All about "security and anti-virus software".

[Papusan]

I see we lack a thread for Security news in the foirum. Hence I put up this new thread  "All about security and anti-virus software".

 

TP-Link Said to be Sharing Customers Browsing Data with Third Party 

Techpowerup.com | March 12, 2022

 

These days, routers are quite complex devices that are doing much more than just routing data and are often the main security device on a home network. As such, we've seen a surge in third party services such as Asus' AIProtection that runs software from TrendMicro and Netgear Armor in cooperation with Bitdefender. Chinese TP-Link is likewise offering similar services, some in partnership with TrendMicro and some with Avira. It now appears that TP-Link's HomeCare service—that the company is offering in partnership with Avira—is sending data to Avira even when disabled in the UI, based on a thread over at Reddit.

The standard Avira features are meant to offer protection against malicious content, network intrusions and even against infected devices on the network that are said to be quarantined from other devices on the network. It also incorporates some basic parental control features, such as automatic content filtering and time controls. However, in this case, the issue isn't the functionality itself, but the fact that there apparently is no way to turn off the HomeCare feature, since even when seemingly disabled in the UI of the affected routers, it sends data to Avira. It seems to be a fairly large amount of data being sent as well, with the initial poster claiming over 80,000 requests in a 24 hour period. According to a review of a TP-Link product over on XDA-Developers from May last year, TP-Link said that they were working on a firmware update that would allow the Avira service to be turned off permanently.

[Papusan]

German Cyber Guard BSI warns now against the use of Kaspersky antivirus products

Posted on 2022-03-15 by guenni

Can antivirus products from the Russian based company Kaspersky be used in companies and government agencies without risk? After Russia's invasion of Ukraine, this question has becomehot. After hesitating for some time, the German Federal Office for Information Security (BSI) has now issued a recommendation. In short, the BSI recommends replacing applications from the Kaspersky anti-virus software portfolio with alternative products.

 

 

And if you enjoy Malware on your computers then visit M$ Store. There is no need to spend time on unsafe webpages. Microsoft is very keen offer you new features/highlights, LOOL

Electron Bot: Malware in Microsoft Store infects over 5,000 machines

Posted on 2022-03-15 by guenni

[German]Security vendor Check Point has come across a new type of malware that enables a complete takeover of systems through a backdoor. In addition, the malware can take control of social media accounts from Facebook, Google and Sound Cloud. The malware was spread via games offered for download in the official Microsoft Store. And the tragic thing is that virus scanners like Microsoft Defender did not detect this malware.

[Papusan]

Why so difficult? Both software is developed and updated from same company @Mr. Fox @Ashtrix

 

 

SECURITY, MICROSOFT

Microsoft Defender tags Office updates as ransomware activity

Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems.

[Mr. Fox]

It's not what I would have picked, but it is looking more and more like the only real solution to the problem is going to be Linux. Not ideal, but probably better than sticking with the effed-up garbage the Redmond Reprobates are continually vomiting onto us. At least we can bridge the gap with wine, Lutris, Bottles and Steam Proton. Fake Windows has all of the potential to be better than real Windows. Almost there already. 5+ hours so far today with no legitimate reason for me to boot into Windows that I can identify. As it stands now, they are running at the edge of the danger zone of no longer offering a "necessary" product. Why would anyone put up with their stupid crap if they don't have to? If they don't pull their head out soon they may choke to death on their own poop.

 

 

[Mr. Fox]

On 3/15/2022 at 7:18 PM, Papusan said:

German Cyber Guard BSI warns now against the use of Kaspersky antivirus products

Posted on 2022-03-15 by guenni

Can antivirus products from the Russian based company Kaspersky be used in companies and government agencies without risk? After Russia's invasion of Ukraine, this question has becomehot. After hesitating for some time, the German Federal Office for Information Security (BSI) has now issued a recommendation. In short, the BSI recommends replacing applications from the Kaspersky anti-virus software portfolio with alternative products.

 

 

Trusting a Russian company with anything is foolish for any government. It's sad that the Russian people have to tolerate a totalitarian government, but I also think the US, Canada, Great Britain and Australia are on a dangerously similar path with their current corrupt government "leaders" aspiring to model abject incompetence. Evil takes many forms and we are living in troubled times. The difference is that Putin and Xi Jinping are just not as secretive and misleading about their nefarious intentions. They've embraced their dark side and don't mind flaunting it. That's not much worse than pretending to be decent human being. Maybe a little bit, but at least you know what you're actually dealing with.

On 3/15/2022 at 7:18 PM, Papusan said:

Electron Bot: Malware in Microsoft Store infects over 5,000 machines

Posted on 2022-03-15 by guenni

[German]Security vendor Check Point has come across a new type of malware that enables a complete takeover of systems through a backdoor. In addition, the malware can take control of social media accounts from Facebook, Google and Sound Cloud. The malware was spread via games offered for download in the official Microsoft Store. And the tragic thing is that virus scanners like Microsoft Defender did not detect this malware.

Windows 10/11, OS X and ChromeOS are all malware based upon their intentionally engineered behavior, so it makes sense that Defender doesn't detect it. When you live across the street from a sewage treatment plant you eventually reach the point that you can no longer recognize the stench. 

[Hertzian56]

yeah I mean come on all this tech has backdoors built in and it was pretty obvious that kaspersky was just one they charge you for and causes all sorts of lag on your system to boot.  Of course they pay the manuf's to load it on new stuff with some trial period and many think that if they don't keep it their computer will just blow up. My poor grandparents just don't have the mindset to install free script/ad blockers/NON-M$ firewalls with more detailed options and settings, and other things that greatly reduce the amount of spam and the junk that comes along with it, their 10 install was so encrusted that I had to wipe it out. The computer would barely run it was so laggy and their 1tb hdd only had about 250GB of data on it. What scares me even more than the access to mics and cameras which are not covered up is the new UNDER the screen cameras which you won't be able to just slap some electrical tape over, you'll have to disable it via settings which can probably be negated on the sly if so desired, good luck with cell phones and similar devices(aka personal minders you pay for). I try as much as possible to use the freeware like Libre etc that's stand alone for personal use. For AV if I notice a problem that I can find no other cause of I run the bleepingcomputer and other things a few times to clean it out, it's not even that hard to just wipe out your OS and reinstall really if you have your important stuff on an external drive or two.

[Papusan]

Microsoft Defender apparently causing high memory usage issue, black screen, and more

Sayan Sen · 15 hours ago

Microsoft Defender for Endpoint is apparently causing several issues for clients on Windows 10 20H2 systems. These issues include very high memory usage bug, black screen on boot up, and more.

 

The high memory usage by Defender's "Antimalware Service Executable" process (MsMpEng.exe) is a quite common bug and sometimes a temporary workaround to reduce the memory consumption is to disable the Real-time Protection.

 

Yep, what did you expect from the Redmond based company? A flawless experience? This just follow same pattern as their newest OS. Will be in beta forever. 

 

[Papusan]

See bro @Mr. Fox @Ashtrix. Microsoft also make fantastic anti virus software. 

 

Microsoft Defender Loses To McAfee And Almost Every Other AV In Performance Impact Showdown

AV Comparatives has posted the results of its latest performance impact test of over a dozen popular antivirus programs, and unfortunately for Microsoft, its Defender program that's built into Windows only narrowly avoided coming in dead last.

 

[Papusan]

Defender is causing major problems for Windows 20H2 users

Microsoft Defender for Endpoint is the root cause of some pretty nasty....... 

May 2, 2022

 

• Defender is the root cause for high memory usage and black screens on Windows 10 20H2.
• Apparently, the problem isn't new and has been observed causing trouble for the past month.
• This bug also affects software such as Windows Event Viewer, Word 2016, and newer versions.

 

Not everyone is interested in looking for antivirus protection from other companies, and would rather stick with Microsoft’s security solutions.

Defender was recently rated pretty high for the services it provides, so that’s not a bad thing at all, considering how much time the company puts into perfecting it.

However, Defender users are not having such a great time lately, as the software is causing all sorts of major issues for the Windows 20H2 users.

 

[Papusan]

@Mr. Fox @Ashtrix ++++
 

https://www.techpowerup.com/295877/windows-defender-can-significantly-impact-intel-cpu-performance-we-have-the-fix

[Mr. Fox]

On 5/3/2022 at 1:56 PM, Papusan said:

See bro @Mr. Fox @Ashtrix. Microsoft also make fantastic anti virus software. 

 

Microsoft Defender Loses To McAfee And Almost Every Other AV In Performance Impact Showdown

AV Comparatives has posted the results of its latest performance impact test of over a dozen popular antivirus programs, and unfortunately for Microsoft, its Defender program that's built into Windows only narrowly avoided coming in dead last.

 

The "impact score" results prompted me to test something besides ESET and Malwarebytes, which are the only things I have been wiling to use on the OSes where I use an antivirus program. (I totally remove Defender AV by force on all my OSes and do not use any security software on my benching OSes.) I never use a security "suite" because they are far too bloated and ridiculous. They include all sorts of extra resource-gobbling trash that I don't want.

 

Based on my testing, I may be switching the Panda free antivirus. It consumes fewer resources than ESET or Malwarebytes and the UI of the settings is far better than either of the other two. The advanced settings make more sense. For example, in the circumstances where I do use an antivirus program, I exclude all drives except for the OS drive. I do not want any scans run on drives with files or the other OSes in my multiboot configurations. I do not want removable drives scanned, or a prompt to scan them. These options are presented in a more logical fashion in Panda.

 

With ESET and Malwarebytes (and others I have played around with) you generally can only add file and folder exclusions one at a time. If you have 6 or 8 drives that is between 18 to 24 mouse clicks. Not the end of the world, but certainly not very intelligent. Panda gives me a tree with checkboxes to add them all at once. You can configure everything much faster, with fewer menus and fewer mouse clicks with Panda, but it lacks nothing in terms of configuration. It has everything ESET and Malwarebytes offers.

 

And, it is consumes considerably less memory. The folks at Panda built it to resemble something someone intelligent would want to use. I'm impressed. And, it's free. The only thing negative about it, during installation you have to uncheck a box to NOT install Opera browser. If that is the price of getting it for free, not a big deal.

[Papusan]

42 minutes ago, Mr. Fox said:

The "impact score" results prompted me to test something besides ESET and Malwarebytes, which are the only things I have been wiling to use on the OSes where I use an antivirus program. (I totally remove Defender AV by force on all my OSes and do not use any security software on my benching OSes.) I never use a security "suite" because they are far too bloated and ridiculous. They include all sorts of extra resource-gobbling trash that I don't want.

 

Based on my testing, I may be switching the Panda free antivirus. It consumes fewer resources than ESET or Malwarebytes and the UI of the settings is far better than either of the other two. The advanced settings make more sense. For example, in the circumstances where I do use an antivirus program, I exclude all drives except for the OS drive. I do not want any scans run on drives with files or the other OSes in my multiboot configurations. I do not want removable drives scanned, or a prompt to scan them. These options are presented in a more logical fashion in Panda.

 

With ESET and Malwarebytes (and others I have played around with) you generally can only add file and folder exclusions one at a time. If you have 6 or 8 drives that is between 18 to 24 mouse clicks. Not the end of the world, but certainly not very intelligent. Panda gives me a tree with checkboxes to add them all at once. You can configure everything much faster, with fewer menus and fewer mouse clicks with Panda, but it lacks nothing in terms of configuration. It has everything ESET and Malwarebytes offers.

 

And, it is consumes considerably less memory. The folks at Panda built it to resemble something someone intelligent would want to use. I'm impressed. And, it's free. The only thing negative about it, during installation you have to uncheck a box to NOT install Opera browser. If that is the price of getting it for free, not a big deal.

As you know.  I bench a lot and have Eset Nod32 installed mostly all time. But my benches is still ok. Panda maybe is an option but my long time use with Eset is hard to get rid of (used it many years without screw up). M$ Defender is a ticking bomb regarding performance impact and they change this bloat too often. Maybe I could get even better scores removing everything but my main OS’s is used for everything. It’s a choice between pest and cholera. 
 

I use a triple bot (win 7, 2019 LTSC and 2021 LTSC as main OS). I could of course make a second triple OS more cleaned/no Av). More is better, isn’t it? At least sometimes, LOOL 🙂 But not if you add in Defender or other huge AV suites. 
 

Still nice you tested it properly. Panda could be a good choice. 

[Mr. Fox]

24 minutes ago, Papusan said:

Still nice you tested it properly. Panda could be a good choice. 

You should give it a try.

[Papusan]

5 minutes ago, Mr. Fox said:

You should give it a try.

I remember bro Phoenix talked nice about Panda. That’s a long time ago now. In the older NBR. It seems it’s still is a good choice even nowadays. Nice some companies still make something you can use. And they are in minority, bro Fox. Thanks for showing it 🙂

[Papusan]

1 hour ago, Mr. Fox said:

The "impact score" results prompted me to test something besides ESET and Malwarebytes, which are the only things I have been wiling to use on the OSes where I use an antivirus program. (I totally remove Defender AV by force on all my OSes and do not use any security software on my benching OSes.) I never use a security "suite" because they are far too bloated and ridiculous. They include all sorts of extra resource-gobbling trash that I don't want.

Latest test (performance impact)

 

https://www.av-comparatives.org/tests/performance-test-april-2022/

[6730b]

"In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens,"

https://www.bleepingcomputer.com/news/security/hacker-claims-to-have-stolen-data-on-1-billion-chinese-citizens/

[Ishayin]

On 7/4/2022 at 1:47 PM, Papusan said:

 

Still nice you tested it properly. Panda could be a good choice. 

 

Ah nooo, Panda brings back so many nightmares! It was brought in where I worked some years ago and brought all of our machines to a grinding halt. It made my laptop regularly unusable and often gave me BSOD crashes on top of that until I simply refused to use it any longer. Another colleague switched to Linux to avoid it. I guess it is likely better nowadays, but those memories are burnt way too deep in my soul to ever give it a second chance 😕

 

I used Avira for a time around that period when it was still good, but then it went downhill and now I just use the default Windows Defender with TinyWall added on top. I feel like AV is the least important component of security in any case. Certainly not worth sacrificing much performance or power for.

[Papusan]

Titus just can't accept windows Defender, LOOL 

 

[solidus1983]

21 hours ago, Papusan said:

Titus just can't accept windows Defender, LOOL 

 

 

I can't stand Windows defender either, it's bad enough with MS WSUS, let alone Defender. One devil is more then enough thank you.

[Mr. Fox]

Defender is a virus anti-virus. I love that Chris Titus calls Micro$oft the Mafia, as I have been doing for years. There is no reason to be kind or play nice with Micro$lop or crApple. They are not "good people" and they are not deserving of any respect, kindness or loyalty. They are bad companies that deserve anything bad that happens to them.

Remove Defender.zip

[Papusan]

Right on time before Intel and AMD release new processors. It's amazing how they can find new flaws at correct time. New security patches will always arrive right before new HW will be released. Like clockwork.

 

 

Security vulnerabilities found in Intel and AMD processors

by Martin Brinkmann on Aug 10, 2022 in Security - Last Update: Aug 10, 2022 - 0

 

Security researchers have discovered vulnerabilities in Intel and AMD processors that may lead to information disclosure. Most Intel 10th, 11th and 12th generation processors are affected by a new vulnerability that the 

 

Most Intel 10th, 11th and 12th generation processors are affected by a new vulnerability that the researchers have named ÆPIC Leak. The vulnerability is an architectural bug according to the researchers, which sets it apart from Spectre and Meltdown vulnerabilities that have haunted Intel and AMD in the past years.

AMD Zen 2 and 3 processors are affected by a security vulnerability that the researches named SQUID. It is a side channel attack that is targeting CPU schedulers.

 

New Vulnerability Affects All AMD Zen CPUs: Threading May Need to Be Disabled tomshardware.com 

[Mr. Fox]

9 hours ago, Papusan said:

Right on time before Intel and AMD release new processors. It's amazing how they can find new flaws at correct time. New security patches will always arrive right before new HW will be released. Like clockwork.

 

 

Security vulnerabilities found in Intel and AMD processors

by Martin Brinkmann on Aug 10, 2022 in Security - Last Update: Aug 10, 2022 - 0

 

Security researchers have discovered vulnerabilities in Intel and AMD processors that may lead to information disclosure. Most Intel 10th, 11th and 12th generation processors are affected by a new vulnerability that the 

 

Most Intel 10th, 11th and 12th generation processors are affected by a new vulnerability that the researchers have named ÆPIC Leak. The vulnerability is an architectural bug according to the researchers, which sets it apart from Spectre and Meltdown vulnerabilities that have haunted Intel and AMD in the past years.

AMD Zen 2 and 3 processors are affected by a security vulnerability that the researches named SQUID. It is a side channel attack that is targeting CPU schedulers.

 

New Vulnerability Affects All AMD Zen CPUs: Threading May Need to Be Disabled tomshardware.com 

Oh no. Somebody call 9-1-1. We're all gonna die. *yawn* I'm so scared. *sniff* And global warming. And stuff. *smack* Where's my binky?

[raptorddd]

On 8/8/2022 at 8:38 AM, Mr. Fox said:

Defender is a virus anti-virus. I love that Chris Titus calls Micro$oft the Mafia, as I have been doing for years. There is no reason to be kind or play nice with Micro$lop or crApple. They are not "good people" and they are not deserving of any respect, kindness or loyalty. They are bad companies that deserve anything bad that happens to them.

Remove Defender.zip 4.86 kB · 3 downloads

hi. whats the difference  from this one.?

 

https://notebooktalk.net/topic/265-all-about-windows-10-ltsc-included-news-and-announcements/?do=findComment&comment=3021&_rid=392

 

[Papusan]

2 hours ago, raptorddd said:

hi. whats the difference  from this one.?

 

https://notebooktalk.net/topic/265-all-about-windows-10-ltsc-included-news-and-announcements/?do=findComment&comment=3021&_rid=392

 

Same hash = Same file. Of course this needed file should be in this thread as well 🙂

[Vasudev]

On 3/17/2022 at 10:52 PM, Papusan said:

Why so difficult? Both software is developed and updated from same company @Mr. Fox @Ashtrix

 

 

SECURITY, MICROSOFT

Microsoft Defender tags Office updates as ransomware activity

Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems.

I think they triggered or activated flagging MSO as suspicious activity. Usually they correct these def. update or platform updates. I use Defender along with DefenderUI(makers of Voodoo-shield) with custom profile.  I use few custom bat script which are removed by 3rd party post OS install either from NTlite or WinToolkit