[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] Windows Defender ATP
|
From: |
Stefan Caunter |
|
Subject: |
Re: [Lynx-dev] Windows Defender ATP |
|
Date: |
Tue, 29 Jan 2019 23:06:17 -0500 |
It sounded like windows allowed lynx to bypass because of the openssl it was
using at compile time. I have a version from 2014 with 0.9.8 that can negotiate
tls 1.0. If that utility cannot recognize old tls it might behave this way.
Hard to imagine curl or wget using a different library though.
> On Jan 29, 2019, at 21:44, David Niklas <address@hidden> wrote:
>
> On Tue, 29 Jan 2019 16:29:23 +0100
> Gisle Vanem <address@hidden> wrote:
>> I just discovered the new features of Microsoft's
>> "Windows Defender Advanced Threat Protection".
>>
>> Overview of all these features:
>> https://demo.wd.microsoft.com/?ocid=cx-wddocs-testground
>>
>> After enabling the interesting feature, 'Network Protection'
>> by:
>> c:\> powershell Set-MpPreference -EnableNetworkProtection Enabled
>> ref: https://demo.wd.microsoft.com/Page/NP
>>
>> Then trying to fetch the test-page using Chrome, curl an wget, I
>> get a trace like this:
>> c:\> wget https://smartscreentestratings2.net/
>>
>> --2019-01-29 14:54:23-- https://smartscreentestratings2.net/
>> Resolving smartscreentestratings2.net
>> (smartscreentestratings2.net)... 23.99.0.12 Connecting to
>> smartscreentestratings2.net
>> (smartscreentestratings2.net)|23.99.0.12|:443... connected. Unable to
>> establish SSL connection.
>>
>> (and a WinDefender block warning window pops up).
>>
>> But using 'lynx -dump https://smartscreentestratings2.net/', I'm
>> getting a seemingly valid connection and page is rendered as:
>> SmartScreen Test
>>
>> This is a test page for SmartScreen.
>>
>> As if the 'Network Protection' was disabled. But I do get the
>> same WinDefender block warning window in addition to the page
>>
>> What could cause the difference in behaviour?
>> My Lynx used OpenSSL, so does my Wget and curl
>> (with CURL_SSL_BACKEND=openssl)
>>
>> Scratching head now!?
>
> So let me get this straight... You're asking a bunch of opensource geeks
> to explain a "Feature" of a black box environment that has been
> purposefully created to "secure" said black box using an unknown and
> apparently flawed method.
> Would @CEO "fix" Windowz at our behest? (I'm pausing for the laughter at
> the suggestion...)
>
> More seriously, this sounds like a Windowz bug. Without a gdb trace I
> can't tell you where lynx succeeds but curl and wget fail. I'd guess that
> there is a library in there someplace that lynx does not use but the
> others do.
>
> Alternately, lynx might be used by the NSA for "special" purposes so lynx
> has an exception to the rules and thus WE 0WN the Virtual-verse!!!
>
> Trying NOT to be less than useless,
> David
>
> _______________________________________________
> Lynx-dev mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lynx-dev