Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Saying "Client information is sacred" and stealing executables off all windows machines with the automatic sample submission on by default does not go well together.


That's normal and even kaspersky does it...but you can easily deactivate it, so your proprietary exe is not published ;)

PS: And that function makes sense for "the public" don't you think?


>even kaspersky does it

Thats an awfully low standard to set don't you think?

I don't think it makes sense for the public. Stealing files from unsuspecting users without as much as a popup saying "hey, we just snatched this file without you knowing this is even a possibility" is just sad.

EDIT: i just realized you are being ironic


How is it stealing? Do you lose your copy?


Sure wish I could go back and edit these comments to replace steal with "dubiously authorized copying"

Im saying dubiously authorized because I bet no more than 5 out of a 100 windows users are aware this is even happening...


While it has been normalized, the ops point is correct that the lip service to client data being sacred, does not match the actions of uploading clients data!


That's whataboutism. I absolutely do not want Microsoft grabbing stuff from my PC without asking me, it's so insidious. And then they put the switches to turn these off behind so many loops and registry flags that's it's a nightmare to turn this crap off.


And, if you turn off automatic sample submission, the Windows Defender icon in the task tray displays a scary exclamation mark, warning you that you might not be secure.


Saying "client information is sacred" and there being proof of backdoors for the NSA in multiple versions of your OS:

https://en.wikipedia.org/wiki/NSAKEY


That incident did not provide proof. A text string is not a program. Given that over the last 20 years no one has shown that there is any code for the fantasy backdoor is near proof there isn't. Reversing the binaries and demonstrating such a backdoor would make one famous.

So no, this is not proof. At this point the lack of proof is near proof no backdoor existed.


"Reversing the binaries and demonstrating such a backdoor would make one famous."

At the risk of sounding tin hatty, not true. (In)Famy doesn't equal success or money, anyone attempting to post state secrets without the help of another state is probably not hard to intercept and buy off...

Anyways, there doesn't need to be proof - a (forced) system update straight from the source (Microsoft), targeted to your machine, is all it takes to make all security redundant, and there are enough publicly known phone home systems in Windows that we don't really need to prove they don't already dragnet.

I'll grant you, subverting corporate sec is a bit harder, but usually boils down to a bit of carfully targeted infil, put the right exceptions in the right corporate solutions, and corp security is also nill.


Hasn't this been debunked multiple times, or at least never been proved to be a backdoor? I mean I don't doubt there are backdoors or exploits used by the NSA in most mainstream OS, but I don't think this is a good example of that




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: