Tried to download the source code for the recent xz backdoor

https://github.com/tukaani-project/xz/releases/tag/v5.6.1

Windows Defender already includes a (or the) xz backdoor signature:
right after the file was downloaded and saved to my desktop, Defender
sprang into action to keep me from infecting the Windows world [1].

The "severe" threat was identified as "Backdoor:Linux/XZBackdoorBuild.B"

(Defender identified a single archive file inside the .gzip: xz-5.6.1/tests/files/good-large_compressed.lzma)

With no interference or permission by me, Defender deleted the tar.gz.

I marked this threat as "allowed", but when I tried to download it
again, Defender deleted it again.

I really, really wanted to initiate a global malware meltdown, so I
turned off some portions of Win11 Defender security:

Start
Settings
Privacy & Security
Windows Security
Open Windows Security
Virus & Threat Protection
Virus & Threat Protection Settings - Manage Settings
Real-time Protection
turned off (it comes back on automatically after a while)


Went back to the web page and hurriedly downloaded the source. This
time I was successful.

A little later I turned 'Real-time Protection' back on and did a Quick
Scan and it detected the scary file and let me decide to keep it or not.

You Windows-using cola advocates are doomed...




1. Microsoft MVP Greg Carmack says: ------------------------------------------------------------------------- Windows will not let you turn off basic built-in protection from
Defender and Firewall, unless another is installed in it's place which
should switch it off.

This is because being able to go unprotected would place the entire
WIndows eco-system at risk of easy infection by serious global malware infection which can spread like wildfire.

The threat is so great that Microsoft operates 24/7 global security
command centers on all continents which are constantly engaged in battle
with malware spread. Even one device without protection can give these infections a toehold. -------------------------------------------------------------------------

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 17 Apr 2024 19:53:36 -0400, DFS wrote:

Windows Defender already includes a (or the) xz backdoor signature:
right after the file was downloaded and saved to my desktop, Defender
sprang into action to keep me from infecting the Windows world [1].

Wait until it mistakenly identifies something you're fond of and saves you
from it.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/17/2024 9:36 PM, rbowman wrote:

On Wed, 17 Apr 2024 19:53:36 -0400, DFS wrote:

Windows Defender already includes a (or the) xz backdoor signature:
right after the file was downloaded and saved to my desktop, Defender
sprang into action to keep me from infecting the Windows world [1].

Wait until it mistakenly identifies something you're fond of and saves you from it.

That happened to you?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 18 Apr 2024 17:25:31 -0400, DFS wrote:

On 4/17/2024 9:36 PM, rbowman wrote:

On Wed, 17 Apr 2024 19:53:36 -0400, DFS wrote:

Windows Defender already includes a (or the) xz backdoor signature:
right after the file was downloaded and saved to my desktop, Defender
sprang into action to keep me from infecting the Windows world [1].

Wait until it mistakenly identifies something you're fond of and saves
you from it.

That happened to you?

https://learn.microsoft.com/en-us/microsoft-365/security/defender- endpoint/restore-quarantined-files-microsoft-defender-antivirus?view=o365- worldwide

No, it never happens which is why M$ has a page on how to claw the files
back.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 18 Apr 2024 18:45:36 -0400, Joel wrote:

... their vulnerability to viruses is only as much as the incompetence
of the owner ...

In the earlier days of Linux, there was more malware around for it. E.g
those “Ramen” and “Slapper” thingies. Linux is today more popular than ever, yet it is also more secure than ever.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 18 Apr 2024 21:29:00 -0400, Joel wrote:

I have a lot of respect for the early adopters of Linux in the '90s and beyond.

I would UPS you my copy of Red Hat Linux Unleashed but the RH 5.2 CD is
missing unfortunately. You could learn the mysteries of LILO, XF86Config,
CDE, and other wondrous stuff. It was a step up from Slackware on
floppies. Only about a quarter of the 800+ pages are about installing it
and getting it running and building kernels. There are brief overviews of Apache, DNS, awk, Perl, Python, smtp, ftp, and so forth. By that time
(1998) Linux was getting somewhat polished but it was sort of the hobbyist endeavor that DFS seems to remember.

Some of the earliest adopters were amateur radio operators:

https://tldp.org/HOWTO/AX25-HOWTO/

A Linux box, a modem, and a 2M transceiver and you were in tall cotton. I
still have a modem although the serial port might take some work, radios,
and maybe the modem to radio cable but 1200 baud packet radio lost its
bloom a long time ago. For that matter 2M voice traffic on the local
repeaters is rare given that everyone has a cellphone.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 18-04-2024, Joel <joelcrump@gmail.com> a écrit :

DFS <nospam@dfs.com> wrote:

On 4/17/2024 9:36 PM, rbowman wrote:

On Wed, 17 Apr 2024 19:53:36 -0400, DFS wrote:

Windows Defender already includes a (or the) xz backdoor signature:
right after the file was downloaded and saved to my desktop, Defender
sprang into action to keep me from infecting the Windows world [1].

Wait until it mistakenly identifies something you're fond of and saves you >>> from it.

That happened to you?

I tend to agree this is a silly, unfair attack on M$, their
vulnerability to viruses is only as much as the incompetence of the
owner, I have no more concern with malware under Winblows than I would
under Linux, although I would use Norton "just in case", but it's
safe.

Does sasser rings a bell? I knew someone who has been infected when
trying to update his brand new Windows. Fresh install, first internet connection and sasser for free before being able to update Windows. He
had to install it again and was lucky on his second try.

Have you ever heard about Sony? A few years ago, when you put a perfectly legally bought music CD in your computer, even if you refused to install
the program you get the rootkit for free.

I know both examples are long gone, but it's not always the user's fault
even if it's often the case.

--
Si vous avez du temps à perdre :
https://scarpet42.gitlab.io

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 17 Apr 2024 19:53:36 -0400, DFS <nospam@dfs.com> wrote in <uvpne0$1s9lr$1@dont-email.me>:

Tried to download the source code for the recent xz backdoor

https://github.com/tukaani-project/xz/releases/tag/v5.6.1

Windows Defender already includes a (or the) xz backdoor signature:
right after the file was downloaded and saved to my desktop, Defender
sprang into action to keep me from infecting the Windows world [1].

The "severe" threat was identified as "Backdoor:Linux/XZBackdoorBuild.B"

(Defender identified a single archive file inside the .gzip: xz-5.6.1/tests/files/good-large_compressed.lzma)

With no interference or permission by me, Defender deleted the tar.gz.

I marked this threat as "allowed", but when I tried to download it
again, Defender deleted it again.

I really, really wanted to initiate a global malware meltdown, so I
turned off some portions of Win11 Defender security:

Start
Settings
Privacy & Security
Windows Security
Open Windows Security
Virus & Threat Protection
Virus & Threat Protection Settings - Manage Settings
Real-time Protection turned off (it comes back on automatically
after a while)

Went back to the web page and hurriedly downloaded the source. This
time I was successful.

A little later I turned 'Real-time Protection' back on and did a Quick
Scan and it detected the scary file and let me decide to keep it or not.

You Windows-using cola advocates are doomed...

1. Microsoft MVP Greg Carmack says:

-------------------------------------------------------------------------

Windows will not let you turn off basic built-in protection from
Defender and Firewall, unless another is installed in it's place which
should switch it off.

This is because being able to go unprotected would place the entire
WIndows eco-system at risk of easy infection by serious global malware infection which can spread like wildfire.

The threat is so great that Microsoft operates 24/7 global security
command centers on all continents which are constantly engaged in battle
with malware spread. Even one device without protection can give these infections a toehold.

-------------------------------------------------------------------------

The Windows ecosystem must be very, very vulnerable if this is a concern.

Wonder how much of that is due to how Windows Update uses p2p file
sharing?

--
-v

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)