>View a webpage. You're infected >Receive an email. Don't even have to open it. You're infected. >Simply have a file on your hard drive. You're infected.
This is one of the worst exploits in years and its coming right on the heels of another giant ransomware epidemic.
What sane person still willingly chooses to use Windows in this day and age? Its like being in an abusive relationship with a 300 pound crack whore with AIDS.
Common sense doesn't protect you against shit like this or worms such as WannaCry.
Isaac Nelson
I use Common Sense and I haven't had any malware since I got Internet in '93. Checkmate.
Leo Roberts
Yes it does. WannaCry spread using an exploit that was patched 3 months prior. If you don't update your PC, ESPECIALLY on Windows, you have no common sense at all.
Jonathan Davis
Sir we need to air gap your machine please do it right no
Liam King
You fucking dickless faggots, linux got hacked by pressing a key 19 times. Windows is more secure than your meme OS and has games.
Jayden Nguyen
What if I only block smbus
Samuel Russell
That vuln was in GRUB if I recall correctly, and required physical access to a machine.
Elijah Campbell
Says it's already patched, FUD spreader.
Zachary Brown
I keep all my important files in literal files. You're a fucking pleb if you don't
Mason Smith
Enjoy having a slow as shit PC user.
Justin White
You think I was serious to keep my files in a LGBT activist, liberal terrorist organization named Google? Of course not.
Josiah Gonzalez
hotfixes can be dropped whenever they're ready to be released.
Adam Harris
Holy shit that's bad. Glad I don't use Windows.
Owen Perez
I really don't understand why some people still use Windows in fucking 2017, it's like the last two decades of shitty winblows releases was not enough for them...
because most business software is coded for it and many server apps are better on it too. It can do more, generally speaking than UNIX can. Until that changes, we are its bitch corporately.
Aaron Hall
and theres a fuck tonne of UNIX exploits too. As many if not more security bulletins per year. Viruses or trojans on UNIX suck balls because most have source code and compilers so easy to hide and use remotely too. It's really no different but 90% of the world uses Windows so there's far more effort put into exploits here and they are far more public.
Jeremiah Thomas
tfw he's making le ebin joke but nobody laughs cus actual proprietards are already a karikature of themselfs
Eli Green
it's funny to see how much effort you have to do to fuck up your computer with malware, seeing some "windows destruction" videos really made me think about how people are unprepared to use computer as they do shit like that unironically
Aaron Lopez
I mean a good hunk of servers run somehing UNIX-ish so I'd argue that there's just as much malicious incentive in finding linux exploits as there is in windows exploits if people really want to rustle some jimmies.
Luis Carter
I tried to play around with malware in a virtual machine running Windows but it was too much work getting infected so I just returned to shitposting on Sup Forums
Brody Butler
>Microsoft, the company that literally works side by side with the National Semite Agency to make your computer as vulnerable and ripe for spying as possible, said they """patched""" (LMAO) the (((vulnerability))) they put there in the first place >goyim ACTUALLY believe this
You faggots are as naive as newborn kittens.
Adrian Watson
Does this include endpoint protection
Josiah Moore
They do, over half of web servers are running UNIX but probably UNIX admins are smarter because they actually have to understand wtf is going on.
Joshua Morris
>This Windows Defender bug was so gaping its PoC exploit had to be encrypted >PoC exploit that's racist
Brody Peterson
WINKUCKS BTFO MICROSOFT FINISHED AND BANKRUPT
Connor Peterson
LINUXFAGS ON SUICIDE WATCH
Matthew Hernandez
Good thing I'm on ZorinOS
Ryan Collins
Good thing I have Windows Defender turned off.
...For AVG
Cameron Lewis
>because most business software is coded for it What is a virtual machine? What are cross platform languages and frameworks?
>and many server apps are better on it too. LOL no.
>and theres a fuck tonne of UNIX exploits too. No, there's not. I want to slap every person who ever makes this excuse for Microshit. The library of malware for Windows is easily three orders of magnitude larger than for UNIX, Linux, or macOS. Windows is in the news every couple weeks with a new monster exploit and global attack. Windows is shit.
And it's not just the quantity of exploits, but the nature of them that's different. Both the Italian hacker company leaks and the NSA leaks confirm that while every OS has a history of bugs and exploits, *nix systems are far more difficult to compromise. A typical tool to compromise a Mac or an iPhone, for example, required PHYSICAL ACCESS to the machine, and would only work on specific models. Windows? Just get someone to receive...not read...receive an email. I've lost track of the Windows exploits I've personally seen in my life where any script kiddie could do a drive by attack on a corporate network and succeed. The first big one I remember was the JPEG bug in the early 2000's that would let you take control of a machine if the end user looked at a web page or received an email. 2017 and we have YET ANOTHER bug of this nature.
Fuck Microshit. They were always a trash software company. But in recent years they have grown even worse.
John Morales
Of course they'd wait for it to be patched before reporting on it. Thats just responsible disclosure. The point is that Windows is so shit and Microsoft is so incompetent that this exploit has been there for years and they needed a third party researcher from Google to find it.
The best part? He needed to write a tool to load the system in WINE so he can use Linux's fuzzing tools since Windows is so shit
>Distributed, scalable fuzzing on Windows can be challenging and inefficient. This is especially true for endpoint security products, which use complex interconnected components that span across kernel and user space. This often requires spinning up an entire virtualized Windows environment to fuzz them or collect coverage data.
>This is less of a problem on Linux, and I've found that porting components of Windows Antivirus products to Linux is often possible. This allows me to run the code I’m testing in minimal containers with very little overhead, and easily scale up testing.
>This is just personal opinion, but I also think Linux has better tools. ¯\_(ツ)_/¯
William Turner
Does it make you angry knowing that no matter how many threads you make, Linux will never, ever be relevant on desktop?
Jack Morris
Good thing my PC came pre-installed with McAffee.
Parker Watson
Yes
>MsMpEng is the Malware Protection service that is enabled by default on Windows 8, 8.1, 10, Windows Server 2016, and so on. Additionally, Microsoft Security Essentials, System Centre Endpoint Protection and various other Microsoft security products share the same core engine.
>The core component of MsMpEng responsible for scanning and analysis is called mpengine. Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers, full system emulators for various architectures and interpreters for various languages. All of this code is accessible to remote attackers.
Already patched m8 But good try unemployed loonixfag
Ryan Lewis
Yeah you should ignore the systemd 0day that dropped today which allowed rce from dns queries
Colton King
yes it does
>don't have ports forwarded that you don't need forwarded >guest connections to network on different vlan and ACLed
Benjamin Allen
Also, try not to receive any emails or view web pages with images.
Asher Young
>herp every machine is a dns server >derp my one example trumps the 10,000 examples on windows
Robert Rodriguez
It wasnt a dns service champ go read it again retard Let's talk about heartbleed though How about dirty cow How about imagetragick How about the af_packet rce Wanna keep going?
Ryan White
>and theres a fuck tonne of UNIX exploits too. GNU is not UNIX.
Jaxon Torres
Windows defender isn't ntoskrnl
Bentley Jenkins
How many of those "exploits" ever effected a single Linux machine? Find some examples and see if the numbers come anywhere near the total of even just Petya. My point is, most, if not all of the Linux exploits require such outlandish circumstances to execute them, they're almost laughable.
Oliver Mitchell
>No, there's not Yes there is, you don't pay attention obviously. I want to slap all you linux shills for telling people to run this shit. If it was super awesome, we'd be using it corporately.
Jeremiah Morgan
IT zeguridad
Jayden Sanders
>Yes there is, you don't pay attention obviously. I do pay attention and you're full of shit.
>I want to slap all you linux shills for telling people to run this shit. If it was super awesome, we'd be using it corporately. I hate to tell you this, but corporations generally make stupid decisions.
Ryan King
i need my games and my cpu is too shit for gpu passthrough, i'll suffer with windows until linux gets more games or i upgrade my cpu
Ryan Cooper
>Yes there is I'll give you this much, they exist, but as stated above, good luck ever executing one of them. Most of them are POC tier shit and MOST get patched immediately. That's more than I can say for WannaCry, which had it's ass hanging in the breeze for months before Microsoft issued a patch.They were notified in January, and for some odd reason the patch for XP had a publish date of February and a release date of when? Oh! May? Hmmmm...really percolates those peanuts.
Kayden Reyes
Because some people need to work unemployed loonix weaboo
Good thing I deleted that crappy antivirus with my Linux partition
Zachary Richardson
Like said. Is already fixed.
Benjamin Powell
>patch for XP
Caleb Wood
how do i fix my windblsw so i dont get infect guys
Noah Wilson
>some people >90% of marketshare
Oliver Wilson
A lot of them? Imagetragick was used to pop hundreds of prod boxes
Robert Reed
Yes, they released one.
Chase Adams
You have to draw the fucking line somewhere.
Tyler Turner
But a single loonix machine is like 2% of the userbase
Tyler Wood
Its good thing i use FreeBSD
Easton Jackson
They realized there are too many retards still running XP to just let nature run it's course. Servers, dingus, servers.
Brandon Ward
Stack Clash. There isn't a Unix that isn't immune to it.
Mason Hall
>Servers, dingus, servers. these exploits don't affect servers
Thomas Butler
>isn't is
Josiah Jones
"While this is not as egregious as some celebrity vulnerabilities have been in the past, [the ImageTragick researchers] do mention that they branded this in a way designed to get attention and boost their low numbers of blog views," said John Bambenek, manager of threat systems for Fidelis Cybersecurity in Waltham, Mass. "If you are measuring the success of your vulnerability research by Web traffic, you're focused on the wrong things." Bogus.
Jaxson Ross
t. assblasted microcuck
Jaxon Gray
no and no
Carter Williams
Jokes on them I never open anything via email
Carson Butler
>arstechnica >crappy click bait >exploit already fixed get fukt op oh and MITIGATED
Jason Hall
pointing at you while I laugh
Linux has had way worse exploits lately, guess you're not informed
Benjamin Anderson
i almost never check my email, and infact last i sent an email was like 2011.
Jack Morris
>Windows Defender allows attackers to infect your computer just by viewing a file
Pretty sure that was an older exploit.
Camden Lee
I miss the simple days of port 195 shenanigans and +++ATH0
Sebastian Thompson
Okay? That doesn't prove anything champ Nothing different from you screaming about a patched vuln
Eli Ramirez
>Norton Now that's a name I've not heard in years.
Xavier Moore
These are all just software exploits. Not part of Linux buddy.
Tyler Evans
B-but what about all those posters on Sup Forums that say CommonSense201X and Windows Defender all are you need?!
David Cooper
So you have to be running defender to be exploited?
Carter Rivera
Neither is anything other than code in ntoskrnl by those standards
Matthew Powell
old news
Gabriel Butler
Or MSE, Endpoint Protection, or any one of 'various Microsoft security products' that use the same engine. These are all active by default on a fresh install. I don't know if you can even disable it fully, and who knows how long this was out in the wild before being discovered and patched. If you're running Windows, just accept that your machine is probably part of a botnet
John Collins
Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine.