[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] Windows Defender ATP
From: |
Mouse |
Subject: |
Re: [Lynx-dev] Windows Defender ATP |
Date: |
Wed, 30 Jan 2019 17:46:03 -0500 (EST) |
>>> I just discovered the new features of Microsoft's "Windows Defender
>>> Advanced Threat Protection".
>> So let me get this straight... You're asking a bunch of opensource
>> geeks to explain a "Feature" of a black box environment that has
>> been purposefully created to "secure" said black box using an
>> unknown and apparently flawed method.
> I made a note that it was a "new feature". I guess "opensource
> geeks" like you do not make flaws :-)
Oh, nonsense; we create as many bugs as anyone else. (The difference,
insofar as there is one, in this respect lies in how they get noticed
and fixed.)
I don't see what its being a new feature has to do with it. Your mail
seemed - at least to me, and apparently to David as well - as asking us
to diagnose and/or fix peculiar behaviour from this "Advanced Threat
Protection", even though it's closed source, is a Windows thing, and is
- apparently - designed to break some things, and your issue seems to
be that it _isn't_ breaking lynx.
If this looked like a bug in lynx, well, then it would be reasonable to
ask the list. But the only question I see you asking was
< What could cause the difference in behaviour?
and those without visibility into what this Defender product does can,
at best, speculate in a vacuum. The right place to look for this kind
of support, it seems to me, is a support venue for Windows Defender
Advanced Threat Protection. (That may involve up-front costs, yes.
That is one of the prices of running under Windows.)
With full packet traces from the lynx, Chrome, curl, and wget fetch
attempts, I might be able to take a few guesses. I might be hireable
for that, but you would doubtless find it cheaper (and probably get
better results) to hire someone who has existing Windows expertise -
that is work I have no interest in doing unless well paid.
>> Alternately, lynx might be used by the NSA for "special" purposes so
>> lynx has an exception to the rules and thus WE 0WN the
>> Virtual-verse!!!
> Seriously, I do *not* have "Lynx" in my User-Agent string.
So what?
> But lynx maybe have other "finger-prints" that NSA would detect?
Are you running the lynx, Chrome, curl, and wget instances you're
talking about on the same Windows machine that has Defender installed?
Then there are _lots_ of other ways it could be recognizing lynx as
lynx. (Even if not, there are probably plenty of various possible
fingerprints, though I'm not competent to do more than speculate on
them.) Not that I think a lynx-specific exception is all that
plausible, mind you.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML address@hidden
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B