[HN Gopher] Microsoft didn't sandbox Windows Defender, so I did ...
___________________________________________________________________
Microsoft didn't sandbox Windows Defender, so I did (2017)
Author : LorenDB
Score : 40 points
Date : 2024-10-07 18:56 UTC (4 hours ago)
(HTM) web link (blog.trailofbits.com)
(TXT) w3m dump (blog.trailofbits.com)
| Eisenstein wrote:
| Now please tell me how to remove Defender.
| nyanpasu64 wrote:
| I've gotten it to work on Windows 10 by booting into live Linux
| and renaming the Windows Defender folder in Program Files. No
| clue if it would work on 11.
| 0cf8612b2e1e wrote:
| I am surprised that ever worked. I was confident Win10 did
| verification that system files were in place and matched a
| hash or some other integrity mechanism.
| IntelMiner wrote:
| Removing core parts of Windows is not a good idea
| MengerSponge wrote:
| "Erase disk and install Ubuntu"
|
| https://ubuntu.com/tutorials/install-ubuntu-desktop#6-type-o...
| CoastalCoder wrote:
| And then Clippy sneaks up behind you, and whispers menacingly
| in your ear, "It looks like you're installing an operating
| system."
| xeeeeeeeeeeenu wrote:
| You can reliably disable it with Group Policy Editor. At least
| on Win10, not sure about Win11.
| andrewxdiamond wrote:
| I have to ask what motivates that. Defender has been extremely
| unproblematic and pretty good as far as MS software goes, for
| my experience at least.
| tredre3 wrote:
| Defender slows down build times _significantly_.
|
| You can set exclusions of course, but it does get tedious
| because every time you have a new project you need to add
| exclusions for its folder and the toolchain. Then every time
| a toolchain is updated (eg .../gcc/11.5 changes to gcc/11.5.2
| you have to enter the 20 new exe exclusions and of course
| windows won't let you mass delete the old ones so it's
| click->confirm->click->confirm x50).
|
| I might not do it myself but I can see why someone would just
| say "enough is enough".
| felipelemos wrote:
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
| Defender\Exclusions\Paths
| andyayers wrote:
| Or https://learn.microsoft.com/en-us/defender-
| endpoint/microsof...
|
| (DevDrive + Defender's "performance mode")
| gtsteve wrote:
| You can use the powershell command Add-MPPreference
| -ExclusionPath[0] and ship a script with your app if you
| want. I do the same for Terraform providers - whenever a
| new version comes out, for a time the process can be
| randomly killed as I suppose a process that spawns a child
| process that starts talking to lots of endpoints looks
| somewhat suspicious.
|
| [0] https://learn.microsoft.com/en-
| us/powershell/module/defender...
| Eisenstein wrote:
| It adds a non trivial amount of time for each file access.
| maccard wrote:
| I see about a 100x slowdown on some applications[0] and IO
| heavy operations with defender in win11. It's unbelieveable
| how slow it is. I was a huge proponent of it in Win10, but
| I'm finding it hard to do so now.
|
| [0] The software I'm using does a scan over a few hundred
| thousand files to read file headers. Without windows defender
| it takes about 30 seconds, but with defender it takes about
| 300.
| efilife wrote:
| I use a custom windows build with defender removed, you can
| find them on any windows modding site
| dang wrote:
| Discussed at the time:
|
| _Microsoft didn't sandbox Windows Defender, so I did_ -
| https://news.ycombinator.com/item?id=14909759 - Aug 2017 (43
| comments)
| Animats wrote:
| So did Microsoft ever fix this?
|
| Hostile code scanners need to _look_ at a lot, but they don 't
| need permission to write much. If sandboxed that way, attacks
| aimed at the code scanner don't do much.
| seanw444 wrote:
| I just sandbox Windows itself. My only complaint is that I can't
| play some online games.
___________________________________________________________________
(page generated 2024-10-07 23:01 UTC)