The most secure OS named windows : memes

[–] beefcat@beehaw.org 21 points 2 years ago* (last edited 2 years ago) (1 children)

most windows programs haven’t run as root in over a decade.

a program only runs as “root” in one of three situations:

The app manifest says it is a requirement.
The executable does not have an app manifest and has the "Run as Administrator" compatibility flag (only applies to apps built for XP or older).
The user manually invokes the program with super user permissions (right click and “Run as Administrator", or manually set the above compatibility flag).

[–] socsa@lemmy.ml 1 points 2 years ago* (last edited 2 years ago) (1 children)

There are still far too many system components which run with spooky elevated privileges. Don't believe me? Try nuking permissions on Windows update or activation nagware, disconnect from the internet and see how long those changes persist. Sometimes it is a few reboots.

This is a fundamentally insecure security framework, which no amount of glue or sandboxing can fix.

[–] beefcat@beehaw.org 1 points 2 years ago

how would you expect something like windows update to function without elevated privileges?

activation nagware

what?

[–] Katana314@lemmy.world 19 points 2 years ago

If Linux was the world’s most popular operating system, it too would have tons of vulnerabilities.

There’s two sides to that statement; one being that increased attention leads to more findings. The second being that in order to become popular, it would need a large set of simplified convenience features aimed for mass consumers; and those are often what lead to vulnerabilities. (Same story pretty much happened with Android)

[–] verdare@beehaw.org 13 points 2 years ago (1 children)

What do you mean by “most Windows programs running as root?” I don’t think that’s accurate, unless you’ve disabled UAC.

[–] beefcat@beehaw.org 10 points 2 years ago

OP still uses Windows XP.

[–] Raine_Wolf@lemm.ee 12 points 2 years ago

Meanwhile, giving myself root access to my own computer is a bitch. I need to just switch to Linux

[–] KinNectar@kbin.run 8 points 2 years ago (1 children)

Windows Defender bad?

[–] Designate6361@beehaw.org 8 points 2 years ago (1 children)

Pretty most of the people i know who work in IT are all just using Defender now, i have even stopped paying for AV and just use defender out of the box. Unless you are doing something that exposes you to risk there really is no use to use anything other than defender. In saying that enterprise or businesses environment i would still say 100% have something other than defender in place.

[–] wrath_of_grunge@kbin.social 2 points 2 years ago

i'm one of those people. haven't used anything other than Windows Defender for over a decade at this point.

[–] Omega_Haxors@lemmy.ml 6 points 2 years ago* (last edited 2 years ago)

If you want to criticize windows for being shitty, you should have went with their certification system. You know that popup that shows up whenever you run an exe from an "unknown publisher"? Well viruses can (and do) get certification since all you have to do is send Macroshaft money, leaving you completely unprotected from actual threats. It's security theatre only there for fundraising purposes. Completely useless.

And no this isn't a case of "no oversight" there are cases where Windows Defender will let you run a program its own database knows is a virus. Even if they know your program is flat out malware, as long as you buy that certificate your program will forever be treated as legitimate.

[–] Static_Rocket@lemmy.world 5 points 2 years ago

You know what, if it keeps me from getting weird phone calls from my gramps once a month it's good enough.

[–] Zerush@lemmy.ml 5 points 2 years ago

Precisely because Windows has been the main target for hackers and malware, for being by far the most used OS, it has caused Windows today to be the best protected OS, with a Defender that is currently one of the best AVs on the market and a effective Sandbox system that prevents any changes without user intervention in the root system. Hopefully in terms of privacy it will be just as good, at least by default it is not like that.

[+] spyjoshx@discuss.tchncs.de -8 points 2 years ago (5 children)

I understand that antivirus software is necessary on Windows, but I'll never understand the existence of Windows Defender. If Microsoft knows enough to prevent a virus that exploits something in windows, why are they putting their effort into an antivirus program, and not fixing ththe problem in Windows? If someone has a good explanation for this, I'd love to hear it.

[–] nightdice@feddit.de 13 points 2 years ago (3 children)

Because... They are? Whenever there is a problem in Windows itself, they release an update to fix that ASAP.

Defender doesn't just work against viruses that exploit weaknesses in Windows. It also works against viruses in programs the user installs. The purpose of Defender is the same as any other antivirus software, to detect known virus signatures in downloaded software, as well as attempt to detect programs that display virus-like behaviour. It also attempts to ensure that users only install software from sources they trust. For these purposes, Windows Defender is at least as good as most other antivirus software on the market.

I would also generally recommend using an antivirus program on a Linux/OSX machine, unless you really know the risk you're accepting by not using one. Even then, I recommend occasionally running ClamAV or a Malwarebytes scan. There is a misconception of "there are no viruses for non-Windows platforms", but the thing is that a lot of viruses these days are cross-platform compatible, and all it takes is one program or dependency becoming an infection vector. Keep yourselves safe, people!

[–] cobra89@beehaw.org 3 points 2 years ago

The only caveat I'll add is that because of the way package managers work in Linux, it's much less likely someone will be running something from an untrusted source. It's less true these days with snap and flatpak but those are at least sandboxed.

It's not that common these days for Linux users to be downloading random binaries and running them.

[–] spyjoshx@discuss.tchncs.de 2 points 2 years ago

That makes a lot of sense, thanks!

[–] dzervas@lemmy.world 1 points 2 years ago (2 children)

I never got where the misconception of "*nix doesn't have malware" came from. Maybe from the 2k era where "malware" was anything that was slowing down your PC (I also don't get why a malware would slow down your PC, unless it's a ransomware)?

I remember the c99.php shell from way back which is an amazing example of cross-platform (PHP can run anywhere) "virus" and it was considered a golden standard (2010 era?)

[–] GeneralVincent@lemmy.world 2 points 2 years ago

There's also the kind of malware that uses your PC to mine crypto without you knowing. And especially back in the day there were plenty of trolls just infecting computers with malware to slow them down for fun. And since malware is just software, it's all gonna be made differently so there probably plenty that just has bad code.

[–] nightdice@feddit.de 2 points 2 years ago

I think it's born from a misinderstanding of infection statistics, especially back when windows was also more popular on servers.

[–] Appoxo@lemmy.dbzer0.com 12 points 2 years ago (2 children)

Tell me you know nothing about software without telling me.

[–] spyjoshx@discuss.tchncs.de 4 points 2 years ago (2 children)

I know nothing about software. That's... Why I asked.

[–] brainw0rms@hexbear.net 2 points 2 years ago* (last edited 2 years ago)

Don't worry about it too much, this meme is just garbage and basically everything it asserts is wrong or inaccurate. The other person who replied to you was just being a condescending smuglord because you asked reasonable questions instead of participating in the "Windows Bad" circlejerk.

[–] spectre@hexbear.net 2 points 2 years ago

All OSes have vulnerabilities, and the thing is MS Defender is a working solution that prevents many attacks. Microsoft also has to provide some nominal support to enterprise apps that are 30 years old, because that's a significant amount of what keeps them in business. Patching actual root causes would often mean changing the way things work at a fundamental level in the OS, and would break apps for a lot of their users. This could create a big problem for a lot of people.

[–] dzervas@lemmy.world 0 points 2 years ago

wow, you should become a teacher or something

[–] beefcat@beehaw.org 8 points 2 years ago* (last edited 2 years ago)

because that isn’t really how these things work. It doesn’t matter how secure your operating system is, it can still get infected with malware if you let the user download and install arbitrary software. every modern desktop operating system that allows this has this hole.

features that pop up warnings when running code not signed by the OS vendor (like Windows SmartScreen or macOS Gatekeeper) help to an extent, but are not magic bullets since users can still override them.

at the end of the day, the best defense is to make sure you actually trust any software you download before running it.

[–] dzervas@lemmy.world 8 points 2 years ago (2 children)

ok so let’s start with the exploits. Exploit is a bug (problem) in a piece of software that when… umm… “abused” (well the word is just exploited) it allows you to do stuff that you shouldn’t. An exploit could be live from your browser to the program you use to zip files. The top 2 reasons to use an exploit is to either get initial foothold on a machine (e.g. an exploit in a browser that would allow an attacker to execute arbitrary code when you visit their page or an exploit in winrar that when you open a zip file executes code)

From the attackers perspective, you got in, nice. Mind you you got in through means that have nothing to do with windows (and that’s true most times, especially on desktops). but now? what?

You hacked into the machine for a reason! You might wanna grab the browser cookies (giving you direct access to the accounts that the victim is logged into), grab some files, screenshots, passwords

That’s where the AV kicks in. After the initial exploit the malware behaves like a normal program. But not completely. Assuming that the AV hasn’t seen the same exact malware before (which would an insta kick ban) it’s going to see a random process accessing files in chrome’s directory. HUH. ISNT THAT SOMETHING. quarantined.

Wanna start listening to each and every keystroke? quarantined

Meanwhile the way that the exe ended up in your system was not through an installer, you don’t provide an uninstaller and it was downloaded from www.xXxveryNicEsiteyou.got. HUUUUUUUH

the whole process is a bit simplified of course, but it captures the general idea

So why does linux not have an AV? FUCK IF I KNOW! It would be very, VERY useful. Writing malware that bypasses AV is an art of its own. Can be done for sure, but it’s an extra step and it’s not fun

background: used to get paid to do shit like that (legally, pentest) and it’s a fun hobby (writing code around it, not hacking people)

[–] spyjoshx@discuss.tchncs.de 4 points 2 years ago (1 children)

Makes sense! I guess without an antivirus there's no way of distinguishing legitimate activity from illegitimate activity at the system level when dealing with downloaded programs. Also, my Voyager app decided that your "link" was actually a link and tried to make an embed lol

[–] dzervas@lemmy.world 2 points 2 years ago

exactly!

sorry if I overexplained/oversimplified a bit but I didn’t want to make assumptions ☺️

[–] nightdice@feddit.de 1 points 2 years ago (1 children)

why does linux not have an AV?

I can recommend running ClamAV, if anyone is looking for a good one that runs on Linux.

[–] dzervas@lemmy.world 3 points 2 years ago (1 children)

I've never even considered ClamAV. I have the idea that it's just a malware signature DB (changing the signature of a binary is almost as simple as recompiling it with a bit different variables)

Am I incorrect? does it have heruistics/active scanning?

[–] nightdice@feddit.de 1 points 2 years ago (1 children)

It is pretty exclusively a file scanner, but that, combined with Linux's privilege separation, any decent firewall and not willfully executing untrusted files is enough for most cases, I would say.

[–] dzervas@lemmy.world -1 points 2 years ago (1 children)

what kind of privilege separation? you’re talking about containers/namespaces?

cause as it is linux desktop has 1 unprivileged user and that’s it. from an attackers perspective privilege escalation is irrelevant - you have access to the screen, keyboard, browser, files. there really is nothing left to gain from gaining root

and if you have any reason to gain root, it’s super easy by just replacing sudo with an alias in .bashrc you’ve got the user’s password

We REALLY need sandboxing and soon, that’s why I want to give fedora silverblue a try but my hopes are quite low

btw windows is in a bit of a better place and M1 mac is in much better place

[–] nightdice@feddit.de 1 points 2 years ago (1 children)

If you want sandboxing, isn't firejail pretty exactly what you're looking for?

[–] dzervas@lemmy.world 1 points 2 years ago

I’ve not looked into fire jail in depth but I’ve read lots and lots of bad takes on it

What we need is docker with a better graphics integration, in terms of both ease of use and security. maybe wayland can help in that (cause with X you just forward the whole management socket and that’s it, anyone can draw anything)

There’s a chance that snap has done it right (I know that everyone hates it but there’s a CHNACE that they got it right in terms of security and ease of use)

flatpak “is not enough” since the controls it gives you are not enough. first you need flatseal to disable stuff per application and the defaults aren’t good enough and steam for example REQUIRES access to the whole home folder which defeats the whole purpose

[–] sternail@lemmy.world 2 points 2 years ago

I‘m sorry you got downvoted for asking a question because you don‘t know. Good old reddit behavior…

Memes

Rules: