back to article Tavis Ormandy to Microsoft: Have another Windows Defender vuln

Google Project Zero bug-hunter Tavis Ormandy has alerted the world to yet another way Microsoft's anti-virus tool Windows Defender could be attacked. Ormandy went public with the bug on Friday after Microsoft shipped its fix. He reported the issue to Redmond on June 9th. The bug is in the non-sandboxed x86 emulator Windows …

  1. Neil Barnes Silver badge
    Paris Hilton

    "including wild eip"

    Wasn't that one of the alert sounds on an early (mid-eighties) Mac?

    1. Geoff Campbell Silver badge
      Pint

      Re: "including wild eip"

      No - prog rock band from the '70s.

      GJC

  2. Christian Berger

    Stop trying to disprove Turing

    There is no way you can find out if code is bad or good. Even if your sandbox is perfectly well written, malware will be able to detect it and behave. Neither does static analysis work as directly proven by Turing. Signature based virus scanners are something security students learn how to circumvent in their early semesters.

    So please don't design your system in ways that assume you can somehow detect malware by running it through some software. You simply can't.

    So uninstall Acrobat Reader and Office as well as Flash if you haven't done so already.

  3. Anonymous Coward
    Anonymous Coward

    The best way to avoid malware is user behaviour and an OS with a strong default security model. I don't think Windows is suitable for either of those criteria. Defender type tools are kind of the wrong effort, with good intentions.

  4. bombastic bob Silver badge
    Devil

    I've always preferred 'safe surfing'

    I've always preferred "safe surfing", like

    a) don't use windows to surf the web, if possible

    b) don't log in with 'admin' privs if you surf "teh intarwebs" or read e-mail. EVAR.

    c) don't use IE or Edge, if possible

    d) don't enable ActiveX, automatic font downloads, or javascript (by default). In Firefox, use the 'NoScript' plugin.

    e) don't allow flash (or adobe ANYTHING for that matter) plugins.

    f) don't allow ANYTHING to 'take over' the browser UI. this especially includes toolbars or UI widgets of any form. This may require plugins to filter them out or block them.

    g) NEVER view e-mail as HTML. *EVAR*

    h) NEVER allow ANYTHING in an e-mail to "preview inline"

    i) do NOT enable IPv6 on windows machines WITHOUT a comprehensive external firewall blocking ALL! OF! THOSE! OPEN! PORTS!

    j) do NOT rely on "microsoft ANYTHING" for security

    note I didn't include ANY anti-virus products. You don't need them, if you practice 'safe surfing'.

    1. Anonymous Coward
      Anonymous Coward

      Re: I've always preferred 'safe surfing'

      Just to let you know, I only down voted you as that was horrendous to read. My grammar isn't the best, but that just made my eyes bleed.

  5. Charlie Clark Silver badge

    Slightly scary

    This full system x86 emulator runs as SYSTEM, is unsandboxed, is enabled by default and remotely accessible to attackers.

    Now I can understand for performance reasons why this might be happening but then again, given all the recent advances in hardware-virtualisation and the risks of this kind of thing, why is MS doing this?

    1. bombastic bob Silver badge
      Megaphone

      Re: Slightly scary

      " why is MS doing this?"

      many possible explanations exist, but I think the MAIN one is:

      all of the senior, experience people that made Micro-shaft into the #1 OS provider [market-wise, not quality-wise] have RETIRED, and took their stock options and everything else, and are enjoying all of that money with all of that free time.

      That left the company in the hands of MILLENIALS and ZEALOTS.

      So the CHILDREN are running the show now, it's THEIR turn to do things THEIR way, and they're extermely ARROGANT about jamming their crap-ware into whatever customer orifices they can find.

      And they're also CLUELESS, fall too quickly for the "new, shiny" trap [like a shiny lure on a fishing line], and have completely LOST TOUCH with what CUSTOMERS want.

      And it's also very likely that "the right hand" does not have a clue about what "the left hand" might be doing over at Micro-shaft. Everybody's isolated in their own little fifedom, fighting for dominance and importance and generally creating chaos for "the big picture" on Win-10-nic. Hence the cluster-BLANK we're seeing.

      THAT, and 'full system x86 emulator' running as SYSTEM.

  6. Anonymous Coward
    Anonymous Coward

    Great...

    Glad I turned Windows Defender off and installed Norton, instead. Won't be using Windows Defender, again. I could be missing something, but why does a system with an X86 Operating system even need X86 "Emulation", in the first place? Something about that doesn't sound right.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like