I wonder why Windows Defender has the privilege to alter the system files. Read them for analysis? Sure! Reset (as in, call some windows API to have it replaced with the original), why not? But being able to write sounds like a bad idea.
However, I don't know what I'm talking about so take it with a grain of salt!
AV had traditionally run as SYSTEM on Windows (and, in the past, often had kernel mode drivers too). I've always thought it was a terrible idea. It opens up exciting new attack surfaces. Kaspersky and McAfee both had privilege escalation vulnerabilities that I can recall. There have been a ton in multiple products over the years.
If malware exploits a privilege escalation vuln, what's the AV going to do about it when it's reduced to the software equivalent of a UK police officer? Observe and report? Stop or I'll say "stop" again?
AV requires great power, which requires great responsibility. The second part is what often eludes AV developers.
The OS should do the SYSTEM-level lifting and scanning processes and behavior analysis should run sandboxed as low priv processes. It would require a clearly defined API and I feel like MSFT was always reticent to commit, leaving AV manufacturers to create hacky nightmares.
What would this privilege look like that is meaningfully different from SYSTEM while being properly protected from/able to deal with malware that has an LPE?
I remember the times when Microsoft had a lot of problems 20 years ago because of Sasser and other viruses that were taking over Windows. They did not have any contenders. Yet they have stopped any software development for 9 months just to re-work their entire codebase to prevent things like direct memory execution and stuff like that. The result of that was Windows XP Service Pack 2. After that thing windows XP became a legend.
Now, when Linux is slowly creeping on one side, and Mac NEO on another they keep releasing this AI-slop.
By the looks of it they make most of their money from the cloud and other software things nowadays. And Windows has become a sidekick in their processes.
I don't think SP2 made much of a difference in the popularity of XP. It was already dominant, and it's mostly remembered as "legendary" because it had become the target platform for every hardware and software vendor on the planet. Windows 98 was too flaky to engender any serious friction to upgrades, and Windows 2000 was not consumer-friendly enough; XP effectively unified the consumer and professional desktop markets, and became the gold standard.
SP2, if anything, slowed down adoption, since it threw a bunch of spanners in the way of third-party code. It was probably necessary, just to stem the flow of bad press, but no mean a key in XP's overall success.
It was not that bad. I remember when SP fixed a bunch of issues with bluetooth, and windows CD burning program was better than any of the Nero Burning ROMs, cause those became unusable overbloated.
Windows Me was some weird marketing attempt at squeezing more life out of the dead-end '9x line. I honestly don't know who, in their sane mind, would ever pay for such a thing.
> Windows XP Service Pack 2. After that thing windows XP became a legend.
God that was an era. XP SP2 was a great OS, IE was the best browser, MSN was the most popular messenger, Skype was acquired, HTC's Windows CE devices were shipping real web browsers that worked over 3G.
By the end of the Ballmer era, Microsoft has lost the OS, the browser, the messenger, the meeting service and mobile.
There were several points in time (after the SP2 too) when installing WinXP with an active internet connection was nearly impossible, because it would get infected during the installation and shut itself down halfway through it.
65 comments
However, I don't know what I'm talking about so take it with a grain of salt!
If malware exploits a privilege escalation vuln, what's the AV going to do about it when it's reduced to the software equivalent of a UK police officer? Observe and report? Stop or I'll say "stop" again?
AV requires great power, which requires great responsibility. The second part is what often eludes AV developers.
Technically, Defender can be replaced with 3rd party AV.
There are tons of signed drivers to explore ;-)
> It runs in two modes, passive and aggressive
Lol
Now, when Linux is slowly creeping on one side, and Mac NEO on another they keep releasing this AI-slop.
By the looks of it they make most of their money from the cloud and other software things nowadays. And Windows has become a sidekick in their processes.
SP2, if anything, slowed down adoption, since it threw a bunch of spanners in the way of third-party code. It was probably necessary, just to stem the flow of bad press, but no mean a key in XP's overall success.
Whereas 98 was still in the kinda DOS-based 9x line.
And I fully agree with you to not mention Windows Me.
> I don't think SP2 made much of a difference in the popularity of XP
The general knowledge was to wait until the SP were stable. This was hard. 4.0 had SP6, 2k had SP4.
> I don't think SP2 made much of a difference in the popularity of XP
SP1 was buggy as hell.
> Windows XP Service Pack 2. After that thing windows XP became a legend.
God that was an era. XP SP2 was a great OS, IE was the best browser, MSN was the most popular messenger, Skype was acquired, HTC's Windows CE devices were shipping real web browsers that worked over 3G.
By the end of the Ballmer era, Microsoft has lost the OS, the browser, the messenger, the meeting service and mobile.
> normally I would just drop the PoC code and let people figure it out
Looks like that's exactly what they did though?
Or maybe they just meant that they don't usually explain how it works?
Doesn't Linux have one of these CVEs...each week?