The problem is that it’s not so easy to use in practice - an installer will often drop loads of unsigned files. Tor Browser ironically enough is a prime example, and any WDAC policies allowing it have to fallback on hash rules, which are fragile and must be regenerated every update, or filepath rules which are not so robust.
Microsoft is trying to make allowlisting more accessible with Smart App Control, which runs WDAC under the hood. It does save the hassle of managing one’s own policies (and also blocks certain filetypes like lnks commonly used for malware), but it is not very customizable.
From my experience, Windows by default completely blocks non-Microsoft-verified .exes. It’s called S mode and usually requires a Microsoft account to exit.
Do you mean that it’s enough just to be on a microsoft account? On 10, I didn’t technically do anything to exit that and I just have an annoying popup first time I’m using an unverified app. I can just allow them.
It’s defensible only from the perspective that it’s safer to flag many innocent apps than to miss something harmful. That said, it heavily punishes many legitimate developers and creators, as documented here. I was personally affected on many occasions and there hasn’t been a single one where Microsoft wouldn’t admit to false-flagging upon a manual review.
Raid shado- I mean, Nordvpn. Protect your self online, call now to meet lonely VPN providers in your neighborhood looking to protect your data all day all night long.
Eu4 with little to no actual knowledge of how the things in my OS work, I just know what Google is. Also I can’t afford a new PC or to risk screwing up my current one
If you’ve got a USB stick lying around you can make a “live disk” (or whatever it’s called nowadays) and run Linux off it to try it out. 90% of being a techie is having an interest and knowing how to do a web search so you’re most of the way there already!
oh noes, my karma! Oh wait - there’s no such thing on lemmy :) In all honesty, I think most people downvoting did not fully understand my comment in relation to the one I was replying to. I think they misread it as “people with half a brain cell or more don’t use windows” and pushed the arrow down.
If we define malware as something having functions to harm the user and not only things build soley for this purpose, then of course Windows is malware.
Add comment