Windows Defender : What do you mean?
-
CodeWraith wrote:
We pile some stuff on lots of older stuff
I know, but maybe the new layer of crap on top could have better error messages, right? :-D
No time for that. We constantly are so busy reinventing the wheel (sometimes even in several ways at the same time) that nothing ever matures to that level.
I have lived with several Zen masters - all of them were cats. His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
-
It is the _normal_ java update process. That's my point though, it acts very suspiciously and there is no obvious way to differentiate between nefarious behavior and something updating something you need on your computer.
raddevus wrote:
It is the _normal_ java update process.
So his point stands, it is a turd. :-)
raddevus wrote:
That's my point though, it acts very suspiciously and there is no obvious way to differentiate between nefarious behavior and something updating something you need on your computer.
Gotta agree. I find it rather disconcerting that javaw.exe itself, and not a separate, dedicated update process, is the one looking for updates. Well, assuming this is what's taking place. And if that's the case, then since javaw.exe itself is doing an update check, then you'd think it has the permissions already to poke a hole in the firewall to do that and keep the firewall quiet since, as you're pointing out, the message is none too obvious for mere mortals. Besides - what if you're ok with granting the update process permission to go out to the internet, but would still rather block the runtime from doing so? This *really* needs to be separated out. Gawd...I did not need to be reminded of why I don't allow Java to get anywhere near any of my machines. Ever. X|
-
My machine (i7, 8GB Ram, SSD) began running slow a few minutes ago. I could hear the CPU fan running faster. something was going on, but I couldn't tell what. Checked running processes, nothing really eating up processor. Finally, after about 5 minutes this popped up: https://i.stack.imgur.com/SCjNR.png^ X| Okay, so the Java Platform SE binary wants access through the firewall,right? It's probably an update. How would any non-tech user ever understand what to do in this case? I barely know what this means and it all feels like nefarious activity. These kind of error messages have to go away. All these advances in technology and yet we have error messages like this which require research to even understand how to deal with them. All that work MS is doing on updates and stuff and they can't put one competent person in charge of error messages and making them understandable to users? Gaping hole! X| Public v Private Networks Also, look at that closely and you'll see that it looks like the thing already has access to public networks but now it wants access to private networks also, which seems very backwards and that whole explanation is confusing anyways. I'm sure few non-tech users even understand it. Possible Solution Instead of just ranting I'll offer a solution 1. Microsoft could hash the javaw.exe and whatever else is running 2. Let the user know that, yes, the exe is actually a confirmed version of the thing but we cannot guarantee it or what it does is safe, but it is likely safe. 3. Provide an interface for software which will be updating to provide a message or some kind of fingerprint that gives the user a higher level of confidence of what is going on. It could be done.
-
I hammered "Defender" shut on my Win10. More hassle than good.
GCS d-- s-/++ a- C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
-
raddevus wrote:
It is the _normal_ java update process.
So his point stands, it is a turd. :-)
raddevus wrote:
That's my point though, it acts very suspiciously and there is no obvious way to differentiate between nefarious behavior and something updating something you need on your computer.
Gotta agree. I find it rather disconcerting that javaw.exe itself, and not a separate, dedicated update process, is the one looking for updates. Well, assuming this is what's taking place. And if that's the case, then since javaw.exe itself is doing an update check, then you'd think it has the permissions already to poke a hole in the firewall to do that and keep the firewall quiet since, as you're pointing out, the message is none too obvious for mere mortals. Besides - what if you're ok with granting the update process permission to go out to the internet, but would still rather block the runtime from doing so? This *really* needs to be separated out. Gawd...I did not need to be reminded of why I don't allow Java to get anywhere near any of my machines. Ever. X|
The firewall doesn't (generally) prevent a program from going out onto the net and downloading a file. Defender is telling you that javaw.exe is wanting to open a port to listen on, and it wants to allow access to that port from your private network. Assuming it's legit, this does look nefarious, but more likely is that the last update (which it silently pulled through your firewall) included some peer-to-peer update mechanism, and they want other machines on your private network to contact some updater (probably implemented in Java) on this machine and pass the update along. They may even be trying to deliver their update pro-actively to machines inside your firewall that you're preventing from accessing the outside world. As for spinning up the CPU fan? Could just be the code is in a busy wait retry loop of some sort because opening the listening port keeps failing on it (wouldn't be the first time "nefarious" SW was detected due to that failure mode).
I live in Oregon, and I'm an engineer.
-
No time for that. We constantly are so busy reinventing the wheel (sometimes even in several ways at the same time) that nothing ever matures to that level.
I have lived with several Zen masters - all of them were cats. His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
-
My machine (i7, 8GB Ram, SSD) began running slow a few minutes ago. I could hear the CPU fan running faster. something was going on, but I couldn't tell what. Checked running processes, nothing really eating up processor. Finally, after about 5 minutes this popped up: https://i.stack.imgur.com/SCjNR.png^ X| Okay, so the Java Platform SE binary wants access through the firewall,right? It's probably an update. How would any non-tech user ever understand what to do in this case? I barely know what this means and it all feels like nefarious activity. These kind of error messages have to go away. All these advances in technology and yet we have error messages like this which require research to even understand how to deal with them. All that work MS is doing on updates and stuff and they can't put one competent person in charge of error messages and making them understandable to users? Gaping hole! X| Public v Private Networks Also, look at that closely and you'll see that it looks like the thing already has access to public networks but now it wants access to private networks also, which seems very backwards and that whole explanation is confusing anyways. I'm sure few non-tech users even understand it. Possible Solution Instead of just ranting I'll offer a solution 1. Microsoft could hash the javaw.exe and whatever else is running 2. Let the user know that, yes, the exe is actually a confirmed version of the thing but we cannot guarantee it or what it does is safe, but it is likely safe. 3. Provide an interface for software which will be updating to provide a message or some kind of fingerprint that gives the user a higher level of confidence of what is going on. It could be done.
My signature seyz it all...
The best way to improve Windows is run it on a Mac. The best way to bring a Mac to its knees is to run Windows on it. ~ my brother Jeff
-
Despite all its faults, it's probably still the least intrusive AV out there (which still isn't saying much). What alternative are you recommending (other than none at all...or "common sense")?
I'm using Avast at home and I'm satisfied, it's like it doesn't exist yet it detected a couple of threats. Honestly I'm not having malware/virus/whatever problems since more than 10 years. I still keep an AV installed for the same reason I always drive with seatbelts on, but as of now Avast is the best free AV I've found. Not free I loved Sophos - in facts I'm always tempted of buying a license. It's lightweight, powerful and never gave me any problem.
GCS d-- s-/++ a- C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
-
I'm using Avast at home and I'm satisfied, it's like it doesn't exist yet it detected a couple of threats. Honestly I'm not having malware/virus/whatever problems since more than 10 years. I still keep an AV installed for the same reason I always drive with seatbelts on, but as of now Avast is the best free AV I've found. Not free I loved Sophos - in facts I'm always tempted of buying a license. It's lightweight, powerful and never gave me any problem.
GCS d-- s-/++ a- C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
Free edition[^] If you're feeling a little more adventurous, you can run UTM (Unified Threat Manager) licensed in a home setting with negligible restrictions - it's quite the beast, but does give some useful features...You do need a dedicated machine / VM / coupe of network cards, but I'm running it (actually in consort with pFSense / Unifi USG and Snort) both on my main net and in my virtual Pen testing lab and quite impressed with it Sophos mobile security is also free for android and ios - I cna recommend the android version
C# has already designed away most of the tedium of C++.
-
I'm using Avast at home and I'm satisfied, it's like it doesn't exist yet it detected a couple of threats. Honestly I'm not having malware/virus/whatever problems since more than 10 years. I still keep an AV installed for the same reason I always drive with seatbelts on, but as of now Avast is the best free AV I've found. Not free I loved Sophos - in facts I'm always tempted of buying a license. It's lightweight, powerful and never gave me any problem.
GCS d-- s-/++ a- C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
Hmmmm...well, Avast isn't without its own [faults](https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilities-in-Avast-Antivirus/) (granted, neither is Defender), but if I want something that I can just leave to do its own thing, and I can choose between a third-party and those who know the OS best...I'd rather choose the OS maker. Which also means I don't have to worry about the AV getting broken (or worse, [hosing](https://wccftech.com/avast-fix-windows-10-april-2018-update/) the whole OS) when an OS patch comes along.
