back to article Bad apps bypass Windows security alerts for six years using newly unveiled trick

Elastic Security Labs has lifted the lid on a slew of methods available to attackers who want to run malicious apps without triggering Windows' security warnings, including one in use for six years. The research focused on ways to bypass Windows SmartScreen and Smart App Control (SAC), the go-to built-in protections against …

  1. Julian Poyntz

    Microsoft - Security conscious as always

    Trust us with your security - we know what we are doing

    1. Version 1.0 Silver badge
      Windows

      Re: Microsoft - Security conscious as always

      Too often it's "Trust us with your security - we think we know what we are doing, oh wait, look what's happening!"

      1. Plest Silver badge
        Happy

        Re: Microsoft - Security conscious as always

        With MS it's more like...

        "Huh? How the hell is it doing that? Well I'll be damned!"

      2. ThatOne Silver badge
        Devil

        Re: Microsoft - Security conscious as always

        > Too often it's "Trust us with your security - we think we know what we are doing

        Actually it's rather "Trust us with your security - we don't really care about it"...

    2. ritmo2k

      Re: Microsoft - Security conscious as always

      Yes, Microsoft are the only ones that have bugs in their software.

      Maybe they would benefit from your extensive knowledge and expertise.

    3. stiine Silver badge
      Big Brother

      Re: Microsoft - Security conscious as always

      "Trust us with your security - we know what we are doing"

      And thanks to your use of SmartScreen, WE know what YOU are doing.

  2. elDog

    Sounds like Microsoft stopped doing red/blue team security testing

    That non-standard path altering one in Explorer sounds way to easy to exploit.

    1. ecofeco Silver badge

      Re: Sounds like Microsoft stopped doing red/blue team security testing

      Did they ever, or was it all just lip service?

  3. Roland6 Silver badge

    This is without AI / Copilot…

    “ Windows Explorer then recognizes the error in the target path and searches for the real executable, corrects the target path, and updates the file which in turn removes MotW.”

    We can expect a whole new generation of vulnerabilities when Copilot gets in on the act.

    [Aside: This looks like a problem that translating/rewriting into Rust isn’t going to fix…]

  4. Anonymous Coward
    Anonymous Coward

    Arthur: I am Arthur king of the Britons. Step aside brave knight we must pass this bridge.

    Black Knight: None shall pass.

    Arthur: I am Arthur, king of the Britons. I have no quarrel with you sir knight but I must pass.

    Black Knight: Then you shall die.

    Arthur: I am ./Arthur, king of the Britons.

    Black Knight: Go on then.

    1. stiine Silver badge

      sudo allow < me > pass

      This joke was funnier when it was still a sudo joke.

      1. Anonymous Coward
        Anonymous Coward

        Re: sudo allow < me > pass

        Agree the sudo is funnier but this article is about syntax not permission or elevation of privilege.

      2. Claptrap314 Silver badge

        Re: sudo allow < me > pass

        The first time it was a farce. The second, a tragedy.

  5. Claptrap314 Silver badge
    Facepalm

    You look like ...

    you are trying to add a feature with tons of edge cases, all but guaranteeing a litany of security issues.

    Would you like help with that?

    (El' Reg has a limit on subject line length that broke this one...)

    1. ThatOne Silver badge
      Devil

      Re: You look like ...

      > (El' Reg has a limit on subject line length that broke this one...)

      Yes, Microsoft security is a lengthy subject...

  6. DarthKegRaider
    IT Angle

    The way i get around it...

    Of the places that have that annoying Defender feature that wants to stop me from running exe files. Open cmd.exe as admin and launch the filename.exe from there. No stupid popup. Yes I am a desktop admin, yet cannot reinstall apps or update drivers so am forced to use workarounds.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like