• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Microsoft Accidently Puts Hole in Windows Defender With Open-Source Code

DooKey

[H]F Junkie
2FA
Joined
Apr 25, 2001
Messages
15,775
Microsoft put an accidental hole in Windows Defender when they incorporated some code from unrar into the antivirus engine. This hole will allow remote code execution on the local machine so it's advised to get the update from Microsoft ASAP if you don't have auto-updates turned on. Until you patch don't open any unknown .rar files or you might compromise your system.

The screwup was discovered and reported to Microsoft by legendary security researcher Halvar Flake, now working for Google. Flake was able to trace the vulnerability back to an older version of unrar, an open-source archiving utility used to unpack .rar archives.
 
Yet, another lesson to not just blindly accept that "Open Source = more secure." Never assume.
 
Yet, another lesson to not just blindly accept that "Open Source = more secure." Never assume.

Actually Microsoft modified the code which introduced the vulnerability.

I'll state it again - they took perfectly fine code and in the process of incorporating it, they broke it for no apparent reason.

This time it's fully on them and not open source. I do agree one shouldn't assume any code is inherently more secure and the whole open source means more secure since more eyeballs - more eyeballs only count if the right ones are actually looking at the code. Just because more eyeballs could look at code doesn't mean anyone is. *cough* open SSL *cough*
 
Yet, another lesson to not just blindly accept that "Open Source = more secure." Never assume.
Who suggested that?

Peer review yields increased security. If no one cares, open source doesn't do any good.
 
Can't remember the last time I opened a .rar, but I'll update just in case. I do have RarZilla but I haven't used in at least the past year.
People use Windows Defender? Who knew?
More to say I use something. It certainly doesn't seem to eat up much in the way of resources. I've never been infected in 39 years of computer ownership.

As for RAR files, can't remember last time I had to open one, I do have RarZilla so I must have done sometime in the last couple of years.
 
Less bloatware than the other freebies.

But doesn't it also score worse than most other solutions?

I do not use any anti-xxx software. I just disable the delivery mechnisms and I am not a big cruiser of the Internet. 30+ years on it and so far, so good.

So far, it's not been bad. We'll, until now.

Wouldn't surprise that this whole thing is planned obsolescence planted by Microsoft to drive more Win10S sales.

There is always that. I love my tin foil hat!
 
I've been saying for nearly two years now, ever since the anniversary update, that MS need's to slow the F down. Instead trying to cram more features with every update put more QA into what's already there. Who knows how long until we find what exploits have been given to us in the one to two dozen things they've shoveled out in the last year alone.
 
But doesn't it also score worse than most other solutions?

Yeah when it was Security Essentials it was good, then Win8/10 they let it slide... Though now they appear to be ramping up again.

Feb was the first time it scored 100% on av-tests 0 day and prevalent tests... It is holding its own beating industry average in most things. Though to be honest everything does pretty good in testing, they fight over the last 1% in most cases.

https://www.av-test.org/en/antiviru...osoft-windows-defender-antivirus-4.12-180674/

We just started a project to replace SEP with SCEP.
 
Can't remember the last time I opened a .rar, but I'll update just in case. I do have RarZilla but I haven't used in at least the past year.

More to say I use something. It certainly doesn't seem to eat up much in the way of resources. I've never been infected in 39 years of computer ownership.

As for RAR files, can't remember last time I had to open one, I do have RarZilla so I must have done sometime in the last couple of years.
7-zip Master Race. Free, portable, small, and fast. Context menus with Windows installation are also sexy.
 
7-zip Master Race. Free, portable, small, and fast. Context menus with Windows installation are also sexy.
I know a lot of people like 7zip, but I tried it once long ago (probably shortly after release) and didn't like it, can't remember why, but these prejudices seem to stick with you forever and a day :). But I'm fussy with my utilities, I tried a bunch of SHA1 calculators and finally just wrote my own, I just wanted simple, no thought, easy comparisons without any extra unneeded features. So, since its introduction, I just tend to use the zipper built into Windows as easy no thought, no pkzip ;), needed. When I move to Linux that attitude may change.

Now let's wait and see if MS opens up Windows Defender to attacks from zip files, then we'll know for sure they are planning on killing off defender and/or selling everyone on their "walled garden."
 
Back
Top