Sign in / up

back to article Microsoft upgrades Defender to lock down Linux gear for its own good

Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to contain intrusions and whatnot. The device isolation capability is in public preview and mirrors what the product already does for Windows systems. "Some attack scenarios may require you to isolate a device …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. captain veg Silver badge

    intruders

    "Intruders won't be able to connect to the device or run operations like assuming unauthorized control of the system or stealing sensitive data, Microsoft claims."

    Have they demonstrated that intruders could connect to Linux devices or run operations like that without the "benefit" of Defender? Or does this, in fact, leave Linux users in much the same position as before but with some Microsoft bloatware installed?

    -A.

    36 1 Reply
    1. yetanotheraoc Silver badge
      Reply Icon

      Re: intruders

      "they won't be able to reach Microsoft's Defender for Endpoint cloud services"

      If I read that right, what MS are doing is isolating a Linux box *from Defender*. This would be useful, potentially, because if Defender is compromised you can keep that compromise from spreading to the Linux boxen. Of course, if Defender is compromised then the intruders could probably just re-enable the isolated devices... But cool, it's one more green checkmark on the packaging, marketing is happy.

      10 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: intruders

        Yes, I read it that way also, which confuses me.

        Defender doing more to support Linux is good news in general, giving us more tools to do our jobs with.

        4 0 Reply
      2. NoneSuch Silver badge
        Reply Icon
        Linux

        Re: intruders

        I do appreciate that my stable Linux boxes will be isolated from the buggy and bloat riddled Windows servers and services.

        I approve this message.

        6 0 Reply
  2. Neil Barnes Silver badge

    Is this the same Defender

    That cheerfully announces that the website you just (knowingly and with malice aforethought) logged into is trying to steal your login?

    13 2 Reply
  3. original_rwg
    Facepalm

    Er...

    Install a Micros~1 product on my Linux machine? Why would I want to do that? (Rhetorical question)

    21 5 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Er...

      Masochism? Intense self loathing?

      :)

      16 2 Reply
  4. yetanotheraoc Silver badge

    DistroWatch

    Desbian - Trust Microsoft to know which distros need isolating.

    6 0 Reply
    1. fargoneicehole
      Reply Icon
      Coat

      Re: DistroWatch

      Desbian... a distribution for those on the stage and in the theater (theatre)...

      4 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    This says all over it that intruders will make use of the feature to their own ends.

    I mean, yes, I understand the logic and all, but one tool to rule them all is not the solution.

    5 5 Reply
  6. jake Silver badge

    We all want to implement this immediately because ...

    ... as we all know, Microsoft is synonymous with system security.

    In other news, training feral cats to guard your koi pond is an excellent idea ...

    27 3 Reply
  7. bigtreeman

    Not our friend

    You have been warned - only use Windows desktop.

    I'm tired, this has always been Microsoft 101.

    Microsoft hasn't cosied up to Linux to be our friend.

    Embrace, extend, extinguish

    19 6 Reply
    1. Nintendo1889
      Reply Icon

      Re: Not our friend

      Nadella should go into making vaccines instead

      2 7 Reply
    2. jake Silver badge
      Reply Icon

      Re: Not our friend

      Relax. Microsoft (or anybody else) can't get anything into the kernel without the approval of Linus.

      And of course all the rest of the FOSS stack is now, and always will be, FOSS. You'll be able to build a system to suit yourself, sans Redmond influence, roughly until the heat-death of the Universe. That's the very nature of the beast.

      Speaking of beasties, there is also BSD ...

      3 0 Reply
    3. Zippy´s Sausage Factory
      Reply Icon
      Devil

      Re: Not our friend

      I have a feeling they're trying to put so much into Linux in the hope that should something horrible* happen to Windows they have a backup.

      * such as it becoming unprofitable, obviously, not any kind of security issue

      0 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    does this say defender doesn't understand https_proxy

    It wouldn't surprise me at all.

    If I had computers configured to NOT use split-tunneling, there's no way I'd enable it just to support a badly designed, and similarly implemented AV application.

    8 2 Reply
  9. david 12 Silver badge

    https_proxy: another unix/linux system "secured" by the use of ab environment variable.

    1 0 Reply
  10. Pete 2 Silver badge

    Dear intruder

    We have a system that will (maybe, we hope) isolate all those naughty Linux devices from accessing our fragile and bug-ridden Microsoft network.

    So in the future please only try to hack, crack, frack or whack us with one of the operating systems that we can (maybe, we hope) isolate.

    In particular, it would be absolutely lovely if you would refrain from using BSD or any of its variants, ChromeOS, Android, macOS, Haiku, z/OS or any of the other hundreds of operating systems that our Windows Defender team haven't got around to learning about.

    Thanks a lot.

    Your fiends at Microsoft

    7 3 Reply
  11. Al fazed
    WTF?

    Disruptive OS

    Well I am wondering just how much isolation Windose Defender is responsible for.

    I have Windoese 10 box for every day use and whilst it isn't as fast as previous versions it has until the other day been useful, meaning I can get work done, just about.

    Now I am unable to SAVE a Project created with WoW Slider or Visual Lightbox, which I have been using for years, now all of a sudden and for no known reason, it can no longer be done.

    I have been experiencing unexpected crashes of FOSS on Windose 10 which I have never experienced before on previous Microshaft OSes.

    Libre Office is so unreliebale that I might have to buy a Microsoft licence just to write letters and keep my current spreadsheets in use.

    I do not see anyone else reporting that Libre Office crashes without SAVING data after the SAVE command had been used. Yes several rows of data entered has simply disappeared and needs to be re-entered, SAVED and in some cases, re-entered again. This only happens on my two Windose 10 boxen. It does not happen when Libre Office runs on Linux MX or Debian boxen

    Ah well, it looks like it's time to go full Linux OS then.

    ALF

    1 4 Reply
    1. martinusher Silver badge
      Reply Icon

      Re: Disruptive OS

      I now only run Windows at home when I absolutely have to and so enjoy a worry free, quiet, life.

      The problem is that the IT cabal in a typical workplace is part of the same Administrative group that includes HR, Legal and the like. It communicates with, influences and takes orders directly from the executives. Due to the training such people have they only know Windows -- everything else is alien and threatening -- so Windows gets mandated whether its an appropriate choice or not. If Linux has to be used on some systems then its treated like an infectious disease. Engineering is never consulted about any IT policies, we just have to live with them even if they negatively impact our work.

      The reason why I refer to the IT "Cabal" is that their training is less engineering and more 'how to drive certain vendor's boxes' -- like a lot of business education it has more in common with seminary training than education proper, its a process that teaches the lore and weeds out any of wavering faith. Training in this field is directed towards vendor specific certification and (based on first had knowledge and interactions with such people) often falls well short of the standard of understanding I'd assume was minimal for this job. (But then we actually design the stuff so what do we know?)(I've had many an interesting conversation with these techs who seem to think that all engineers are just incarnations of Christopher LLoyd in one of his more maniac roles.)

      3 2 Reply
      1. Paul Hovnanian Silver badge
        Reply Icon
        Big Brother

        Re: Disruptive OS

        'The reason why I refer to the IT "Cabal" '

        There is no cabal.

        - The Cabal

        3 0 Reply
        1. jake Silver badge
          Reply Icon

          Re: Disruptive OS

          Even if there was a cabal, it would have disbanded back in 1986. Probably.

          TINC

          1 0 Reply
  12. Anonymous Coward
    Anonymous Coward

    Don't be fooled

    Defender for business has so many shortcomings I have documented to my management that it is not as secure as our prior product, changes to settings take 24 hours to take affect (example updating firewall exceptions) Almost anything requires 20 plus clicks (opening collapsed sub menus that should not be collapsed at all, jumping form page to page for things that should be on one page) If you are thinking of going to defender from a Mature security tool - start talking to people that use it and not those selling it. Don't suffer the same as I do. and the useless alerts this generates omg. all day long. Missing context in menus, Device (USB/CD) permissions are right out of 1980's horror movie. Learn before you burn.

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Don't be fooled

      I'd be really interested if you could expand on that - just heard my previous employer are planning on moving from Intercept-X to Defender...

      0 0 Reply
  13. navarac Silver badge

    Who's good?

    Pity Microsoft doesn't lock itself down for their users good.

    0 0 Reply
  14. naive

    However the pointy haired boss

    will be happy to hear "Microsoft anti virus" is available.

    ClamAV is a good product, the perceived quality of a house hold brand name is always higher for most people in a corporate environment, who are risk averse since corporate environments are little Soviet systems where there are no rewards for good decisions, only the Gulag for ones that didn't work out as anticipated.

    0 1 Reply
  15. rmstock

    Layoffs

    When Microsoft went from Windows 3.1 to Windows 95, a strange question sometimes popped up when installing updates : "Do you always trust Microsoft ?" Thats when i began to wonder if Microsoft was a software company or a front for some strange cult. The timing of this was rather unfortunate, as a year earlier i had lost a MS Word document, which was a project proposal to retrieve research funding from the EU. I decided to not use MS Word but to reenter the text using Word Perfect . That was long ago. Some time later i installed RedHat 4.2 as my second OS.

    The hostile position which Microsoft takes today with its new edition of Microsoft's Defender for Endpoint shows that trust has deteriorated, and as recently was announced that "Microsoft is laying off 10,000 employees", CNN, Wed January 18, 2023 a number of former Microsoft employees might get hired by ... the NSA : "NSA wooing thousands of laid-off Big Tech workers for spy agency's hiring spree", The Washington Times - Friday, February 3, 2023. It is understandable that Ballmer's Trust in his former employees might be subject to Rust erosion.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like