Dude ms defender used to delete my “Hello World” executables built using visual studio just because they were made by an unknown publisher.
Microsoft Defender Flags Tor Browser as a Trojan and Removes it from the System - Deform
Submitted 1 year ago by shish_mish@lemmy.world to technology@lemmy.world
https://deform.co/microsoft-defender-flags-tor-browser-as-a-trojan-and-removes-it-from-the-system/
Comments
BubblyMango@lemmy.wtf 1 year ago
InfiniteStruggle@sh.itjust.works 1 year ago
Well maybe you should have become a known publisher before writing any programs.
/s
keryxa@lemmy.world 1 year ago
Taught you a lesson.
brsrklf@jlai.lu 1 year ago
It flagged your program for being dissident propaganda.
ago@lemmy.world 1 year ago
Microsoft Defender moment
totallynotfbi@lemm.ee 1 year ago
Wow, do you need to have your apps signed by Microsoft now, like macOS’s Gatekeeper makes you do?
EmhyrVarEmreis@lemm.ee 1 year ago
Classic Microsoft
Pxtl@lemmy.ca 1 year ago
I’ve run into antiviruses blocking code I’ve written just because I pulled in certain cryptographic libs. Literally pulling in some Microsoft cryptography libraries in c# made it think I was writing a crypto locker.
aidan@lemmy.world 1 year ago
Imo, compared to how prevalent viruses were on older versions of windows, this type paranoia seems to be working
McBain@feddit.ch 1 year ago
It blocked my lousy dll injector that was made for debugging.
lckdscl@whiskers.bim.boats 1 year ago
If you have to use Tor you shouldn’t be using Windows.
nous@programming.dev 1 year ago
This is a bad response to this news. There are many reasons why you might want to run tor on Windows and gatekeeping people out of tor because they are not on a chosen OS is a terribly way to get more people into thinking about privacy and security practices. Yes if you have the highest threat model you might want to avoid Windows as well, but not everyone needs absolute privacy/security for what they do. But why should you not have access to a tool that can help improve things even if you are not able to switch everything to a more private/secure alternative?
Really you should want everyone and anyone to run on tor, even if they don’t need it, even if they are on windows. The more people using it the more secure it is for those that do require it.
lckdscl@whiskers.bim.boats 1 year ago
Yeah I agree. To be clear, if you take the reverse of my statement, i.e. if you’re on Windows, you shouldn’t use Tor, then I would be gatekeeping.
But I’m not implying that, but rather the reverse. I’m saying if you have use Tor for whatever reasons to bypass censorship, do illegal stuff and avoid being tracked, you should at least be aware that at the kernel level, how you’re accessing the internet has already been compromised by Microsoft, and consider alternatives OSes
Of course I’d still want people running Windows to be able to use Tor, and also I’d say leaving Windows isn’t something you would only do at the “highest threat model”.
Privacy will almost always be a trade-off with convenience, I’m pushing the awareness to get people to act, should they choose to. That’s all.
over_clox@lemmy.world 1 year ago
Sometimes people use Tor just to get around ‘This site is blocked in your country’
But hey, I hear ya! I’ve been running Linux as my daily driver since 2015, and the more they enshittify Windows, the more I recommend others make the switch.
lckdscl@whiskers.bim.boats 1 year ago
Agreed. I thought of ISP restrictions too, but I would say if where you live places a level of censorship due to political reasons or otherwise and you need to access it for whatever reasons so you need Tor then by all means Microsoft is not your friend since they’re a privacy nightmare.
There are also VPNs for banned media, I typically wouldn’t want to use Tor for anything more than textual content as it puts too much load on the Tor network.
jmp242@sopuli.xyz 1 year ago
Me too. I noped out of Win10 after fighting with Win7 too much. Most people tell me I’m just unusual however I think more people than will admit just browse the web and can’t handle Win95 levels of customization and lack of making decisions for you. People are generally overwhelmed with the mere idea that they could customize their computer to work in different ways… Heck, on Windows it’s varied if you can even reasonably change to a different default browser without being “techie” (stupid low bar considered techie by many)…
chaogomu@kbin.social 1 year ago
I really need to bite the bullet and wipe windows off my new laptop. I've had an arch based distro downloaded and ready to go since mid August. Just don't want to have to download my steam library again. My shitty Internet is painful sometimes.
Jaysyn@kbin.social 1 year ago
Let's not blame the victims of Microsoft's fuckery here.
oo1@kbin.social 1 year ago
someone is giving them money and rewarding the fuckery - and has been for several decades now.
i wish the MS benefactors would at least make the payments conditional on improvement.
Aggy@kbin.social 1 year ago
I'd love to switch, but my laptop makes that quite hard and the computer still has years in it before I probably need to think about replacing it.
I've got an asus rog and sometimes need the backlight on the keyboard. As far as I could tell, no one had figured out how to do it without the windows only asus made software.
j4k3@lemmy.world 1 year ago
I keep a small partition set aside in case I need it for settings, but I leave the keyboard on one setting all the time.
Fedora by far has the best bootloader setup for modern bleeding edge hardware. Their Anaconda system (not related to Python’s “conda”) uses a shim key that is signed by Microsoft’s 3rd party UEFI key signing arrangement. Outside of the questionable philosophical implications around this arrangement and system, overall the setup is ideal for the end user. Fedora can on coexist with a windows partition easily, encrypt the entire thing and Windows can’t mess with anything on the Linux side. Personally, I haven’t ever actually used Windows since W8. My workstation router runs on a whitelist firewall so W11 is in a post internet age where it rightfully belongs. It might as well be a tab in the UEFI bootloader settings for all I care.
Fedora also has a system that builds the Nvidia kernel module from scratch every time the Linux kernel is updated. Around half of the updates still require me to do a quick restart after initial boot to enable the Nvidia kernel module. It falls back to the open source alt driver and still works fine, but I do AI stuff and need the CUDA API, so I have to reboot to get that working once a week or two. Fedora really is quite easy now. I would use something like NIX, but the Anaconda system is unmatched and too good to give up. You will have secure boot locked all the time even if you can not register custom keys or do not care to set them up manually.
be_excellent_to_each_other@kbin.social 1 year ago
FWIW I just put Windows onto a ROG GX531GX to gift it to a family member, (I told him it was a testament of my love thhat I was going from Linux TO Windows on a system for the first time ever) but have been gaming on it under Linux for a couple of years, and under KDE plasma was a slider for the keyboard backlight with the power settings, which required no extra attention from me (that I can recall) to get there.
I may have had to install an "asus laptop" or similar labeled package from my package manager and forgotten about it, but it was for sure no more than that or I'd have remembered.
Blamemeta@lemm.ee 1 year ago
Yeah, but linux breaks heavily modded Skyrim. Something about ubuntu or something breaks skse, and honestly I don’t care enough.
lozunn@kbin.social 1 year ago
At least on Arch Linux, I've gotten a heavily modded Skyrim to run just fine (tbh, even better than on windows), so it should definitely be doable, although perhaps a bit tricky.
This was with a vanilla wine & some winetricks and a quite old Skyrim base game, though, so not sure about the newer Skyrim iterations.Coasting0942@reddthat.com 1 year ago
The true reason for Microsoft’s continued monopoly, and the reason behind its strategic acquisition of Starfield
yoz@aussie.zone 1 year ago
Fucking microsoft doing microsoft things.
HafizMuhammad@mastodon.social 1 year ago
It's better to use Whonix or Tails if you want to use the TOR browser securely. If I ever had to use Windows again it would not be for anything private.
arc@lemm.ee 1 year ago
It’s better to use Whonix or Tails if you want to use TOR browser securely. If I ever had to use Windows again it would not be for anything private.
I’m certain there are people who use Tor in a way that it would make sense to use a secure OS.
But I use Tor to get around stupid public wifis and suchlike that have content blockers. I’m not scared that the police are going to beat the shit out of me so I just use Windows or Android.
brakebreaker101@lemmy.world 1 year ago
Found the white guy!
possiblylinux127@lemmy.zip 1 year ago
Experts believe that the false malware alert is due to the new heuristic detection method used in Microsoft Defender
Fortune tells are not a replacement for good security!
Any don’t use windows for anything private or personal as its under the control of Microsoft. You are just giving it suggestions
Puzzle_Sluts_4Ever@lemmy.world 1 year ago
No. Heruistics/“fortune tells” are 100% what is required for good security.
Because if all you are doing is flagging known threats? Then that means you are perpetually vulnerable and exploited.
False positives are a thing. In fact, flagging a device that intercepts and routes all traffic to weird random ass servers is a very good thing.
The answer is to note the false positive and then release an updated list that permitlists it.
Caboose12000@lemmy.world 1 year ago
thank you Puzzle_Sluts_4Ever, very clear explanation
possiblylinux127@lemmy.zip 1 year ago
I was joking sorry I didn’t mark it as such
TheBat@lemmy.world 1 year ago
This only happens in the latest version btw.
You can still download previous version and replace tor.exe and it works.
Mdotaut801@lemmy.world 1 year ago
Phew. I was wondering how I was gonna order my blow.
possiblylinux127@lemmy.zip 1 year ago
Bot
TheBat@lemmy.world 1 year ago
I ASSURE YOU I’M NOT A BOT, SILLY HUMAN
bandwidthcrisis@lemmy.world 1 year ago
Windows Defender sucks compared to the original Williams version.
Treczoks@lemmy.world 1 year ago
How dare they use a non-Edge browser for this!
LeeNeighoff@lemmy.world 1 year ago
Hot take, I see no issue with this. If you’re savvy enough to know about Tor and its purpose, you’re also savvy enough to know how to add a security exclusion in Defender. People who don’t know how to whitelist a program in Defender probably did not install Tor themselves and won’t be safe using a program with the capability to access the dark web.
It’s extra frustration for those trying to legitimately use Tor, but it’s also a safety check in the case of an unintended install.
shym3q@programming.dev 1 year ago
It’s funny that recently NetworkChuck uploaded video about darkweb where he installed tor on windows and now apparently many folks did the same.
EndlessApollo@lemmy.world 1 year ago
Oh no, how will I get my hands on hitmen and cp now?!
Darkenfolk@dormi.zone 1 year ago
Raid shado- I mean, Nordvpn. Protect your self online, call now to meet lonely VPN providers in your neighborhood looking to protect your data all day all night long.
LinkOpensChest_wav@lemmy.dbzer0.com 1 year ago
Bruh wtf.
This is why I rolled back my version of Tor? So I guess I have to add the folder as an exception. Fuck Microsoft.
rowrowrowyourboat@sh.itjust.works 1 year ago
techradar.com/…/microsoft-defender-will-finally-s…
Microsoft Defender will finally stop claiming Tor is malware.
genoxidedev1@kbin.social 1 year ago
Idk man I've had the tor browser on my PC for years now and it was never deleted. Might just be because I haven't updated it in like ever but still.
InvaderDJ@lemmy.world 1 year ago
False positives happen and it seems like they already resolved it.
It’s unfortunate that MS makes it so hard to take them at their word when they’re so aggressive with forcing Edge down everyone’s throat. That makes even obvious bugs seem nefarious.
vzq@lemmy.blahaj.zone 1 year ago
I’m not sure about the browser, but a lot of malware used to ship with the tor binary and used it to connect to the CNC. I can totally see it ending up in the indicator list.
I love bashing MS as much as the next guy, but this is not completely indefensible behavior given typical user use cases and needs. As long as it’s easy to add an exception of you installed it on purpose.
CheezyWeezle@lemmy.world 1 year ago
Yeah I’m guessing this is a false positive based on heuristic analysis, i.e. the TOR program has a lot of the same behaviors as malicious programs. Of course it is more accurate to say that the malicious programs are copying TOR behavior or just straight using TOR code, whatever the case may be.
My main issue is that it kind of shows a lack of due diligence. I assume the official TOR binaries are signed, so the official TOR binaries should be exempted from these heuristic positives. If the binaries are unsigned/have no valid certificates, then I can totally understand the false positive. At that point, the user should know they are installing software that cannot be automatically verified as being safe, and antivirus should never assume that something is safe otherwise. Like you said, for typical users this should be the expected behavior. Users can always undo Windows Defender actions and add exemptions.
lemmyvore@feddit.nl 1 year ago
I still don’t understand why Windows doesn’t use .exe whitelisting instead of bothering with endless blacklists and heuristics and antiviruses.
On any given system there’s a handful of legit .exe while out there there’s like a billion malware .exe, and more created every minute.
Or at least switch to an explicit “executable” flag like on MacOS and Linux.
Rose@lemmy.world 1 year ago
It’s defensible only from the perspective that it’s safer to flag many innocent apps than to miss something harmful. That said, it heavily punishes many legitimate developers and creators, as documented here. I was personally affected on many occasions and there hasn’t been a single one where Microsoft wouldn’t admit to false-flagging upon a manual review.
Amends1782@lemmy.ca 1 year ago
Oh god I hate that spelling of C2 lol
vzq@lemmy.blahaj.zone 1 year ago
I have other associations too 😈