danger/u/
is windows security still bad

| the other day I played a game that shuts my computer down for gimmick. many people were pissed because they lost unsaved documents (lmao). if an innocuous game can do this surely nothing is stopping a malware from doing this mild annoyance or worse. at the very least, the sensitive parts of the storage are protected by UAC.. right?


| no lol


| jokes aside when you run a program you still give it all it needs to do all the harm that can be done even more so nowdays with the magic that is the auto updating bios, what a world


| also almost forgot the mandatory windows is a virus joke


| >>681843
The issue is that Windows lacks granular permission control, and some components that should be locked behind a 'restricted' access is freely accessible.

I'll take *nix (Linux, Mac) and BSD for instance; both requires you to be a admin/root user to shutdown the system directly (i.e, not requiring a user prompt). I don't know about you, but if you willingly enter your root password to a program, then it's all on you for what happens next.


| You REALLY shouldn't run on the mindset that "if you run a program you're letting it harm your PC anyway" — that screams like bad or outdated OS design.

I'm not grilling Windows here, but we all know this is a component Windows lack: finer permission levels.

Note that this won't stop user stupidity. Hell no. But at least by that time (when the user bypass the permission checks) it's a user stupidity and not, say, the problem of the OS.


| Yeah, Windows permission is kind of a mess.

But also what kind of game is that? As someone with ADHD who constantly have multiple apps running at once, I consider that an extremely dick move.


| It doesn't matter how much or if Microsoft keeps improving security in windows because we will disable it anyway and run shit. Then we go on danger/u/ and complain


| >>681877
Point. Users will complain nonetheless, but there's nothing wrong with having them improved.


| the major problem is when lower lever components like the MB, NiC & microcode chips are overwritable from the OS or ever worse establish a direct internet connection
There are just some things that don't need to exist for the sake of minor convieniance especily when they introduce major security risks
if ppl actually cared about that we never would have gotten the whole spectre/meltdown/ automaticly bricking motherboard updates


| >>681908
I have no idea what you're about but Spectre & Meltdown are completely separate issues from this; Spectre is a major architectural flaw, same goes to Meltdown — they are not related to 'things that are writeable from the OS'. Branch predictions and out-of-order executions are not 'things writeable from the OS'.

None of these are related to permission control. By the time a program is able to exploit either Spectre or Meltdown, the OS is out of the question.


| >>681911
both issues ware caused by microcode which was focused on improving preformance

Either way the point i tried making is that
the underlying hardware your running is a far bigger concern security wise since it affects you no matter your OS precautions

also i don't know in what world you live in but microcode has been 'writeable from the OS' for decades.
and i don't think locking it behing permission control is enough it should be impossible


| >>681915
The topic of permission control were meant to tackle OS-level flaws, not architectural ones. As I have said earlier, both Spectre & Meltdown is an issue forming from the latter. The issue of programs being able to shutdown the computer without a prompt is the former.

And of course hardware will be the be all and end all; though that doesn't mean you can't take software-level precautions. It's even worse if you have no guards on the user-facing side.


| Adding on, I do agree that Intel (and others) SHOULDN'T have taken shortcuts just to improve performance (since now it becomes a clear technical debt). Especially now that performance is actually taking a hit thanks to the likes of KPTI patches.

Also, I mean 'writeable' in the sense as in a file. You don't simply write microcodes all willy nilly. Automated update of microcode is made through the OS, so it's not the chipset fault itself.


| >>681844
I use windows so why am I laughing


| >>681870
it's a ludum dare compo game. in case anyone is wondering, compo is a part of LD where a coder soloed a game development in 48 hours.

the game page says "This game sometimes crashes rather violently, so you might want to save other work you have open before you play it!" which is a blatant lie lmao. it executes shutdown.exe intentionally as a gimmick.

https://ldjam.com/events/ludum-dare/46/broken-threads


| >>681877
I never disable UAC or Microsoft Security in case you were referring to me (OP)


| >>681921
>not the chipset fault
so if youll exscuse my further derailing for a sec i just wanna be salty about asus mbs

i owned one for ~3y and had this fun moment where i turn on my pc and shocked to see that the bios started an automatic update without even having any kind of drive connected to it(aka no OS)
soo i was like ok sweet came back sloted in the drive and no post oook no problem ill use the backup bios chip(mb had a backup one)
turns out it cloned the update to it


| >>681915
I dunno about architectural flaws. I know that architectural flaws cause zero day attacks and whatnot. But they don't excuse Microsoft from not implementing a proper user permission system no?

I know the reason tho. Windows has always been about backwards compatibility. I heard it kept interfaces from the DOS era to support old programs. Meanwhile Android devs need to update their app every other year or else they stop working.


| >>681931
retailer was a piece of shit(amazn) didnt wanna hear none of it
asus ofcourse takes no responsibility shifts blame on retailer

and thats the story of how i burned money


| >>681933
worst thing is still no clue if planned obsolecence, incompedence or hack
but at least i will try to avoid auto updating mbs in the future


| >>681926
Huh the game looks pretty good. Still an extremely dick move though.


| >>681931
Oh yeah ASUS motherboards are awful like that. I had LITERALLY the same issue, where the backup BIOS was actually corrupted(!) and because some smart guy in ASUS was probably thinking it's a smart idea to duplicate the (corrupted) update image to the backup.

So I was left with a corrupted backup and a corrupted BIOS. That was one evening I can't get back.


| >>681936
>evening I can't get back
lucky i was the fool that actually listened to their support, was sitting there for days like a clown following the instructions some of them being like take out the CMOS then wait a week see if it fixes it


| >>681937
I learnt my mistake to not call support when it comes to these issues. Just rapid Googling and some luck (and a spare cash because you know you're probably going to ready up an Amazon search for motherboards that aren't ASUS).


| ASUS sucks hard when it comes to motherboards. Funny enough their cheap line from AsRock is totally fine. ^^


| All security, performance and stability improvements windows made since the introduction of the NT-Kernel is nothing but thanks to a (bad) re-implementation of features that are well known in the unixoid world (gnu/linux,bsd,darwin,solaris etc.)
I'll predict you, that windows will become more and more unix-alike in the future. It's just logical. The linux subsystem for windows 10 created in cooperation with canonical (ubuntu) is just a foretaste.


| It's a fact that microsofts hegemony in the desktop world is not due to it's quality (e.g. a supposed more user-friendly gui) or whatever many people unfortunately still believe. It's all thanks to aggressive and fraud business strategies. Of course one could appreciate that as an achievement based on hard work too. But it's rather law and lobby work than actual tech work. Like with most big Software and IT-Service providers.

Total number of posts: 28, last modified on: Fri Jan 1 00:00:00 1595526877

This thread is closed.