Windows users have recently begun mass-reporting that Microsoft's Defender antivirus program, which is integrated into Windows 10 and 11 by default, is
Because it makes it the easiest thing to spoof an .exe which enables attacks of which you will never get out of. A legit.exe vs a spoofed legit.exe will be the exact same in every way except the coding in spoofed fucks you.
Edit: you’re trading security risk for security risk that makes it easier to hide. Not worth it.
Edit 2: their is nothing 100% secure MD5 and Sha1 are both spoofable. Checksums and anything is capable of being man in the middle. You people act like you just found something that can’t be broken. This is the real world the moment you switch most black hatters and white hatters will switch too…
I’m not sure that these things work the way you think they do… an antivirus wouldn’t just look for the name of an executable to be “legit.exe” but rather would look at what the program calls itself in it’s manifest, compute the hash for the executable binary file, and compare that hash against a database of known good hashes. If the contents of the executable compute a hash identical to the known good hash, then you know the contents of the executable are clean.
Still getting into programming and having a bit of trouble understanding what a “manifest” is. What does this technically entail? Are “manifests” implemented differently by PL or OS?
Because it makes it the easiest thing to spoof an .exe which enables attacks of which you will never get out of. A legit.exe vs a spoofed legit.exe will be the exact same in every way except the coding in spoofed fucks you.
Edit: you’re trading security risk for security risk that makes it easier to hide. Not worth it.
Edit 2: their is nothing 100% secure MD5 and Sha1 are both spoofable. Checksums and anything is capable of being man in the middle. You people act like you just found something that can’t be broken. This is the real world the moment you switch most black hatters and white hatters will switch too…
I’m not sure that these things work the way you think they do… an antivirus wouldn’t just look for the name of an executable to be “legit.exe” but rather would look at what the program calls itself in it’s manifest, compute the hash for the executable binary file, and compare that hash against a database of known good hashes. If the contents of the executable compute a hash identical to the known good hash, then you know the contents of the executable are clean.
Still getting into programming and having a bit of trouble understanding what a “manifest” is. What does this technically entail? Are “manifests” implemented differently by PL or OS?
Manifests are like an abstract for an executable.
How is this getting upvoted. This is ridiculous garbage, every exe whitelist would obviously have checksums attached, not just a filename.
Please don’t reply to comments when you’re talking out your ass, that doesn’t help anyone. You don’t know wtf you’re on about, at all.
Not really, WDAC doesn’t usually just look at the filename. It can look at the certificate it was signed by, or fallback to using hashes.