Tried to download the source code for the recent xz backdoor

https://github.com/tukaani-project/xz/releases/tag/v5.6.1

Windows Defender already includes a (or the) xz backdoor signature:
right after the file was downloaded and saved to my desktop, Defender
sprang into action to keep me from infecting the Windows world [1].

The "severe" threat was identified as "Backdoor:Linux/XZBackdoorBuild.B"

(Defender identified a single archive file inside the .gzip:
xz-5.6.1/tests/files/good-large_compressed.lzma)

With no interference or permission by me, Defender deleted the tar.gz.

I marked this threat as "allowed", but when I tried to download it
again, Defender deleted it again.

I really, really wanted to initiate a global malware meltdown, so I
turned off some portions of Win11 Defender security:

Start
Settings
Privacy & Security
Windows Security
Open Windows Security
Virus & Threat Protection
Virus & Threat Protection Settings - Manage Settings
Real-time Protection
turned off (it comes back on automatically after a while)

Went back to the web page and hurriedly downloaded the source. This
time I was successful.

A little later I turned 'Real-time Protection' back on and did a Quick
Scan and it detected the scary file and let me decide to keep it or not.

You Windows-using cola advocates are doomed...

1. Microsoft MVP Greg Carmack says:
-------------------------------------------------------------------------
Windows will not let you turn off basic built-in protection from
Defender and Firewall, unless another is installed in it's place which
should switch it off.

This is because being able to go unprotected would place the entire
WIndows eco-system at risk of easy infection by serious global malware
infection which can spread like wildfire.

The threat is so great that Microsoft operates 24/7 global security
command centers on all continents which are constantly engaged in battle
with malware spread. Even one device without protection can give these
infections a toehold.
-------------------------------------------------------------------------

On Wed, 17 Apr 2024 19:53:36 -0400, DFS wrote:

> Windows Defender already includes a (or the) xz backdoor signature:
> right after the file was downloaded and saved to my desktop, Defender
> sprang into action to keep me from infecting the Windows world [1].

Wait until it mistakenly identifies something you're fond of and saves you
from it.

On 4/17/2024 9:36 PM, rbowman wrote:
> On Wed, 17 Apr 2024 19:53:36 -0400, DFS wrote:
>
>> Windows Defender already includes a (or the) xz backdoor signature:
>> right after the file was downloaded and saved to my desktop, Defender
>> sprang into action to keep me from infecting the Windows world [1].
>
> Wait until it mistakenly identifies something you're fond of and saves you
> from it.

That happened to you?

DFS <nospam@dfs.com> wrote:
>On 4/17/2024 9:36 PM, rbowman wrote:
>> On Wed, 17 Apr 2024 19:53:36 -0400, DFS wrote:
>>
>>> Windows Defender already includes a (or the) xz backdoor signature:
>>> right after the file was downloaded and saved to my desktop, Defender
>>> sprang into action to keep me from infecting the Windows world [1].
>>
>> Wait until it mistakenly identifies something you're fond of and saves you
>> from it.
>
>That happened to you?

I tend to agree this is a silly, unfair attack on M$, their
vulnerability to viruses is only as much as the incompetence of the
owner, I have no more concern with malware under Winblows than I would
under Linux, although I would use Norton "just in case", but it's
safe.

--
Joel W. Crump

Amendment XIV
Section 1.

[...] No state shall make or enforce any law which shall
abridge the privileges or immunities of citizens of the
United States; nor shall any state deprive any person of
life, liberty, or property, without due process of law;
nor deny to any person within its jurisdiction the equal
protection of the laws.

Dobbs rewrites this, it is invalid precedent. States are
liable for denying needed abortions, e.g. TX.

On Thu, 18 Apr 2024 17:25:31 -0400, DFS wrote:

> On 4/17/2024 9:36 PM, rbowman wrote:
>> On Wed, 17 Apr 2024 19:53:36 -0400, DFS wrote:
>>
>>> Windows Defender already includes a (or the) xz backdoor signature:
>>> right after the file was downloaded and saved to my desktop, Defender
>>> sprang into action to keep me from infecting the Windows world [1].
>>
>> Wait until it mistakenly identifies something you're fond of and saves
>> you from it.
>
>
> That happened to you?

https://learn.microsoft.com/en-us/microsoft-365/security/defender-
endpoint/restore-quarantined-files-microsoft-defender-antivirus?view=o365-
worldwide

No, it never happens which is why M$ has a page on how to claw the files
back.

On Thu, 18 Apr 2024 18:45:36 -0400, Joel wrote:

> ... their vulnerability to viruses is only as much as the incompetence
> of the owner ...

In the earlier days of Linux, there was more malware around for it. E.g
those “Ramen” and “Slapper” thingies. Linux is today more popular than
ever, yet it is also more secure than ever.

Lawrence D'Oliveiro <ldo@nz.invalid> wrote:

>> ... their vulnerability to viruses is only as much as the incompetence
>> of the owner ...
>
>In the earlier days of Linux, there was more malware around for it. E.g
>those “Ramen” and “Slapper” thingies. Linux is today more popular than
>ever, yet it is also more secure than ever.

I have a lot of respect for the early adopters of Linux in the '90s
and beyond.

--
Joel W. Crump

Amendment XIV
Section 1.

[...] No state shall make or enforce any law which shall
abridge the privileges or immunities of citizens of the
United States; nor shall any state deprive any person of
life, liberty, or property, without due process of law;
nor deny to any person within its jurisdiction the equal
protection of the laws.

Dobbs rewrites this, it is invalid precedent. States are
liable for denying needed abortions, e.g. TX.

On Thu, 18 Apr 2024 21:29:00 -0400, Joel wrote:

> I have a lot of respect for the early adopters of Linux in the '90s and
> beyond.

I would UPS you my copy of Red Hat Linux Unleashed but the RH 5.2 CD is
missing unfortunately. You could learn the mysteries of LILO, XF86Config,
CDE, and other wondrous stuff. It was a step up from Slackware on
floppies. Only about a quarter of the 800+ pages are about installing it
and getting it running and building kernels. There are brief overviews of
Apache, DNS, awk, Perl, Python, smtp, ftp, and so forth. By that time
(1998) Linux was getting somewhat polished but it was sort of the hobbyist
endeavor that DFS seems to remember.

Some of the earliest adopters were amateur radio operators:

https://tldp.org/HOWTO/AX25-HOWTO/

A Linux box, a modem, and a 2M transceiver and you were in tall cotton. I
still have a modem although the serial port might take some work, radios,
and maybe the modem to radio cable but 1200 baud packet radio lost its
bloom a long time ago. For that matter 2M voice traffic on the local
repeaters is rare given that everyone has a cellphone.

Le 18-04-2024, Joel <joelcrump@gmail.com> a écrit :
> DFS <nospam@dfs.com> wrote:
>>On 4/17/2024 9:36 PM, rbowman wrote:
>>> On Wed, 17 Apr 2024 19:53:36 -0400, DFS wrote:
>>>
>>>> Windows Defender already includes a (or the) xz backdoor signature:
>>>> right after the file was downloaded and saved to my desktop, Defender
>>>> sprang into action to keep me from infecting the Windows world [1].
>>>
>>> Wait until it mistakenly identifies something you're fond of and saves you
>>> from it.
>>
>>That happened to you?
>
>
> I tend to agree this is a silly, unfair attack on M$, their
> vulnerability to viruses is only as much as the incompetence of the
> owner, I have no more concern with malware under Winblows than I would
> under Linux, although I would use Norton "just in case", but it's
> safe.

Does sasser rings a bell? I knew someone who has been infected when
trying to update his brand new Windows. Fresh install, first internet
connection and sasser for free before being able to update Windows. He
had to install it again and was lucky on his second try.

Have you ever heard about Sony? A few years ago, when you put a perfectly
legally bought music CD in your computer, even if you refused to install
the program you get the rootkit for free.

I know both examples are long gone, but it's not always the user's fault
even if it's often the case.

--
Si vous avez du temps à perdre :
https://scarpet42.gitlab.io

Stéphane CARPENTIER <sc@fiat-linux.fr> wrote:

>Have you ever heard about Sony? A few years ago, when you put a perfectly
>legally bought music CD in your computer, even if you refused to install
>the program you get the rootkit for free.

Mark Russinovich uncovered that.

https://techcommunity.microsoft.com/t5/windows-blog-archive/sony-rootkits-and-digital-rights-management-gone-too-far/ba-p/723442

--
Joel W. Crump

Amendment XIV
Section 1.

[...] No state shall make or enforce any law which shall
abridge the privileges or immunities of citizens of the
United States; nor shall any state deprive any person of
life, liberty, or property, without due process of law;
nor deny to any person within its jurisdiction the equal
protection of the laws.

Dobbs rewrites this, it is invalid precedent. States are
liable for denying needed abortions, e.g. TX.

On Wed, 17 Apr 2024 19:53:36 -0400, DFS <nospam@dfs.com> wrote in
<uvpne0$1s9lr$1@dont-email.me>:

> Tried to download the source code for the recent xz backdoor
>
> https://github.com/tukaani-project/xz/releases/tag/v5.6.1
>
> Windows Defender already includes a (or the) xz backdoor signature:
> right after the file was downloaded and saved to my desktop, Defender
> sprang into action to keep me from infecting the Windows world [1].
>
> The "severe" threat was identified as "Backdoor:Linux/XZBackdoorBuild.B"
>
> (Defender identified a single archive file inside the .gzip:
> xz-5.6.1/tests/files/good-large_compressed.lzma)
>
> With no interference or permission by me, Defender deleted the tar.gz.
>
> I marked this threat as "allowed", but when I tried to download it
> again, Defender deleted it again.
>
> I really, really wanted to initiate a global malware meltdown, so I
> turned off some portions of Win11 Defender security:
>
> Start
> Settings
> Privacy & Security
> Windows Security
> Open Windows Security
> Virus & Threat Protection
> Virus & Threat Protection Settings - Manage Settings
> Real-time Protection turned off (it comes back on automatically
> after a while)
>
>
> Went back to the web page and hurriedly downloaded the source. This
> time I was successful.
>
> A little later I turned 'Real-time Protection' back on and did a Quick
> Scan and it detected the scary file and let me decide to keep it or not.
>
> You Windows-using cola advocates are doomed...
>
>
>
>
> 1. Microsoft MVP Greg Carmack says:
>
-------------------------------------------------------------------------
> Windows will not let you turn off basic built-in protection from
> Defender and Firewall, unless another is installed in it's place which
> should switch it off.
>
> This is because being able to go unprotected would place the entire
> WIndows eco-system at risk of easy infection by serious global malware
> infection which can spread like wildfire.
>
> The threat is so great that Microsoft operates 24/7 global security
> command centers on all continents which are constantly engaged in battle
> with malware spread. Even one device without protection can give these
> infections a toehold.
>
-------------------------------------------------------------------------

The Windows ecosystem must be very, very vulnerable if this is a concern.

Wonder how much of that is due to how Windows Update uses p2p file
sharing?

--
-v