"including wild eip"
Wasn't that one of the alert sounds on an early (mid-eighties) Mac?
Google Project Zero bug-hunter Tavis Ormandy has alerted the world to yet another way Microsoft's anti-virus tool Windows Defender could be attacked. Ormandy went public with the bug on Friday after Microsoft shipped its fix. He reported the issue to Redmond on June 9th. The bug is in the non-sandboxed x86 emulator Windows …
There is no way you can find out if code is bad or good. Even if your sandbox is perfectly well written, malware will be able to detect it and behave. Neither does static analysis work as directly proven by Turing. Signature based virus scanners are something security students learn how to circumvent in their early semesters.
So please don't design your system in ways that assume you can somehow detect malware by running it through some software. You simply can't.
So uninstall Acrobat Reader and Office as well as Flash if you haven't done so already.
I've always preferred "safe surfing", like
a) don't use windows to surf the web, if possible
b) don't log in with 'admin' privs if you surf "teh intarwebs" or read e-mail. EVAR.
c) don't use IE or Edge, if possible
d) don't enable ActiveX, automatic font downloads, or javascript (by default). In Firefox, use the 'NoScript' plugin.
e) don't allow flash (or adobe ANYTHING for that matter) plugins.
f) don't allow ANYTHING to 'take over' the browser UI. this especially includes toolbars or UI widgets of any form. This may require plugins to filter them out or block them.
g) NEVER view e-mail as HTML. *EVAR*
h) NEVER allow ANYTHING in an e-mail to "preview inline"
i) do NOT enable IPv6 on windows machines WITHOUT a comprehensive external firewall blocking ALL! OF! THOSE! OPEN! PORTS!
j) do NOT rely on "microsoft ANYTHING" for security
note I didn't include ANY anti-virus products. You don't need them, if you practice 'safe surfing'.
This full system x86 emulator runs as SYSTEM, is unsandboxed, is enabled by default and remotely accessible to attackers.
Now I can understand for performance reasons why this might be happening but then again, given all the recent advances in hardware-virtualisation and the risks of this kind of thing, why is MS doing this?
" why is MS doing this?"
many possible explanations exist, but I think the MAIN one is:
all of the senior, experience people that made Micro-shaft into the #1 OS provider [market-wise, not quality-wise] have RETIRED, and took their stock options and everything else, and are enjoying all of that money with all of that free time.
That left the company in the hands of MILLENIALS and ZEALOTS.
So the CHILDREN are running the show now, it's THEIR turn to do things THEIR way, and they're extermely ARROGANT about jamming their crap-ware into whatever customer orifices they can find.
And they're also CLUELESS, fall too quickly for the "new, shiny" trap [like a shiny lure on a fishing line], and have completely LOST TOUCH with what CUSTOMERS want.
And it's also very likely that "the right hand" does not have a clue about what "the left hand" might be doing over at Micro-shaft. Everybody's isolated in their own little fifedom, fighting for dominance and importance and generally creating chaos for "the big picture" on Win-10-nic. Hence the cluster-BLANK we're seeing.
THAT, and 'full system x86 emulator' running as SYSTEM.