Posted on 11/27/2015 6:13:55 PM PST by dayglored
Windows Defender lives up to its name by dealing death to Dell's dumb DLL
Microsoft has killed Dell's user-pwning root certificate and its self-reinstalling .dll with its antivirus Defender tool.
The certificate is a big blunder because it opens a universal means for attackers on public networks to hose new Dell laptops.
That's because bright minds planted a self-signed root CA certificate and private key on new laptops which allows attackers on public Wi-Fi to steal otherwise encrypted usernames, passwords, and other sensitive data.
"An attacker can exploit a certificate using phishing or man-in-the-middle attacks to decrypt, modify or spoof HTTPS websites, such as banking, social media, or email websites," Microsoft bod Karthik Selvaraj says.
"This could allow a malicious hacker to steal your usernames, passwords, and confidential data.
"They could also carry out transactions without your knowledge, even when it seems like you have a secure browser connection to a website."
The free Windows Defender tool will kill the certificates and the associated Dell.Foundation.Agent.Plugins.eDell.dll plugin that will respawn the certificate.
Microsoft flags the Dell scourge as Win32/CompromisedCert.D. Windows 7 users can run Microsoft Security Essentials, or Redmond's Safety Scanner or Malicious Removal Tool.
Dell customers curious about their exposure can visit a test site setup by system admin Hanno Bock.
BTW the system admin mentioned at the end of the article is actually Hanno Böck but the O-umlaut doesn't display correctly. The site is https://edell.tlsfun.de/
Huh. So it IS good for something, after all!
Yeah... not so much.
> From what I've heard and read, it's probably better than the better known virus and anti-malware packages out there.
Depends on what you're trying to catch/avoid. It's very good at fixed-pattern matching and other lightweight techniques. It doesn't have the advanced processor=intensive heuristic algorithms of the big packages, that give them such a bad reputation for slowing your machine down.
I really like Defender and its predecessor Security Essentials. But that's because all I'm looking for is lightweight protection. If I needed the more intrusive algorithms, it wouldn't be as attractive.
> MS has decided to enter into the virus/malware business with all guns blazing
If that means they make Defender smarter, without making it slower, that's fine.
If that means that the default MS antimalware offerings are going to become top-heavy, bloated, lumbering messes like the competition, I'm not interested.
I hear you - and likewise would have agreed not long ago.
I would also add that MSE tends to be quite good with rootkits - not best, mind you, but it is good at it. MSE's offline/rescue scanner is competent.
But, I am a computer tech, serving residential and SOHO - My bench serves as a good study of real time 'in the wild' infections, and also by inverse extension, the effectiveness of various AV's.
By far and away, infected boxen tend to be running Norton. Second place would be a tossup between McAffee and Microsoft MSE.
Now, that is somewhat a matter of ubiquity - one would expect more of the above brands, just simply because of their wide distribution - but within my own ecosystem, that should be offset by my recommendation(s) to my customers:
I recommended F-Protect for many years, so I probably see more F-Protect protected boxes than the average, because of the effect of my recommendation (and I do, or at least, did) - Likewise, for a free solution, in a light to moderate threat environment, I had been recommending MSE (ever since AVG turned into a fat pig).
But, about a year ago, I started seeing a preponderance of MSE protected boxes coming across my bench... By about 6 months ago, I had stopped recommending it altogether. I now recommend Avast or AntiVir (Avira) as free solutions... And really, I encourage people to avoid free anti-virus...
As an aside, one might also consider that which doesn't come across my bench - My highest recommendation goes to Kaspersky Anti-Virus, with nearly as high praise going to Eset's Nod32... If people can afford it, or if they are in an high-risk environment, or if they require high security, these are the AVs I recommend.
I *never* see a KAV or Nod32 box come across my bench. And I have a lot of folks on KAV.
My own benches and server - probably the highest risk - run KAV.
It is my sad circumstance that I cannot get rid of Windows. The vast majority of my business comes from Windows/Office users, and I have to be able to hack Windows/Office in order to fix their machines. And in order to hack Windows/Office, I need to know it pretty intimately - Ergo, I have to use it.
I do use *nix - Normally I have a DMZ'd HTTP/FTP server facing the web - I would be an idiot to have such a thing except that it's running *nix.My media boxen (my TV's are all hooked to computers instead of Cable) will soon get hard-wired NIC instead of wireless, and the very second I can get away from WLAN, they will all be running Linux. All of my personal appliances are 'droids or running Mint.
And I stay away from dodgy sites, don't surf warez or pr0n, and mostly do actual, you know, work type stuff... :-)
Yeah, me too - Since the advent of scriptblockers, it's pretty hard for me to get a bug at all - But try teaching JoeUser how to run a script blocker...
Maybe. But maybe they're too close to the code.
I'd feel better if Microsoft were requiring the use of one or two of the high-end third-party static analysis products out there. You know what I mean, the packages that run a quarter of a million bucks or so. The ones the big boys use for code that has to work, like spacecraft code.
Because the last person you want checking code for mistakes is the person who wrote it, and the next to the last is any person who has a vested interest in not finding bugs.
Microsoft might be using someone else's analysis tools, I don't honestly know. But I've never heard of them doing so on Windows, and it would be a big deal if they did, so I assume they don't.
One thing to keep in mind - Microsoft is huge and diverse and ridiculously competitive. They aren’t exactly “one big happy family” and the spirit of cooperation isn’t quite what one might believe.
Good question. I have no idea.
But I did look up connections between Microsoft and the big code analysis outfits, and found that Coverity lists Microsoft as a customer. Obviously that doesn't say anything about MS using Coverity to check Windows in particular. But they must use them for something -- Coverity is damned expensive software, and it enjoys a good reputation in the business, and so it's nice to know MS uses them for whatever they use them for.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.