It’s a little more complicated than just copying data
Wednesday, September 9, 2020
Sunday, September 6, 2020
Windows 10's built-in antivirus can now be used to download viruses
A recent update to Windows Defender gave it the ability to download files through a command line tool.
A recent update to the built-in antivirus software in Windows 10 has taught the program a new trick—how to download files through a command line tool, including nefarious ones (trojans, spyware, ransomware, and other malware).
Downloading malware is not the intended purpose, at least I presume that's not the case. But the new function could potentially be abused in such a manner. Fortunately, this is not something the typical home user needs to worry about, not unless they're a PC masochist (more on that in a moment).
This new ability was discovered by Mohammad Askar (via Bleeping Computer), a security penetration tester and instructor who has posted hundreds of security articles, according to his Udemy profile.
"Well, you can download a file from the internet using Windows Defender itself. In this example, I was able to download Cobalt Strike beacon using the binary 'MpCmdRun.exe' which is the 'Microsoft Malware Protection Command Line'," Askar stated on Twitter.
This effectively allows a local attacker to leverage Defender as what is called a living-off-the-land binary (LOLBin). That's when legitimate software is used for something malicious—in this case, using an antivirus program to download a virus.
It appears this new ability was added to Defender with the 4.18.2007.8 update in July, so the functionality has been there for nearly two months. Bleeping Computer tested the new download switch in the command line tool and was able to download the same WastedLocker ransomware that recently caused a ruckus with Garmin's infrastructure, which prompted the company to reportedly pay a multi-million dollar ransom.
This is not quite as careless as it may seem at first glance. For one, Defender will still scan files downloaded through this method, so in theory it should still protect against malware. And secondly, this would need to be initiated by a local user.
Nevertheless, this is something system administrators should be aware of, so they can take the proper precautions. It's not unheard of for a rogue employee to cause mischief, whether they are disgruntled, are on the verge of being fired, or any other reason.
Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).
MORE ABOUT...
How to Lock Your Windows 10 PC Using Command Prompt
MARSHALL GUNNELL @marshall_g08
SEPTEMBER 1, 2020, 10:24AM EDT
One of the first rules of cyber security is to always lock your PC before stepping away. While it may not be the quickest way to lock your Windows 10 PC, you can do it using the Command Prompt.
Lock Your Windows 10 PC Using Command Prompt
First, open the Command Prompt on your PC by opening the “Start” menu, typing “cmd” in the Windows Search bar, and then selecting “Command Prompt” from the search results.
Command Prompt will now open. Here, run this command to lock your Windows 10 PC.
Rundll32.exe user32.dll,LockWorkStation
Once executed, your PC will be locked. You’ll have to sign back in with your PIN, password, or whatever sign-in method you usually use.
Set the Lock Screen Timeout Setting Using Command Prompt
Once you’ve locked your PC, the lock screen will generally be displayed for a certain amount of time before it time outs. You can set the amount of time that needs to pass before timing out using the Command Prompt.
To do this, you’ll need to open Command Prompt as an admin. Do so by typing “cmd” in the Windows Search bar and then right-clicking “Command Prompt” from the results. Next, select “Run As Administrator” from the menu that appears.
With Command Prompt open, run this command.
powercfg.exe /SETACVALUEINDEX SCHEME_CURRENT SUB_VIDEO VIDEOCONLOCK <time>
Replace <time> with your desired amount of time in seconds. That means if you want to time out the lock screen after two minutes, you’d enter this command:
powercfg.exe /SETACVALUEINDEX SCHEME_CURRENT SUB_VIDEO VIDEOCONLOCK 120
Note: This command sets the lock screen timeout setting for your PC if it’s plugged up to a power source. To set the lock screen timeout setting for your PC if it’s running on battery, change/SETACVALUEINDEX to/SETDCVALUEINDEX and run the command as normal.
Next, run this command:
powercfg.exe /SETACTIVE SCHEME_CURRENT
Now your lock screen will timeout after the set amount of time. Give it a try!
MARSHALL GUNNELL
Marshall Gunnell is a writer with experience in the data storage industry. He worked at Synology, and most recently as CMO and technical staff writer at StorageReview. He's currently an API/Software Technical Writer at LINE Corporation in Tokyo, Japan. READ FULL BIO »
Justice Dept. Plans to File Antitrust Charges Against Google in Coming Weeks
WASHINGTON — The Justice Department plans to bring an antitrust case against Google as soon as this month, after Attorney General William P. Barr overruled career lawyers who said they needed more time to build a strong case against one of the world’s wealthiest, most formidable technology companies, according to five people briefed on internal department conversations.
Justice Department officials told lawyers involved in the antitrust inquiry into Alphabet, the parent company of Google and YouTube, to wrap up their work by the end of September, according to three of the people. Most of the 40-odd lawyers who had been working on the investigation opposed the deadline. Some said they would not sign the complaint, and several of them left the case this summer.
Some argued this summer in a memo that ran hundreds of pages that they could bring a strong case but needed more time, according to people who described the document. Disagreement persisted among the team over how broad the complaint should be and what Google could do to resolve the problems the government uncovered. The lawyers viewed the deadline as arbitrary.
While there were disagreements about tactics, career lawyers also expressed concerns that Mr. Barr wanted to announce the case in September to take credit for action against a powerful tech company under the Trump administration.
But Mr. Barr felt that the department had moved too slowly and that the deadline was not unreasonable, according to a senior Justice Department official.
A former telecom industry executive who argued an antitrust matter before the Supreme Court, Mr. Barr has shown a deep interest in the Google investigation. He has requested regular briefings on the department’s case, taking thick binders of information about it on trips and vacations and returning with ideas and notes.
When Mr. Barr imposed a deadline on the investigation, some lawyers feared that the move was in keeping with his willingness to override the recommendations of career lawyers in cases that are of keen interest to President Trump, who has accused Google of bias against him.
The Google case could also give Mr. Trump and Mr. Barr an election-season achievement on an issue that both Democrats and Republicans see as a major problem: the influence of the biggest tech companies over consumers and the possibility that their business practices have stifled new competitors and hobbled legacy industries like telecom and media.
A coalition of 50 states and territories support antitrust action against Google, a reflection of the broad bipartisan support that a Justice Department case might have. But state attorneys general conducting their own investigations into the company are split on how to move forward, with Democrats perceived by Republicans as slow-walking the work so that cases can be brought under a potential Biden administration, and Democrats accusing Republicans of rushing it out under Mr. Trump. That disagreement could limit the number of states that join a Justice Department lawsuit and imperil the bipartisan nature of the investigation.
Some lawyers in the department worry that Mr. Barr’s determination to bring a complaint this month could weaken their case and ultimately strengthen Google’s hand, according to interviews with 15 lawyers who worked on the case or were briefed on the department’s strategy. They asked not to be named for fear of retribution.
A Justice Department spokeswoman declined to comment on the continuing investigation. A Google spokesman said that the company would “continue to engage with ongoing investigations” and that its business practices enabled “increased choice and competition.”
When the Justice Department opened its inquiry into Alphabet in June 2019, career lawyers in the antitrust division were eager to take part. Some within the division described it as the case of the century, on par with the breakup of Standard Oil after the Gilded Age. It also offered a chance for the United States to catch up to European regulators who had been aggressive watchdogs of the technology sector.
Alphabet was an obvious antitrust target. Through YouTube, Google search, Google Maps and a suite of online advertising products, consumers interact with the company nearly every time they search for information, watch a video, hail a ride, order delivery in an app or see an ad online. Alphabet then improves its products based on the information it gleans from every user interaction, making its technology even more dominant.
For nearly a year, dozens of Justice Department lawyers and other staff members worked in two groups, each overseeing a separate line of inquiry: Google’s dominance in search and its control over many aspects of the ecosystem for online advertising.
Google controls about 90 percent of web searches globally, and rivals have complained that the company extended its dominance by making its search and browsing tools defaults on phones with its Android operating system. Google also captures about one-third of every dollar spent on online advertising, and its ad tools are used to supply and auction ads that appear across the internet.
The Justice Department amassed powerful evidence of anticompetitive practices, three people said.
But the lawyers also described internal politics that at times slowed down the department’s work or drove a wedge among members of the team.
Makan Delrahim, the head of the Justice Department’s antitrust division, had pushed the department to investigate Google but was recused from the case because he represented the company in a 2007 acquisition that helped it to dominate the online advertising market.
In an unusual move, Mr. Barr placed the investigation under Jeffrey A. Rosen, the deputy attorney general, whose office would not typically oversee an antitrust case. Mr. Barr and Mr. Delrahim also disagreed on how to approach the investigation, and Mr. Barr had told aides that the antitrust division had been asleep at the switch for decades, particularly in scrutinizing the technology industry.
Mr. Rosen does have a tech background: He was the lead counsel for Netscape Communications when it filed an antitrust complaint against Microsoft in 2002.
In October, Mr. Rosen hired Ryan Shores, a veteran antitrust lawyer, to lead the review and vowed to “vigorously seek to remedy any violations of law, if any are found.”
Mr. Barr also had a counselor from his own office, Lauren Willard, join the team as his liaison. She met with staff members and requested information about the investigation. She also issued directives and made proposals about next steps.
The case seemed to have two leaders who were not always in sync about who was in charge, and one of them sat in the office of the attorney general.
As debates arose over how best to move forward against Google — primarily over whether to file a complaint that included both the search and advertising elements, or to focus on one line of attack — lawyers wondered who would have the last word. Mr. Barr stepped in this spring to clarify that Mr. Shores was in charge. Ms. Willard still had a hand in Google, but she stepped back from the case to focus on other assignments.
State attorneys general also disagreed on whether to bring a narrow case that could be filed during Mr. Trump’s presidency or to take more time to file a broader complaint. Attorney General Phil Weiser of Colorado, a Democrat who worked in the Obama Justice Department, drove the effort to bring a broad lawsuit, three people with knowledge of his plans said. But Attorney General Ken Paxton of Texas, a Republican, was in the advanced stages of a case focused on Google’s advertising technology and felt that it could be brought quickly.
A spokesman for Mr. Weiser declined to comment. A spokeswoman for Mr. Paxton did not immediately respond to a request for comment.
When the Justice Department this summer shared a potential approach to the case that was focused on advertising technology, several state attorneys general viewed it as too narrow for them to support, said one person who was familiar with the presentation.
Google’s lawyers hope to seize on Mr. Trump’s politicization of the matter should the Justice Department sue the company. Republican lawmakers like Senator Ted Cruz of Texas and Representative Jim Jordan of Ohio, the top Republican on the House Judiciary Committee, have accused platforms like YouTube and Facebook of censoring conservative voices.
Data from the companies undermine their claims, showing that Republicans are among the most visible figures on their services. And few figures have as much reach on social media as Mr. Trump himself.
But the president had made the accusations personal. In 2018, he said that when searching for “Trump News,” Google’s search engine turned up only reports from news organizations that he said were biased against him.
“Google search results for ‘Trump News’ shows only the viewing/reporting of Fake News Media,” he said on Twitter. “In other words, they have it RIGGED, for me & others.” He also said Google had potentially violated the law.
Mr. Barr recently echoed the president’s criticism and said that antitrust laws could be used to keep companies from restricting the spread of conservative views.
Many career staff members in the antitrust division, including more than a dozen who were hired during the Trump administration, considered the evidence solid that Google’s search and advertising businesses violated antitrust law. But some told associates that Mr. Barr was forcing them to come up with “half-baked” cases so he could unveil a complaint by Sept. 30, according to three people with knowledge of the discussions.
Some lawyers who felt they needed more time laid out their concerns in the memo and left the case; about 20 lawyers remain on the team. Department lawyers said that Mr. Shores planned to slim down the team this summer. Some people also left because the coronavirus pandemic had made it hard for them to dedicate time to the case. A lawyer in the department’s civil division joined the remaining members of Mr. Shores’s team.
The department approached litigators from at least three outside law firms to take on a potential case, according to two people with knowledge of the talks. But they all declined, citing conflicts of interest and other logistical obstacles created by the pandemic.
David McCabe contributed reporting.
The post Justice Dept. Plans to File Antitrust Charges Against Google in Coming Weeks appeared first on New York Times.
https://dnyuz.com/2020/09/03/justice-dept-plans-to-file-antitrust-charges-against-google-in-coming-weeks/
20 Years Ago Microsoft Released The Worst Windows Ever: Windows Me
Sep 5, 2020,05:43am EDT
I am a consumer tech expert writing about Windows, PCs, laptops, Mac, broadband and more.
Windows 95 is one of the few pieces of software to genuinely change the world. Windows 98 was a solid follow-up. But the third release in the trilogy, Windows Me? You can probably still hear the howls of frustration of someone trying to get it installed properly for the 1,564,352nd time.
This month marks the 20th anniversary of Windows Millennium Edition and it’s a birthday even Microsoft will want to forget. Memorably dubbed Windows Mistake Edition by PC World magazine, it was an awful bodge-job.
Even if you did manage to get the thing installed - upgrade installations from Windows 98 were a particular torture, the kind that could break terrorists - it took a mere gentle breeze to make the operating system fall over.
Peripherals routinely refused to co-operate. I still have dark memories of an entire Saturday afternoon spent trying to get a printer installed in Windows Me. Local districts were forced to close suburban sidewalks, through fear of pedestrians being injured by beige boxes being thrown out of bedroom windows (I exaggerate, but not by much).
Windows Me also popularized the infamous Blue Screen of Death. Windows 95 and 98 users were no strangers to the infamous crash screen, but the BSOD shone so frequently from a Windows Me machine that passing neighbors thought you’d redecorated.
Positive reviews
Most of Windows Me’s most heinous flaws only became visible after a prolonged period of time, which perhaps explains why reviewers were rather positive about the operating system at launch.
PC Magazine gave it a generous four out of five, even though the reviewer detected the reliability problems that would plague Me and its users. “When the upgrade was complete, the system ran smoothly for a few hours but then became unstable,” Edward Mendelson wrote. “Even the System Restore wizard didn't help—and crashed when it tried.”
Likewise, long-term Windows watcher Paul Thurrott was lavish in his praise for Windows Me at the time. “It's easy to ridicule Microsoft for milking the Windows 9x cash cow yet again,” he wrote. “But the reality is that this release is exceptional, especially considering its technological heritage. Put aside your preconceptions and give Windows Me a chance. I think you'll be surprised.”
To be fair to Thurrott, and as he has pointed out in subsequent articles defending his review, Windows Me did debut a number of innovations that have gone on to become crucial Windows mainstays, including System Restore (which was vastly improved in subsequent releases), automatic updates and the Hibernate mode.
What came next?
Windows Me was only ever a stopgap. Even at the time of its release, Microsoft was already hard at work on a complete revamp of the Windows code base, codenamed ‘Whistler’. It’s fair to say Windows Me didn’t get the developers’ full attention.
Whistler eventually became Windows XP, the first version of Windows pitched at both consumers and businesses, and was released in October 2001 - little more than a year after the release of Windows Me.
Windows XP did rather better than its predecessor. Hailed by some as the greatest version of Windows of all time, it became the PC mainstay for well over a decade, with many choosing to stick with XP over the troubled Windows Vista - another Microsoft low point.
Even today, almost 19 years after its release, Windows XP is still found on 1.26% of desktop computers, according to NetMarketShare, giving it a greater market share than Ubuntu Linux.
Windows Me has, thankfully, disappeared without trace.
Monday, June 3, 2019
$1.3M laptop turns malware into art
What qualifies as art depends on who you’re talking to. For internet artist Guo O Dong, art can be a laptop that’s infected with six different types of malware. And at least one other person though this nightmare computer was a masterpiece worth $1.3 million.
According to Gizmodo:
“The artist explained he wanted to create a physical representation of the worst cyber threats. ‘We have this fantasy that things that happen in computers can’t actually affect us, but this is absurd,’ Guo told the Verge. ‘Weaponized viruses that affect power grids or public infrastructure can cause direct harm.’”
In order to buy the laptop — and old Samsung machine infected with BlackEnergy, DarkTequila, ILOVEYOU, MyDoom, SoBig, and WannaCry — the anonymous buyer had to promise to only use the laptop for artistic or academic purposes.
Learn more about this questionable piece of tech art at Gizmodo.
Subscribe to:
Posts (Atom)
-
It’s a little more complicated than just copying data By Barbara Krasnoff Sep 2, 2020, 4:35pm EDT Two-factor authentication (2FA) is ... -
A recent update to Windows Defender gave it the ability to download files through a command line tool. A recent update to the built-in antiv... -
MARSHALL GUNNELL @marshall_g08 SEPTEMBER 1, 2020, 10:24AM EDT One of the first rules of cyber security is to always lock your PC before s...