1. 11

  2. 3

    The basic concept behind the idea of “Windows Defender” is dubious to begin with. (yo dawg, we heard you like anti-virus software, so we put anti-virus software in ur anti-virus software so you can scan while you scan)

    Meanwhile, color me unsurprised that arstechnica elects to promulgate the very premise that encryption is outlandish at all…

    1. 2

      Isn’t that kind of standard practice?

      1. 4

        I guess in this case the concern wasn’t “someone else might read the mail”, but “depending on your mail client, simply receiving this mail with the attached exploit is enough to automatically run it”.

        Just read the bhg report, it’s clearly explained there:

        Note that as soon as the testcase.txt file touches disk, it will immediately crash the MsMpEng service on Windows, which may destabilize your system. The testcases have been encrypted to prevent crashing your exchange server. My impression from all of this is that the whole concept of virus scanners running on a live system is wrong and broken. Having an application that continuously reads/executes every file on your system considerably increases the attack surface.

        My conclusion from this and past events:

        • do not run a virus scanner on your system, it poses a security risk
        • only install executables from trusted sources like your package manager
        • avoid applications and file formats which have the ability to run arbitrary logic with user privileges or higher
        • start replacing unsafe languages like C and C++ with safer ones like Rust starting with core system libraries, services, protocol parsers, media decoders, and the operating system itself