Google Calls Out Microsoft on Windows 10 S Flaw

Google’s security disclosure policy has infuriated Microsoft several times in the past few years. But its latest disclosure comes with a twist: The highlighted vulnerability impacts Windows 10 S, which the software giant promotes for its “Microsoft-verified security” prowess.

Oops.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

According to the Google disclosure, Windows 10 S suffers from a medium-severity security vulnerability related to its Device Guard functionality. So that’s the good news: It can’t be easily exploited.

“The issue … serves as a way of getting persistent code execution on such a machine,” Google notes. “It’s not an issue which can be exploited remotely, nor is it a privilege escalation. An attacker would have to already have code running on the machine to install the registry entries necessary to exploit this issue, although this could be through [remote code execution] such as a vulnerability in Edge. There’s at least two know [Device Guard] bypasses in the .NET framework that are not fixed, and are still usable even on Windows 10 S … so this issue isn’t as serious as it might have been if all known avenues for bypass were fixed.”

Um. Sure.

Google says it alerted Microsoft about this issue back in February and gave the software giant its standard 90 days to fix it. When that deadline passed with last week’s Patch Tuesday, it disclosed the vulnerability, as is its standard—and controversial—policy.

That it impacts Windows 10 S is, of course, interesting. But Windows 10 S—now called S mode—isn’t actually invulnerable from electronic attack, it’s just somewhat more secure than Windows 10 running in its normal operating mode. In using Windows 10 S extensively, I’ve actually run into a malware issue, too. Which is something that’s never happened to me while not in S mode. So… it’s not clear how this thing is really more secure.

Here’s the malware I encountered in Windows 10 S.

More to the point, this issue speaks to my ongoing discussion about how hard it is to take a big and complex legacy code base like Windows and simplify it to work in a more streamlined fashion. Despite years of componentization efforts, Windows is still a hairball. And it very likely can never be effectively secured. Just patched as problems come up.

 

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 60 comments

  • RM

    20 April, 2018 - 9:05 am

    <p>Any OS is only as secure as it's weakest known vulnerability. S Mode is basically a way to reduce the surface area of attack. So, S Mode is still vulnerable, is just has less ways to be attacked.</p><p><br></p><p>Just wait until a quantum computer running an AI designed to locate vulnerabilities to created . . .</p>

    • jimchamplin

      Premium Member
      20 April, 2018 - 12:11 pm

      <blockquote><a href="#264554"><em>In reply to RM:</em></a></blockquote><p>And then see how quick it gets owned by “teh 1337 h4x0rz?” They’ll have it quoting Hitler within the first week.</p>

    • Jack Smith

      20 April, 2018 - 3:55 pm

      <blockquote><a href="#264554"><em>In reply to RM:</em></a></blockquote><p>Depends. ChromeOS is super secure and now supports GNU/Linux out of the box starting with ChromeOS 67. But is still super secure.</p><p><br></p><p>Reason is they run in a container on a VM.</p><p><br></p><p>Then also get Android. You have to architect for security like Google did up front.</p>

  • dontbe evil

    20 April, 2018 - 9:07 am

    <p>as a MS products user, I'm glad that google focus on MS security instead of their own</p>

    • davidblouin

      20 April, 2018 - 10:49 am

      <blockquote><a href="#264555"><em>In reply to dontbe_evil:</em></a></blockquote><p>Your glad they are giving hints to the hackers out there on how to exploit your product ?</p>

      • dontbe evil

        26 April, 2018 - 11:36 pm

        <blockquote><a href="#264588"><em>In reply to davidblouin:</em></a></blockquote><p>I'm not but it's scroogle style… I'm talking only about the good side</p>

    • VancouverNinja

      Premium Member
      20 April, 2018 - 11:29 am

      <blockquote><a href="#264555"><em>In reply to dontbe_evil:</em></a></blockquote><p>Its okay, but the classsy way to do it is simply let MS handle it quietly. Google is out to try and hurt Windows – it's simply dirty business.</p>

      • NT6.1

        21 April, 2018 - 2:49 pm

        <blockquote><a href="#264619"><em>In reply to VancouverNinja:</em></a></blockquote><p><br></p><p>Are you saying it's ok for a multi billion dollar company not fix the&nbsp;security vulnerability of their product in 90 days? It shouldn't matter anyway: no one uses Windows 10 S.</p>

        • dontbe evil

          26 April, 2018 - 11:38 pm

          <blockquote><a href="#264893"><em>In reply to NT6.1:</em></a></blockquote><p>Are you talking bout google products?</p>

      • dontbe evil

        26 April, 2018 - 11:37 pm

        <blockquote><a href="#264619"><em>In reply to VancouverNinja:</em></a></blockquote><p><br></p><p>Totally agree, is the scroogle style</p>

    • Jack Smith

      20 April, 2018 - 3:53 pm

      <blockquote><a href="#264555"><em>In reply to dontbe_evil:</em></a></blockquote><p>ChromeOS is already super secure. So Google did the focus up front instead of on the back end like MS.</p>

      • dontbe evil

        26 April, 2018 - 11:38 pm

        <blockquote><a href="#264734"><em>In reply to Jack_Smith:</em></a></blockquote><p>Nope… Just search for it</p>

  • Lauren Glenn

    20 April, 2018 - 9:18 am

    <p>Well, that and the fact that unlike anything by Android, I know that if I get a PC that I'll have security updates without having to wait for the manufacturer or provider to get it and it will be supported probably for about 10 years in most cases. I'm still waiting for my Oreo update for LG V30+ from TMobile. Any day now… :/</p>

    • meek_teef

      20 April, 2018 - 9:28 am

      <blockquote><a href="#264557"><em>In reply to alissa914:</em></a></blockquote><p>If you cared about security updates on Android, you'd have got a Pixel phone from Google. You played a part in your security laspe. </p>

      • StevenLayton

        20 April, 2018 - 9:45 am

        <blockquote><a href="#264560"><em>In reply to meek_teef:</em></a></blockquote><blockquote><em>Security on Android is normally linked to the phone you can afford. Can afford a Pixel? Yeah, you're good. Can only afford an (insert cheaper Android phone here), then you're probably out of luck.</em></blockquote><p><br></p>

        • Nicholas Kathrein

          20 April, 2018 - 10:19 am

          <blockquote><a href="#264567"><em>In reply to StevenLayton:</em></a></blockquote><p>Not true. There are mid range phones that get security updates. In fact if that is important the Blackberry phones are your best route. They have a great record of getting monthly updates. Also the OG Pixel was on sale for 400 to 500 something.</p>

      • wright_is

        Premium Member
        20 April, 2018 - 10:10 am

        <blockquote><a href="#264560"><em>In reply to meek_teef:</em></a></blockquote><p>Google played their part, by punting the price of Pixel's into the stratosphere… If the Pixels had been priced at around the same level as my old Nexus 5X, when I replaced it, I would have bought one, instead of going to Huawei. I just couldn't justify the 50% price hike.</p>

        • Jack Smith

          20 April, 2018 - 3:53 pm

          <blockquote><a href="#264574"><em>In reply to wright_is:</em></a></blockquote><p>Best camera you can get is going to cost you. Also secure, updates and as smooth as an iPhone. Well worth it.</p>

    • Daekar

      20 April, 2018 - 9:36 am

      <blockquote><a href="#264557"><em>In reply to alissa914:</em></a></blockquote><p>This is one thing that is keeping me from trying to cobble together an Android laptop. In many cases, it would be unsupported and completely obsolete in 2-3 years… I built my desktop ages ago and it still gets the same Win10 updates as new machines, and I have a utility machine (mostly used for Spinrite) that I could pull up tomorrow and install Win10 or some flavor of Linux and be 100% current for a good long time.</p><p><br></p><p>In some ways, Windows and Linux to me represent ways to fight back against the disposable, consumerist paradigm and planned obsolescence that comes along with these newer platforms. </p><p><br></p><p>I'm sure MS will fix the vulnerability that Google found. I don't care for playing hardball when it's not necessary, but you can't deny that Google's research into vulnerabilities of other companies' products is effective.</p>

      • Jack Smith

        20 April, 2018 - 3:52 pm

        <blockquote><a href="#264564"><em>In reply to Daekar:</em></a></blockquote><p>Just get a Chromebook and you have Android and constant updates. Problem solved.</p><p><br></p><p>On top you now get gnu/Linux out of the box with ChromeOS 67 but secure.</p>

    • Jack Smith

      20 April, 2018 - 3:50 pm

      <blockquote><a href="#264557"><em>In reply to alissa914:</em></a><em>Get a Pixel as you get security updates every month.</em></blockquote><p><br></p>

    • Waethorn

      21 April, 2018 - 7:49 pm

      <blockquote><a href="#264557"><em>In reply to alissa914:</em></a></blockquote><p>Don't expect one. The V20 only got 6 months of updates and is still stuck on the shipped Android 7.0.</p>

  • dcdevito

    20 April, 2018 - 9:47 am

    <p>I applaud Google's testicular fortitude in attacking security vulnerabilities, but one day they will get theirs, and it's going to be great. </p>

    • VancouverNinja

      Premium Member
      20 April, 2018 - 11:24 am

      <blockquote><a href="#264576"><em>In reply to Nicholas_Kathrein:</em></a></blockquote><p>Google should worry about their own stuff. This is simply trying to sour people on a threat to their dreams….cause that's all they got is dreams for PC devices right now and they are being slaughtered.</p>

  • Angusmatheson

    20 April, 2018 - 10:03 am

    <p>It may be that it is because I read this site regularly and not Mac and Linux fan sites, but I haven’t heard about google doing this with Mac OS, iOS, or Linux (I’m sure google wouldn’t do it for Android even if there was a security problem). If it is true they don’t happen I wonder if 1) fewer security problems or 2) the security problems are patched before google’s 90 day window or 3) google doesn’t care about shaming Mac OS or Linux so isn’t going out of their way to shame them. It is easy to spend a lifetime bemoaning the path not taken. But Microsoft had modern mobile OS in windows phone 7 that could have evolved from a more solid core.</p>

    • plettza

      20 April, 2018 - 7:00 pm

      <blockquote><a href="#264570"><em>In reply to Angusmatheson:</em></a></blockquote><p><br></p><p><br></p><p>That's right. It's easy for Google to sit back and spam the Microsoft security email address with spurious security flaws that may affect so few users, or have such a minor impact that it's not a priority for Microsoft when there are bigger fish to fry. Google are effectively blackmailing Microsoft into fixing security flaws, I guess in the hope that it wastes Microsoft's resources that could be spent on other fixes. That is the only conclusion I can draw if Google don't do the same for Linux and Mac OS.</p><p><br></p><p>And before the trolls says Microsoft should be fixing every flaw, I agree but what takes priority? An issue that has a moderate impact but only affects a small percentage of users of otherwise? I guess there'd be some sort of risk matrix for Microsoft to work against.</p><p><br></p><p><br></p>

  • wright_is

    Premium Member
    20 April, 2018 - 10:07 am

    <p>A phishing email or website is something that can affect any Internet connected device… It doesn't matter whether it is Windows 10 in S more or not.</p><p>The question is, had it got further than being detected by the Windows Defender as the document was cached locally or had you already saved it and were opening it locally?</p><p>Looking at the message, I would assume that it was an email that got past your spam filter or you got a phishing link served in the web browser. That is a lot different to the device actually being infected, which, again based on the type of threat displayed, seems less likely.</p><p>The important bit is, that the AV software flagged it up, before it could get a foothold on the machine. In fact, I had a very similar message crop up on my Linux box at work at around that time (AV software running on the mail gateway, I received a message that the mail server had quarantined the email on its arrival on the server).</p><p>If it was a phishing mail/site, then it would have also been "available" on Linux, OS X, Android or iOS. Although it could probably only affect one or a small subset of those devices…</p>

  • wright_is

    Premium Member
    20 April, 2018 - 10:12 am

    <p> The story, or rather the post from Google, sounds misleading as well, this sounds like it is a problem in .Net framework, which affects all versions of Windows, from S through Server.</p><p>P.S. installed a new Windows 10 Enterprise machine today, it was lovely not to have to delete the Candy Minecraft Wars thingies.</p>

  • MrYves707

    20 April, 2018 - 10:38 am

    <p>Windows 10 S unusable? Seriously, Paul?!</p><p>And what OS doesn't have security flaws?!</p><p>Maybe you should stop blogging about Windows if you don't know how to use it and think it's too risky to use…</p>

    • Jack Smith

      20 April, 2018 - 3:50 pm

      <blockquote><a href="#264582"><em>In reply to MrYves707:</em></a></blockquote><p>ChromeOS. </p>

      • Falex

        20 April, 2018 - 4:40 pm

        <blockquote><a href="#264729"><em>In reply to Jack_Smith:</em></a></blockquote><p>Wrong blog site.</p>

  • davidblouin

    20 April, 2018 - 10:48 am

    <p>Here they go again…*</p><p><br></p><p>*Thanks to those a*h*l* and their spectre/meltdown "discovery" my pc is slower than whatever is the slowest thing on earth now.<img src=""></p>

  • VancouverNinja

    Premium Member
    20 April, 2018 - 11:17 am

    <p>Google ls feeling the heat. They are clearly on the defensive here; sour grapes all the way. Funny considering their Chromebooks are a no show for market share.</p>

  • arunphilip

    20 April, 2018 - 11:21 am

    <p><em style="color: rgb(0, 0, 0); background-color: transparent;">Google says it alerted Microsoft about this issue back in February and gave the software giant its standard 90 days to fix it. When that deadline passed with last week’s Patch Tuesday, it disclosed the vulnerability,</em></p><p><br></p><p>Following the link says: <span style="color: rgb(0, 0, 0); background-color: transparent;">2018-01-19: Reported issue to </span><span style="color: rgb(0, 0, 204); background-color: transparent;">[email protected]</span><span style="color: rgb(0, 0, 0); background-color: transparent;"> and received MSRC case number 43182 </span></p><p><span style="color: rgb(0, 0, 0); background-color: transparent;">So it was reported to Microsoft on 19 Jan, and not Feb. </span></p><p><br></p><p><span style="color: rgb(0, 0, 0); background-color: transparent;">Also, an excerpt of the timeline from the link is interesting with respect to its RS4 references: </span></p><p><br></p><p><span style="color: rgb(0, 0, 0); background-color: transparent;">-&gt; 2018-01-19: Reported issue to </span><span style="color: rgb(0, 0, 204); background-color: transparent;">[email protected]</span><span style="color: rgb(0, 0, 0); background-color: transparent;"> and received MSRC case number 43182</span></p><p><span style="color: rgb(0, 0, 0);">&lt;- 2018-02-10: MSRC indicates that the issue has been reproduced and will determine if it's to be fixed.</span></p><p><span style="color: rgb(0, 0, 0);">&lt;- 2018-02-12: MSRC indicates that due to unforeseen code relationship this will not be fixed in April PT</span></p><p><span style="color: rgb(0, 0, 0);">&lt;- 2018-04-02: MSRC requests the 14 day extension.</span></p><p><span style="color: rgb(0, 0, 0);">-&gt; 2018-04-02: Informed MSRC that as the issue will not be fixed with 90+14 days then the grace extension does not apply.</span></p><p><span style="color: rgb(0, 0, 0);">&lt;- 2018-04-05: MSRC again requests withholding of disclosure until 2018-05-08, giving more context on the deadline miss.</span></p><p><span style="color: rgb(0, 0, 0);">-&gt; 2018-04-06: Informed MSRC that this isn't possible. Made it clear that the issue isn't particularly serious and other .NET based DG bypasses are still unfixed.</span></p><p><span style="color: rgb(0, 0, 0);">&lt;- 2018-04-11: MSRC again requests grace extension based on the upcoming release of RS4 which will have the fix</span></p><p><span style="color: rgb(0, 0, 0);">-&gt; 2018-04-12: Informed MSRC that as there's no firm date for RS4 this couldn't be applied, and RS4 wouldn't be considered a broadly available patch per the disclosure conditions.</span></p><p><span style="color: rgb(0, 0, 0);">-&gt; 2018-04-19: Issue exceeds deadline.</span></p>

    • Chris Payne

      20 April, 2018 - 1:36 pm

      <blockquote><a href="#264609"><em>In reply to arunphilip:</em></a></blockquote><p>THIS. This highlights how ridiculous Google is being about this. MS multiple times requested that Google work with them on this and they were rebuffed. THREE times. How does this policy help anyone in the computing world, except Google?</p><p><br></p><p>Google really should be taken to task on this.</p>

      • Waethorn

        20 April, 2018 - 2:32 pm

        <blockquote><a href="#264672"><em>In reply to unkinected:</em></a></blockquote><p>It helps potential customers decide if Microsoft is taking security seriously. 104 days is too long for a security hole to be unpatched. If customers aren't notified about the hole, they would have no help to detect attacks, should they happen after Microsoft's public disclosure.</p>

      • Jack Smith

        20 April, 2018 - 3:49 pm

        <blockquote><a href="#264672"><em>In reply to unkinected:</em></a></blockquote><p>You give 90 days and that is it. That is plenty of time and MS dragging their feet is on them. MS users need to turn up the heat on MS and get them to get their house in order and take security seriously.</p>

        • atulmarathe

          20 April, 2018 - 5:01 pm

          <blockquote><a href="#264727"><em>In reply to Jack_Smith:</em></a></blockquote><p><br></p><p>Maybe Microsoft prioritizes security fixes based on how many customers will be affected plus how likely they'll be affected. How many people out there are really using S mode, and how many of them are likely to get affected? </p>

  • Chris_Kez

    Premium Member
    20 April, 2018 - 11:25 am

    <p>I'm sure the folks at Google are professional, and they're just doing their job, but I do wonder if they get a little kick out of this when it comes to Microsoft. </p>

  • F4IL

    20 April, 2018 - 11:35 am

    <p>But isn't S Mode still Windows? Sure it is restricted from running Win32 applications, but malware does not necessarily use the Win32 API. Although the scope is narrower, one can still write a piece of code that exploits vulnerabilities in the underlying OS.</p>

    • Greenberry Woods

      20 April, 2018 - 2:20 pm

      <blockquote><a href="#264624"><em>In reply to F4IL:</em></a></blockquote><p>S-Mode is a sandboxed or&nbsp;virtualized version of Windows.&nbsp; Old,&nbsp;Windows 8/8.1 versions&nbsp;Windows RT&nbsp;didn't have the Win32 API's implemented in this virtualized environment.&nbsp; But with Project Centennial, Microsoft brought the Win32 API's into this virtualized environment.&nbsp; Developers need to submit their old, Win32&nbsp;applications to be compiled and brought into the store.&nbsp; Some&nbsp;Win32&nbsp;applications will not work when brought to this virtualized environment.&nbsp; Windows Services, Web Based applications,&nbsp;applications needing access to specialized driver APIs (DeviceIOControl),&nbsp;global Windows Registry access or&nbsp;Windows Installer API's&nbsp;and anything that uses COM objects (which are API's&nbsp;registered at the Operating System Level) will not work in this Virtualized environment.&nbsp; The Edge browser, obviously is allowed to break outside of this virtualized environment.&nbsp; Microsoft has said that patches for these&nbsp;Google reported&nbsp;exploits will be in Redstone 4, when it's released.&nbsp; This is still early days of this "S"(andboxed)-Mode" environment.&nbsp; Edge&nbsp; is the weak link here, as far as security goes.&nbsp; More developers need to bring their Win32 applications over to this environment for&nbsp;S-Mode to be considered a success.&nbsp;Microsoft putting Windows with S-Mode "on" by default, with new PC's, is hoping&nbsp;to&nbsp;push developers to&nbsp;bring their Win32 applications over to the virtualized/sandboxed/store environment.&nbsp; BTW, Microsoft&nbsp;Office applications on Surface RT devices were running in a non-virtualized, Win32&nbsp;or&nbsp;OS level&nbsp;environment.&nbsp; OS level Windows installation APIs were removed, so&nbsp;developers couldn't distribute ARM based applications, unless through the store and then those needed to be .NET or non Win32 API&nbsp;applications.</p>

      • F4IL

        20 April, 2018 - 3:53 pm

        <blockquote><a href="#264682"><em>In reply to Greenberry Woods:</em></a></blockquote><p>Very good points… but keep in mind that:</p><p>Being sandboxed, virtualized or contained can only go as far as the foundation (OS) allows. They are effectively capabilities of the underlying OS to create an illusion for hosted applications through resource control. The OS itself (in every case, not just Windows) is the issue, since it is responsible for restricting access to the available resources. The OS literally builds a jail and launches the application inside. The problem is, not all jails are created equal.</p><p>Hypervisors are designed from scratch to be very thin operating systems, including only what's necessary in order to reduce the attack surface. If the OS is bloated, there is a higher probability of exploitable vulnerabilities that can render the OS incapable of creating a secure jail. Consequently, applications will be able to break free. In fact, the reason why we're seeing reports like these, is because the OS is not adequately capable.</p><p>People sometimes mention sandboxing and virtualization as this magic fix that ensures security. Unfortunately it is not.</p>

    • NazmusLabs

      21 April, 2018 - 1:55 pm

      <blockquote><a href="#264624"><em>In reply to F4IL:</em></a></blockquote><p>You said S mode is restricted from running Win32 apps? Tell me, where in the world did you get that misinformation? I can't even find a fake article that I could point to as your source of that info.</p><p><br></p><p>Windows Store has been distributing Win32 applications since 2016. For instance: Evernote Win32, Foobar2000, Spotify, Open Live Writer, Microsoft Office 2016, Krita, Affinity Photo (closest professional competitor to Photoshop), Paint.NET, Adobe Photoshop Elements 2018, and you get the point. These are all complex Win32 apps built on ancient legacy API dating back to Windows 3.1. They are installed through the Store and works on S Mode.</p><p><br></p><p>In contrast, Adobe Experience Design CC is a UWP app built on pure WinRT but is deliver through Adobe's CC launcher, which you get from their website and is used to install all their creative cloud app, like Photoshop CC and After Effects CC.</p><p><br></p><p>Windows 10 S CANNOT run Adobe Experience Design CC, even though it's a UWP app.</p><p><br></p><p>It's not Win32 vs UWP. It's Store vs Non-Store. If it comes from the store, you can run it. If it's from outside, you cannot.</p><p><br></p><p>The exception is command line applications, which is blocked in S node. So no installing Ubuntu from the Store.</p>

      • F4IL

        22 April, 2018 - 3:19 am

        <blockquote><a href="#264890"><em>In reply to NazmusLabs:</em></a></blockquote><p>Yes, it is Store vs Non-Store, trusted vs untrusted etc, but the vast majority of the applications that ship for Windows are Win32 and don't ship through the Windows Store.</p><p>S-Mode, restricts running most of them (Chrome, (Win32)Firefox and countless other Win32 apps).</p>

      • skane2600

        22 April, 2018 - 1:43 pm

        <blockquote><a href="#264890"><em>In reply to NazmusLabs:</em></a></blockquote><p>So you've run the Win32 applications you mentioned on Windows 10 S?</p>

  • Jack Smith

    20 April, 2018 - 3:46 pm

    <p>What is new? When will MS take security seriously? Google finds all the major flaws including Shellshock, Cloudbleed, Spectre, Heartbleed, meltdown among several others.</p><p><br></p><p>Now ChromeOS has gnu/Linux support securely out of the box. So steam games even wine and a new type of instant application also supported with a container.</p><p><br></p><p>MS needs to get going and please take security seriously like Google does.</p>

  • skane2600

    20 April, 2018 - 3:59 pm

    <p>Microsoft should warn both Windows 10 S users immediately! </p>

    • NazmusLabs

      21 April, 2018 - 1:41 pm

      <blockquote><a href="#264736"><em>In reply to skane2600:</em></a></blockquote><p>The virus information was misleading. It very likely can't infect the PC. Defender will block any file that it knows to be dangerous. The reason is that you don't want this fine accidentally ending up in a flash drive or a cloud storage device to enable it to being spread to other people.</p><p><br></p><p>Defender will likely also block Mac and Linux viruses.</p>

    • Waethorn

      21 April, 2018 - 7:48 pm

      <blockquote><a href="#264736"><em>In reply to skane2600:</em></a></blockquote><p>I was gonna say "Don't be sh*tty", but that was too funny.</p>

  • Wixred

    20 April, 2018 - 5:47 pm

    <p><span style="background-color: inherit;">"I’ve actually run into a malware issue, too. Which is something that’s never happened to me while not in S mode. So… it’s not clear how this thing is really more secure."</span>&nbsp;</p><p><br></p><p><span style="background-color: inherit;">&nbsp;I've seen you talk about this before, and I'm a little disappointed that you're still implying that you were infected, which is misinformation at best.</span>&nbsp;</p><p><br></p><p><span style="background-color: inherit;">&nbsp;What you saw was simply&nbsp;that&nbsp;the AV's real time engine,&nbsp;which is constantly scanning browser data that was transferred to your device (like a webpage, it's images, and&nbsp;JavaScript&nbsp;in order to display a page to you),&nbsp;had&nbsp;flagged&nbsp;one of those things&nbsp;as&nbsp;suspicious.&nbsp;You&nbsp;can force your&nbsp;AV to do the same thing if you go to one of Eicar’s test pages.&nbsp;That doesn't mean at all that you are infected. Looking at the&nbsp;name&nbsp;the AV flagged it as, one could guess that it has something to do with a page that tried to&nbsp;phish you.&nbsp;The AV flagging&nbsp;something from&nbsp;the&nbsp;browser doesn’t mean you are&nbsp;in any danger&nbsp;of an actual infection&nbsp;especially if your system is up to date. For example, a&nbsp;webpage may run&nbsp;JavaScript in order to exploit a vulnerability, but if that vulnerability is patched,&nbsp;that JavaScript&nbsp;can’t do what it planned.</span>&nbsp;</p><p><br></p><p><span style="background-color: inherit;">Why might you&nbsp;not&nbsp;have&nbsp;&nbsp;seen this issue outside of S Mode? Because&nbsp;that depends on the page you visit, when you visit, and what&nbsp;the website decided to send you at that time. In order to display a webpage, your browser has to download the contents. Onces downloaded, realtime scanners take that as an opportunity to scan. Sometimes they don't scan immediately. Sometime they might scan that directory for some reason even days after.</span></p><p><br></p><p><span style="background-color: inherit;">But the browser has SmartScreen for protecting against browser based malware;&nbsp;but this got to the AV, so this must be worse? While you’d hope that&nbsp;SmartScreen&nbsp;would catch this,&nbsp;SmartScreen&nbsp;is a much&nbsp;simpler solution than a full AV.&nbsp;Primarily, it uses&nbsp;URL blocking.&nbsp;MS&nbsp;has a DB of URLs that are known to be malicious. If MS doesn’t know of the bad site, it might not find it.</span>&nbsp;</p><p><br></p><p><span style="background-color: inherit;">Never seen a malware warning from iOS or Android, why here?&nbsp;While the browsers on those systems probably have SmartScreen like&nbsp;technology, the OS does not have a real time scanning AV like Windows S does, so even though their&nbsp;browser is saving temp files and&nbsp;downloading content just like Edge, nothing on those systems is&nbsp;likely to be&nbsp;scanning those&nbsp;locations.</span>&nbsp;</p><p><br></p>

    • NazmusLabs

      21 April, 2018 - 1:35 pm

      <blockquote><a href="#264755"><em>In reply to Wixred:</em></a></blockquote><p>Exactly. It'd misinformation at best. The nalware itself would very likely been powerless to do much damage in S mode, but Windows defender doesn't care what whether you are in S mode or not. If it detects a known threat, it'll block it, regardless of whether the malware is capable of harming the S mode PC. The defender definitions are identical for all Windows version.</p><p><br></p><p>Plus, even if the malware is not effective in S mode, you still want it to be quarantined because you don't want it ending I on a flash drive, which could allow the the to spread to a Windows 10 Pro or Home machine.</p>

  • rameshthanikodi

    21 April, 2018 - 4:32 am

    <p>"it very likely can never be effectively secured. Just patched as problems come up."</p><p><br></p><p>??? isn't this the case with other operating systems too?</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC