similarly, I’ve removed Microsoft from my system.
That’s the real trojan.
Me too !! Been loving Ubuntu the last couple of months. Had very few issues other than one time my Gui stopped working and it would only boot into terminal, if anyone knows how to fix that it would be great incase it happens again . Last time I just did a fresh install.
I recently went to Kubuntu and it’s been good.
deleted by creator
Yeah I’m guessing this is a false positive based on heuristic analysis, i.e. the TOR program has a lot of the same behaviors as malicious programs. Of course it is more accurate to say that the malicious programs are copying TOR behavior or just straight using TOR code, whatever the case may be.
My main issue is that it kind of shows a lack of due diligence. I assume the official TOR binaries are signed, so the official TOR binaries should be exempted from these heuristic positives. If the binaries are unsigned/have no valid certificates, then I can totally understand the false positive. At that point, the user should know they are installing software that cannot be automatically verified as being safe, and antivirus should never assume that something is safe otherwise. Like you said, for typical users this should be the expected behavior. Users can always undo Windows Defender actions and add exemptions.
I still don’t understand why Windows doesn’t use .exe whitelisting instead of bothering with endless blacklists and heuristics and antiviruses.
On any given system there’s a handful of legit .exe while out there there’s like a billion malware .exe, and more created every minute.
Or at least switch to an explicit “executable” flag like on MacOS and Linux.
Because it makes it the easiest thing to spoof an .exe which enables attacks of which you will never get out of. A legit.exe vs a spoofed legit.exe will be the exact same in every way except the coding in spoofed fucks you.
Edit: you’re trading security risk for security risk that makes it easier to hide. Not worth it.
Edit 2: their is nothing 100% secure MD5 and Sha1 are both spoofable. Checksums and anything is capable of being man in the middle. You people act like you just found something that can’t be broken. This is the real world the moment you switch most black hatters and white hatters will switch too…
I’m not sure that these things work the way you think they do… an antivirus wouldn’t just look for the name of an executable to be “legit.exe” but rather would look at what the program calls itself in it’s manifest, compute the hash for the executable binary file, and compare that hash against a database of known good hashes. If the contents of the executable compute a hash identical to the known good hash, then you know the contents of the executable are clean.
Still getting into programming and having a bit of trouble understanding what a “manifest” is. What does this technically entail? Are “manifests” implemented differently by PL or OS?
Manifests are like an abstract for an executable.
The manifest (at least how I am using the term) is whatever metadata a file has, and the format and location of this metadata can differ between operating systems. Usually the manifest is generated by the operating system based off of header data from the file itself, and details about the file that the operating system can deduce, such as file size, origin, location, file type, etc. In Windows you can view this info by right clicking/opening the context menu on any file and selecting “Properties”, on macOS by opening the context menu and selecting “Get Info”, and on other OSes such as linux/freeBSD it will be something similar.
There are other usages for “manifest” depending on the context, for example a manifest.xml would be something a developer would include with an android app that has configuration settings and properties for the app.
How is this getting upvoted. This is ridiculous garbage, every exe whitelist would obviously have checksums attached, not just a filename.
Please don’t reply to comments when you’re talking out your ass, that doesn’t help anyone. You don’t know wtf you’re on about, at all.
Not really, WDAC doesn’t usually just look at the filename. It can look at the certificate it was signed by, or fallback to using hashes.
Lmao your edit 2 is completely silly. SHA-256 is what would be used for checksum verification, and SHA-256 is pretty much collision resistant, and even then if two files computed the same hash they would have such different contents/properties that it would be obvious they are not the same file. MD5 and SHA-1 have been phased out for any serious usage for a while now.
Seriously tho, if you don’t know what you are talking about you should probably stop making a fool of yourself
deleted by creator
Windows has both WDAC and Applocker for allowlisting, not just for exes, but stuff such as powershell scripts and what drivers run in the kernel as well.
In it’s strongest form (a signed WDAC policy) even admin access can’t easily override it, and a well written policy can even enforce stuff such as downgrade protection (example: only allow firefox.exe signed by Mozilla at or above a certain version) which prevents an attacker from loading older versions of an executable.
The problem is that it’s not so easy to use in practice - an installer will often drop loads of unsigned files. Tor Browser ironically enough is a prime example, and any WDAC policies allowing it have to fallback on hash rules, which are fragile and must be regenerated every update, or filepath rules which are not so robust.
Microsoft is trying to make allowlisting more accessible with Smart App Control, which runs WDAC under the hood. It does save the hassle of managing one’s own policies (and also blocks certain filetypes like lnks commonly used for malware), but it is not very customizable.
From my experience, Windows by default completely blocks non-Microsoft-verified .exes. It’s called S mode and usually requires a Microsoft account to exit.
Do you mean that it’s enough just to be on a microsoft account? On 10, I didn’t technically do anything to exit that and I just have an annoying popup first time I’m using an unverified app. I can just allow them.
You need to “download” normal mode from the store, which requires a Microsoft account to use. All of the W11 computers I’ve gotten came in S mode.
Removed by mod
deleted by creator
Same here. Totally talking about Computer Numerical Control of course, absolutely no other association. Nope, definitely not. 😇
It’s defensible only from the perspective that it’s safer to flag many innocent apps than to miss something harmful. That said, it heavily punishes many legitimate developers and creators, as documented here. I was personally affected on many occasions and there hasn’t been a single one where Microsoft wouldn’t admit to false-flagging upon a manual review.
At this point, Microsoft Windows itself can basically be classified as malware
it is - by everyone with half a brain cell or more. Unfortunately, that’s not the majority of users by a long shot.
Incredible the downvotes you get. It’s true. Windows literally spies on you
It forces software on your system you don’t want and when you try remove it it reinstall itself just like a virus. Windows 11 especially is trash.
Try edge. Are you sure? It’s better. Why are you going to google? Did you know bing is better?
And so on and so on. It’s gross.
You can even earn reward points and real cash bribes to use Bing.
oh noes, my karma! Oh wait - there’s no such thing on lemmy :) In all honesty, I think most people downvoting did not fully understand my comment in relation to the one I was replying to. I think they misread it as “people with half a brain cell or more don’t use windows” and pushed the arrow down.
This is probably it haha
Hope they’re having fun watching me become Emperor of the HRE as Japan then. Cause I’m stuck with windows
Crusader Kings or Europa Universalis? Because they both work fine on Linux via Proton!
Eu4 with little to no actual knowledge of how the things in my OS work, I just know what Google is. Also I can’t afford a new PC or to risk screwing up my current one
If you’ve got a USB stick lying around you can make a “live disk” (or whatever it’s called nowadays) and run Linux off it to try it out. 90% of being a techie is having an interest and knowing how to do a web search so you’re most of the way there already!
If we define malware as something having functions to harm the user and not only things build soley for this purpose, then of course Windows is malware.
When Windows 95 was in beta I would install it and next day it was dead. We finally realized that the BIOS was killing it.
Wat?
95 is kill
Is the number 95 like a kill command?
Windows updates are literally harder to stop than actual viruses.
Dude ms defender used to delete my “Hello World” executables built using visual studio just because they were made by an unknown publisher.
Well maybe you should have become a known publisher before writing any programs.
/s
Removed by mod
It flagged your program for being dissident propaganda.
Microsoft Defender moment
Wow, do you need to have your apps signed by Microsoft now, like macOS’s Gatekeeper makes you do?
I’ve run into antiviruses blocking code I’ve written just because I pulled in certain cryptographic libs. Literally pulling in some Microsoft cryptography libraries in c# made it think I was writing a crypto locker.
Imo, compared to how prevalent viruses were on older versions of windows, this type paranoia seems to be working
It blocked my lousy dll injector that was made for debugging.
Removed by mod
If you have to use Tor you shouldn’t be using Windows.
This is a bad response to this news. There are many reasons why you might want to run tor on Windows and gatekeeping people out of tor because they are not on a chosen OS is a terribly way to get more people into thinking about privacy and security practices. Yes if you have the highest threat model you might want to avoid Windows as well, but not everyone needs absolute privacy/security for what they do. But why should you not have access to a tool that can help improve things even if you are not able to switch everything to a more private/secure alternative?
Really you should want everyone and anyone to run on tor, even if they don’t need it, even if they are on windows. The more people using it the more secure it is for those that do require it.
Yeah I agree. To be clear, if you take the reverse of my statement, i.e. if you’re on Windows, you shouldn’t use Tor, then I would be gatekeeping.
But I’m not implying that, but rather the reverse. I’m saying if you have use Tor for whatever reasons to bypass censorship, do illegal stuff and avoid being tracked, you should at least be aware that at the kernel level, how you’re accessing the internet has already been compromised by Microsoft, and consider alternatives OSes
Of course I’d still want people running Windows to be able to use Tor, and also I’d say leaving Windows isn’t something you would only do at the “highest threat model”.
Privacy will almost always be a trade-off with convenience, I’m pushing the awareness to get people to act, should they choose to. That’s all.
You might not have intended to imply that, but your original words can be taken in many different ways. Such as a dismissive well this news does not matter because you should not be using TOR if you are on windows. You did not say that exactly, but either interpenetration needs some reading between the lines as you did not really say all that much. So it could be taken that way just as much as the way you actually intended. And on the internet if things can be interpreted multiple ways they will be.
Taking “If P then not Q” as equivalent to “If not Q then not P” is just straight up broken thinking. We shouldn’t have to preface each comment with a primer on the basics of how to think.
I know you meant well, but I don’t think their interpretation implied any logical fallacy. I used a conditional statement but my statement was prescriptive, not descriptive.
The difference between “I should” and “I have to/must” is a modal one. I implied “if I have to X then I shouldn’t Y”. They swapped X and Y around to get “If I have to Y then I shouldn’t X”, which is just a plain misinterpretation. The use of what is and what ought implies a recommendation or opinion, not mutual exclusivity. For that, I would have to use the same modality “If I have to X then I must not do Y”.
It’s like mixing up “If I have an infectious disease, I shouldn’t go outside” vs. “If I have to go outside, I shouldn’t have an infectious disease”. To me, they have a subtle difference. There is compromise and decision-making involved.
I’ll spell it out anyway because why not. I can’t be bothered to edit my original comment. While it’s sensational-sounding, anyone who take issue with what I said don’t take surveillance properly so I can’t help them, while those that misinterpreted me like nous did can find out for themselves here.
spoiler
If I have to use Windows, then I can still use Tor understanding and accepting that the OS at the kernel level is a black box that logs and tracks whatever it wants. I can compromise because I might just want to read a blocked news site or Wikipedia. Likewise, if I’m stuck somewhere and I have to use Windows to use Tor then it is a compromise. But that doesn’t mean I shouldn’t use Tor. I’m responsible for my bad opsec should anything bad come my way.
versus
If I have to use Tor, then something is wrong with the way I’m able to access and/or spread information (I handle sensitive or illegal topics, that can harm me or others if found out), and I can’t do it privately because there is surveillance involved. At the kernel level windows is a blackbox that mishandle my data and has the ability to observe everything I do. Therefore I ought to not use Windows.
I’m not saying you’re wrong (frankly, I’m on your side), but the majority of the general population, i.e. windows users, would take it as such. This is more to do with the failure of the various education systems more so than anything else.
If you have to bust out explanations from IQ test questions to explain yourself, then you’ve failed to communicate with 98% of whoever reads your comment. You can’t expect people to put in more than a modicum of effort to understand your message.
Most people understand how to think without needing to know how to formalize the process.
I think this is a very lofty idealism.
Oh my God, nerds, stop arguing about absolutely nothing other than who was rught
Going on lemmy to complain about nerds
deleted by creator
Let’s not blame the victims of Microsoft’s fuckery here.
someone is giving them money and rewarding the fuckery - and has been for several decades now.
i wish the MS benefactors would at least make the payments conditional on improvement.Yeah, all businesses that need to run proprietary software that only exists on windows.
Good luck convincing your manager to use crossover/wine for your XRD machine.
People who think people using windows do it voluntarily are so out of touch with the industry.
I’d love to switch, but my laptop makes that quite hard and the computer still has years in it before I probably need to think about replacing it.
I’ve got an asus rog and sometimes need the backlight on the keyboard. As far as I could tell, no one had figured out how to do it without the windows only asus made software.
I keep a small partition set aside in case I need it for settings, but I leave the keyboard on one setting all the time.
Fedora by far has the best bootloader setup for modern bleeding edge hardware. Their Anaconda system (not related to Python’s “conda”) uses a shim key that is signed by Microsoft’s 3rd party UEFI key signing arrangement. Outside of the questionable philosophical implications around this arrangement and system, overall the setup is ideal for the end user. Fedora can on coexist with a windows partition easily, encrypt the entire thing and Windows can’t mess with anything on the Linux side. Personally, I haven’t ever actually used Windows since W8. My workstation router runs on a whitelist firewall so W11 is in a post internet age where it rightfully belongs. It might as well be a tab in the UEFI bootloader settings for all I care.
Fedora also has a system that builds the Nvidia kernel module from scratch every time the Linux kernel is updated. Around half of the updates still require me to do a quick restart after initial boot to enable the Nvidia kernel module. It falls back to the open source alt driver and still works fine, but I do AI stuff and need the CUDA API, so I have to reboot to get that working once a week or two. Fedora really is quite easy now. I would use something like NIX, but the Anaconda system is unmatched and too good to give up. You will have secure boot locked all the time even if you can not register custom keys or do not care to set them up manually.
Oh, I don’t need the keyboard to be pretty. Just lit up at all which seems to be effective locked by asus.
When I tried, I had put Ubuntu on it. That process seemed to go pretty good except the keyboard. Even got the WiFi working just fine. I may give fedora a try, but I’m way too lazy to switch back and forth between os’s depending on how dark the room I’m in is.
Does it not stay set at a default or have some amount of functionality? Like my Gigabyte Aorus has the full settings nonsense app in Windows, but if I set it to one thing, the change is persistent. I just always keep it on low and green. The function keys will let me alter the brightness between medium, bright, and alien abduction; which is super annoying because I can’t get back to low, but there is something.
You may find some info searching too, some people occasionally make their own kernel modules or app for individual machines. I would take a look at Linux Hardware Probe (https://linux-hardware.org/) to see what shows up with your model, although the peripheral accessories are not usually the focus, they may be mentioned.
The main thing I was worried about with the proprietary settings like RGB was actually the thermal management settings that are also in that app. I have the 3080Ti, aka the 16GBV monster GPU. I can’t say any details about how the thermal performance will work with gaming or whatnot, but I do some AI training loads that hold the GPU at absolute max load for hours and it has never gotten above 80C. It throttles as expected, and each laptop’s thermal design will vary, but I can put the laptop with its vent inlet ports directly in front of a window AC and the GPU will hold max load at 70C for as long as I have ever pushed it (3-5hours straight). I’m playing with buggy code, much of it written by myself, and I never attempt to override the Nvidia settings, but with daily use since the beginning of July, I’ve had no complaints. This was the big thing weighing on me in the back of my mind. Just thought I might mention it if you change your mind and want to make the switch.
Oh no, the lights were just off. I never change it anyways. I’m not one to care about making the keyboard do anything dynamic.
I ran into the same issue when I uninstall the bloatware from asus in windows.
Honestly, asus just is a huge pain here and I’ll definitely be avoiding them in the future.
Have you considered learning how to type? (I know, kind of snarky) I don’t need to look at my keyboard or see my hands, there’s little bumps on the home keys and then you just type based on location.
It’s not regular typing. It’s primarily using the f-keys and numbers. Particularly for functions in my IDE.
Most of the time I’m using an external monitor and keyboard, so get very little practice on the built in one except when it’s in less than ideal situations like flying.
When I get my next laptop, I’ll be keeping Linux capabilities in mind. But that’s years away. I’m not even sure where to start with reverse engineering the hardware, and also don’t see myself spending months of my free time to make it work. I don’t have that much free time and there are too many other things I’d like to be using that time for.
FWIW I just put Windows onto a ROG GX531GX to gift it to a family member, (I told him it was a testament of my love that I was going from Linux TO Windows on a system for the first time ever) but have been gaming on it under Linux for a couple of years, and under KDE plasma was a slider for the keyboard backlight with the power settings, which required no extra attention from me (that I can recall) to get there.
I may have had to install an “asus laptop” or similar labeled package from my package manager and forgotten about it, but it was for sure no more than that or I’d have remembered.
Edit: I’m posting this from a different computer but it was likely one of these.
Arch users are never shaking those allegations. Are are aware that people use Tor for other things, right?
Fucking microsoft doing microsoft things.
It blows my mind that Windows can be and is so incompetent. If they did not hold the level of market share that they do, that would be out of business.
People are literally locked in because the software is not made for Linux. But Linux keeps marching and getting better.
We have the games, now all we need are a few professional applications and then Windows can easily be replaced.
But it’s just defender. It’s free and you don’t have to use it.
It’s not just defender, Window has so many problem. Like constant ads to try to get me to use Bing and Edge. It is bundling a bunch of random software and games during install. It is forcing users to create a Microsoft account when setting up the computer.
On top of all of this, it is the only operating system to crashes on on me during use. Even though it is on my most powerful hardware, it is the computer that runs sluggishly all the time.
You don’t have to create a Microsoft account to use Windoows. In corporate environments most issues are usually mitigated by administrators via group policy. Crashing and bad performance are not typical. Windows is very reliable,
deleted by creator
deleted by creator
It’s better to use Whonix or Tails if you want to use TOR browser securely. If I ever had to use Windows again it would not be for anything private.
I’m certain there are people who use Tor in a way that it would make sense to use a secure OS.
But I use Tor to get around stupid public wifis and suchlike that have content blockers. I’m not scared that the police are going to beat the shit out of me so I just use Windows or Android.
Found the white guy!
I’m confused about what you meant by your last sentence. Are you trying to throw a hint that using distros such as Whonix and Tails means you will be doing something illegal?
I’m not afraid of the police coming after me because I’ve done nothing wrong. One of the reasons I use Linux distros and distros that are specialized like Whonix and Tails is because I value my privacy which Windows won’t give you.
No, I’m making a comment about the word “securely” in the post I responded to. i.e. “Secure” means different things for different people.
I like to use Tor on occasion for the reason stated but I’m sure as hell not booting up an OS to do it for my use case. That would be inconvenient especially as I’m using Tor to subvert a stupid netnanny, and not endangering myself or putting myself in legal peril. So using Tor this way is plenty secure - I can hold a secure conversation with a website of my choosing without netnanny interfering.
Other use cases may vary and your need for “secure”. Maybe you absolutely value your privacy above all else, or are up to something you don’t want others to know about. In which case do, go and use Tails or whatever.
A little context, one of the larger exit nodes was compromised and would send malware to your computer. The behavior shield probably caught this and correctly marked the program as a trojan, since, by definition, that’s literally what it was acting as when connected to that node. More advanced AVs (like malwarebytes) will instead block the malicious connection rather than blanket-banning the entire program.
A sane response in a sea of bullshit.
Experts believe that the false malware alert is due to the new heuristic detection method used in Microsoft Defender
Fortune tellers are not a replacement for good security!
Any don’t use windows for anything private or personal as its under the control of Microsoft. You are just giving it suggestions
Removed by mod
I was joking sorry I didn’t mark it as such
Removed by mod
BANANA
thank you Puzzle_Sluts_4Ever, very clear explanation
deleted by creator
This only happens in the latest version btw.
You can still download previous version and replace tor.exe and it works.
Bot
I ASSURE YOU I'M NOT A BOT, SILLY HUMANSince when do bats speak in monospace?
Windows Defender sucks compared to the original Williams version.
Hot take, I see no issue with this. If you’re savvy enough to know about Tor and its purpose, you’re also savvy enough to know how to add a security exclusion in Defender. People who don’t know how to whitelist a program in Defender probably did not install Tor themselves and won’t be safe using a program with the capability to access the dark web.
It’s extra frustration for those trying to legitimately use Tor, but it’s also a safety check in the case of an unintended install.
People who actually want to use Tor are probably also on Linux. Using it on Windows pretty much nullifies any privacy it gives you.
