Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 7 KB, 344x146, images.jpg [View same] [iqdb] [saucenao] [google] [report]
61126605 No.61126605 [Reply] [Original] [archived.moe] [rbt]

>https://arstechnica.com/security/2017/06/latest-high-severity-flaw-in-windows-defender-highlights-the-dark-side-of-av/

>View a webpage. You're infected
>Receive an email. Don't even have to open it. You're infected.
>Simply have a file on your hard drive. You're infected.

This is one of the worst exploits in years and its coming right on the heels of another giant ransomware epidemic.

What sane person still willingly chooses to use Windows in this day and age? Its like being in an abusive relationship with a 300 pound crack whore with AIDS.

>> No.61126638

Good thing I'm running MSE.

>> No.61126877

>>61126605
Good thing I have Norton

>> No.61126913

Well it will probably be fixed soon


There's been major exploits in every single OS this last year

>> No.61126972

Who cares, all my important files are in google drive. They can encrypt all my steam games for all i care.

>> No.61127014

>>61126605
Lucky I turned my computer off :)

>> No.61127035

>>61126972
Same here. I never store anything personal on Windows and all my other work is backed up to Google.

>> No.61127093

>>61126605
lmao disabling this shit right nao

>> No.61127148

>>61126972
>>61127035
>Using cloud storage for personal files
>Ever
Why can't you use external mass storage instead?

>> No.61127160

Patch Tuesday occurs on the second and fourth Tuesday of the month, right? So Windows users will have this exploit until the July 13th, right?

>> No.61127181
File: 175 KB, 800x850, 1494642381704.png [View same] [iqdb] [saucenao] [google] [report]
61127181

>>61126605

Update already released June 23. So?

https://borncity.com/win/2017/06/24/microsoft-closes-critical-vulnerability-cve-2017-8558-in-malware-protection-engine-june-23-2017/

>> No.61127189

>>61126638
Is MSE actually immune? It uses MsMpEng as well.

>> No.61127212

>>61126605
Common Sense doesn't have this problem

>> No.61127249

>>61127212
Common sense doesn't protect you against shit like this or worms such as WannaCry.

>> No.61127275

>>61127249
I use Common Sense and I haven't had any malware since I got Internet in '93. Checkmate.

>> No.61127319

>>61127249
Yes it does. WannaCry spread using an exploit that was patched 3 months prior. If you don't update your PC, ESPECIALLY on Windows, you have no common sense at all.

>> No.61127336

Sir we need to air gap your machine please do it right no

>> No.61127363

You fucking dickless faggots, linux got hacked by pressing a key 19 times. Windows is more secure than your meme OS and has games.

>> No.61127372

>>61127319
What if I only block smbus

>> No.61127379

>>61127363
That vuln was in GRUB if I recall correctly, and required physical access to a machine.

>> No.61127408

>>61126605
Says it's already patched, FUD spreader.

>> No.61127425

>>61126605
I keep all my important files in literal files. You're a fucking pleb if you don't

>> No.61127469

>>61126877
Enjoy having a slow as shit PC anon.

>> No.61127805

>>61127148
You think I was serious to keep my files in a LGBT activist, liberal terrorist organization named Google? Of course not.

>> No.61127830

>>61127160
hotfixes can be dropped whenever they're ready to be released.

>> No.61128111
File: 2.98 MB, 1474x1600, 1497821486800.jpg [View same] [iqdb] [saucenao] [google] [report]
61128111

>>61126605
Holy shit that's bad. Glad I don't use Windows.

>> No.61128211

>>61126605
I really don't understand why some people still use Windows in fucking 2017, it's like the last two decades of shitty winblows releases was not enough for them...

https://www.youtube.com/watch?v=IW7Rqwwth84
20 fucking years of pure fail. It's amazing.

>> No.61128372

>>61128211
because most business software is coded for it and many server apps are better on it too. It can do more, generally speaking than UNIX can.
Until that changes, we are its bitch corporately.

>> No.61128407

>>61128211
and theres a fuck tonne of UNIX exploits too. As many if not more security bulletins per year.
Viruses or trojans on UNIX suck balls because most have source code and compilers so easy to hide and use remotely too.
It's really no different but 90% of the world uses Windows so there's far more effort put into exploits here and they are far more public.

>> No.61128503

>>61126972
tfw he's making le ebin joke but nobody laughs cus actual proprietards are already a karikature of themselfs

>> No.61128510

>>61127275
it's funny to see how much effort you have to do to fuck up your computer with malware, seeing some "windows destruction" videos really made me think about how people are unprepared to use computer as they do shit like that unironically

>> No.61128537

>>61128407
I mean a good hunk of servers run somehing UNIX-ish so I'd argue that there's just as much malicious incentive in finding linux exploits as there is in windows exploits if people really want to rustle some jimmies.

>> No.61128547

>>61128510
I tried to play around with malware in a virtual machine running Windows but it was too much work getting infected so I just returned to shitposting on 4chan

>> No.61128611

>>61127408
>Microsoft, the company that literally works side by side with the National Semite Agency to make your computer as vulnerable and ripe for spying as possible, said they """patched""" (LMAO) the (((vulnerability))) they put there in the first place
>goyim ACTUALLY believe this

You faggots are as naive as newborn kittens.

>> No.61128790

Does this include endpoint protection

>> No.61128915

>>61128537
They do, over half of web servers are running UNIX but probably UNIX admins are smarter because they actually have to understand wtf is going on.

>> No.61128938

>This Windows Defender bug was so gaping its PoC exploit had to be encrypted
>PoC exploit
that's racist

>> No.61128960

>>61126605
WINKUCKS BTFO
MICROSOFT FINISHED AND BANKRUPT

>> No.61129040

>>61127181
LINUXFAGS ON SUICIDE WATCH

>> No.61129042

>>61126605
Good thing I'm on ZorinOS

>> No.61129123

>>61126605
Good thing I have Windows Defender turned off.

...For AVG

>> No.61129149

>>61128372
>because most business software is coded for it
What is a virtual machine? What are cross platform languages and frameworks?

>and many server apps are better on it too.
LOL no.

>>61128407
>and theres a fuck tonne of UNIX exploits too.
No, there's not. I want to slap every person who ever makes this excuse for Microshit. The library of malware for Windows is easily three orders of magnitude larger than for UNIX, Linux, or macOS. Windows is in the news every couple weeks with a new monster exploit and global attack. Windows is shit.

And it's not just the quantity of exploits, but the nature of them that's different. Both the Italian hacker company leaks and the NSA leaks confirm that while every OS has a history of bugs and exploits, *nix systems are far more difficult to compromise. A typical tool to compromise a Mac or an iPhone, for example, required PHYSICAL ACCESS to the machine, and would only work on specific models. Windows? Just get someone to receive...not read...receive an email. I've lost track of the Windows exploits I've personally seen in my life where any script kiddie could do a drive by attack on a corporate network and succeed. The first big one I remember was the JPEG bug in the early 2000's that would let you take control of a machine if the end user looked at a web page or received an email. 2017 and we have YET ANOTHER bug of this nature.

Fuck Microshit. They were always a trash software company. But in recent years they have grown even worse.

>> No.61129178

>>61126913
Of course they'd wait for it to be patched before reporting on it. Thats just responsible disclosure. The point is that Windows is so shit and Microsoft is so incompetent that this exploit has been there for years and they needed a third party researcher from Google to find it.

The best part? He needed to write a tool to load the system in WINE so he can use Linux's fuzzing tools since Windows is so shit

>Distributed, scalable fuzzing on Windows can be challenging and inefficient. This is especially true for endpoint security products, which use complex interconnected components that span across kernel and user space. This often requires spinning up an entire virtualized Windows environment to fuzz them or collect coverage data.

>This is less of a problem on Linux, and I've found that porting components of Windows Antivirus products to Linux is often possible. This allows me to run the code I’m testing in minimal containers with very little overhead, and easily scale up testing.

>This is just personal opinion, but I also think Linux has better tools. ¯\_(ツ)_/¯

>> No.61129189

>>61126605

Does it make you angry knowing that no matter how many threads you make, Linux will never, ever be relevant on desktop?

>> No.61129196
File: 105 KB, 883x1024, 1497142231682.png [View same] [iqdb] [saucenao] [google] [report]
61129196

Good thing my PC came pre-installed with McAffee.

>> No.61129219

>>61128790
Yes

>MsMpEng is the Malware Protection service that is enabled by default on Windows 8, 8.1, 10, Windows Server 2016, and so on. Additionally, Microsoft Security Essentials, System Centre Endpoint Protection and various other Microsoft security products share the same core engine.

>The core component of MsMpEng responsible for scanning and analysis is called mpengine. Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers, full system emulators for various architectures and interpreters for various languages. All of this code is accessible to remote attackers.

>> No.61129228

>>61126605
>https://www.bleepingcomputer.com/news/security/microsoft-quietly-kills-another-gaping-hole-in-windows-defender/

Already patched m8
But good try unemployed loonixfag

>> No.61129233

>>61129149
Yeah you should ignore the systemd 0day that dropped today which allowed rce from dns queries

>> No.61129265

>>61127249
yes it does

>don't have ports forwarded that you don't need forwarded
>guest connections to network on different vlan and ACLed

>> No.61129310

>>61129265
Also, try not to receive any emails or view web pages with images.

>> No.61129369

>>61129233
>herp every machine is a dns server
>derp my one example trumps the 10,000 examples on windows

>> No.61129405

>>61129369
It wasnt a dns service champ go read it again retard
Let's talk about heartbleed though
How about dirty cow
How about imagetragick
How about the af_packet rce
Wanna keep going?

>> No.61129451

>>61128407
>and theres a fuck tonne of UNIX exploits too.
GNU is not UNIX.

>> No.61129469

>>61129451
Windows defender isn't ntoskrnl

>> No.61129644

>>61129405
How many of those "exploits" ever effected a single Linux machine? Find some examples and see if the numbers come anywhere near the total of even just Petya. My point is, most, if not all of the Linux exploits require such outlandish circumstances to execute them, they're almost laughable.

>> No.61129746

>>61129149
>No, there's not
Yes there is, you don't pay attention obviously. I want to slap all you linux shills for telling people to run this shit. If it was super awesome, we'd be using it corporately.

>> No.61129802

>>61126605
IT zeguridad

>> No.61129886

>>61129746
>Yes there is, you don't pay attention obviously.
I do pay attention and you're full of shit.

>I want to slap all you linux shills for telling people to run this shit. If it was super awesome, we'd be using it corporately.
I hate to tell you this, but corporations generally make stupid decisions.

>> No.61129996

>>61128211
i need my games and my cpu is too shit for gpu passthrough, i'll suffer with windows until linux gets more games or i upgrade my cpu

>> No.61130050

>>61129746
>Yes there is
I'll give you this much, they exist, but as stated above, good luck ever executing one of them. Most of them are POC tier shit and MOST get patched immediately. That's more than I can say for WannaCry, which had it's ass hanging in the breeze for months before Microsoft issued a patch.They were notified in January, and for some odd reason the patch for XP had a publish date of February and a release date of when? Oh! May? Hmmmm...really percolates those peanuts.

>> No.61130054

>>61128211
Because some people need to work unemployed loonix weaboo

>> No.61130078

>>61126605
>>https://arstechnica.com/security/2017/06/latest-high-severity-flaw-in-windows-defender-highlights-the-dark-side-of-av/
Those ass-blasted microcucks in the comments section!

>> No.61130122

Good thing I deleted that crappy antivirus with my Linux partition

>> No.61130185

>>61130078
Like >>61129228 said.
Is already fixed.

>> No.61130305

>>61130050
>patch for XP

>> No.61130357

how do i fix my windblsw so i dont get infect guys

>> No.61130375
File: 192 KB, 1280x1269, 1497660172099.jpg [View same] [iqdb] [saucenao] [google] [report]
61130375

>>61128211
>some people
>90% of marketshare

>> No.61130391

>>61129644
A lot of them? Imagetragick was used to pop hundreds of prod boxes

>> No.61130394

>>61130305
Yes, they released one.

>> No.61130402

>>61130394
You have to draw the fucking line somewhere.

>> No.61130415

>>61129644
But a single loonix machine is like 2% of the userbase

>> No.61130429

>>61126605
Its good thing i use FreeBSD

>> No.61130432

>>61130402
They realized there are too many retards still running XP to just let nature run it's course.
>>61130415
Servers, dingus, servers.

>> No.61130447

>>61130429
Stack Clash. There isn't a Unix that isn't immune to it.

>> No.61130453

>>61130432
>Servers, dingus, servers.
these exploits don't affect servers

>> No.61130456

>>61130447
>isn't
is

>> No.61130546

>>61130391
"While this is not as egregious as some celebrity vulnerabilities have been in the past, [the ImageTragick researchers] do mention that they branded this in a way designed to get attention and boost their low numbers of blog views," said John Bambenek, manager of threat systems for Fidelis Cybersecurity in Waltham, Mass. "If you are measuring the success of your vulnerability research by Web traffic, you're focused on the wrong things."
Bogus.

>> No.61130562

>>61130185
t. assblasted microcuck

>> No.61130778

>>61129886
no and no

>> No.61130805

Jokes on them I never open anything via email

>> No.61130879

>>61126605
>arstechnica
>crappy click bait
>exploit already fixed
get fukt op
oh and
MITIGATED

>> No.61130893

>>61127249
pointing at you while I laugh

>>61128111
Linux has had way worse exploits lately, guess you're not informed

>> No.61130912

>>61130805
i almost never check my email, and infact last i sent an email was like 2011.

>> No.61130922

>>61126605
>Windows Defender allows attackers to infect your computer just by viewing a file

Pretty sure that was an older exploit.

>> No.61131026

I miss the simple days of port 195 shenanigans and +++ATH0

>> No.61131052

>>61130546
Okay? That doesn't prove anything champ
Nothing different from you screaming about a patched vuln

>> No.61131771

>>61126877
>Norton
Now that's a name I've not heard in years.

>> No.61132321

>>61129405
These are all just software exploits. Not part of Linux buddy.

>> No.61132410
File: 8 KB, 383x69, idiot.jpg [View same] [iqdb] [saucenao] [google] [report]
61132410

>>61126605

B-but what about all those posters on /g/ that say CommonSense201X and Windows Defender all are you need?!

>> No.61132729
File: 241 KB, 350x186, 1492667488081.gif [View same] [iqdb] [saucenao] [google] [report]
61132729

>>61126605
So you have to be running defender to be exploited?

>> No.61133361

>>61132321
Neither is anything other than code in ntoskrnl by those standards

>> No.61134354

>>61126605
old news

>> No.61134936

>>61132729
Or MSE, Endpoint Protection, or any one of 'various Microsoft security products' that use the same engine. These are all active by default on a fresh install.
I don't know if you can even disable it fully, and who knows how long this was out in the wild before being discovered and patched. If you're running Windows, just accept that your machine is probably part of a botnet

>> No.61135160 [DELETED] 
File: 440 KB, 1366x768, Screenshot_20170629_102205.png [View same] [iqdb] [saucenao] [google] [report]
61135160

>>61126605

>> No.61135178

>>61126605
Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine.

Woo... so glad automatic updates are on.

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
Captcha
Action