Microsoft Defender ATP is Detecting Yesterday's Chrome Update as a Backdoor (zdnet.com) 56
Microsoft Defender Advanced Threat Protection (ATP), the commercial version of the ubiquitous Defender antivirus and Microsoft's top enterprise security solution, is currently having a bad day and labeling yesterday's Google Chrome browser update as a backdoor trojan. From a report: The detections are for Google Chrome 88.0.4324.146, the latest version of the Chrome browser, which Google released last night. As per the screenshot (embedded in the linked story), but also based on reports shared on Twitter by other dismayed system administrators, Defender ATP is currently detecting multiple files part of the Chrome v88.0.4324.146 update package as containing a generic backdoor trojan named "PHP/Funvalget.A." The alerts have caused quite a stir in enterprise environments in light of recent multiple software supply chain attacks that have hit companies across the world over the past few months. System administrators are currently awaiting a formal statement from Microsoft to confirm that the detection is a "false possitive" and not an actual threat.
Well the only question is ... (Score:5, Funny)
Why didn't it detect earlier versions already?
BTW: Can it detect its own OS too?
Re: Well the only question is ... (Score:1)
Oh (Score:5, Funny)
Microsoft accidentally released software that works correctly? I'm sure they'll fix that soon.
Re: (Score:2)
Consequences of autoupdating everything. (Score:2)
Re:Consequences of autoupdating everything. (Score:4, Insightful)
But sending every key stoke, mouse click and url is invasive spying and a privacy violation.
Re: (Score:2)
Even chances that someone is removing a feature versus adding a new one. And of course there are anti-features, like UI redesign.
Re: Consequences of autoupdating everything. (Score:4, Insightful)
I rarely see positive updates. I see auto updates that add ads or telemetry. I see auto updates that modify my UI in ways that make things harder for the sake of change. I see auto updates that remove features until you pay for an upgraded version. The only real positive updates I see regularly are security updates.
Re: (Score:1)
Congratulations on being what I talk about. Maybe if you embraced some telemetry or feedback more often you'd see more positive updates.
Re: (Score:2)
I am not sure how enabling telemetry is going to benefit me. I said the updates are designed to further the business of the software manufacturer at my expense. The manufacturer knowing more about how I use their products is irrelevant or even detrimental. I can see how they could use that information to produce more ads or identify which features need to be moved behind a paywall.
TL;DR My issue is not that they are not listening. It is that their interests are opposed to mine.
Re: (Score:2)
Yeah it's a horrible world where you get updates and benefits from new technology automatically while companies are able to optimise their software to focus on what users want.
I want high quality software and good security.
Users don't want bugs.
Re:Consequences of autoupdating everything. (Score:4, Insightful)
Yeah it's a horrible world where you get updates and benefits from new technology automatically
If the benefit is forced upon you, with no way to turn it off, even though some might want to, it is likely that it is not a benefit, but an imperative from the real owner of the device.
Re: (Score:2)
"Yeah it's a horrible world where you get updates and benefits from new technology automatically"
This claim is based on facts not in evidence. If you do not update then as something worked yesterday so it will work today and tomorrow for all values of today until the heat death of the multiverse.
The most stable version of any software to use is the most recently discontinued version. It was discontinued because there was nothing left that needed to be fixed or changed and a "new version" was required in o
Re: (Score:2)
It was discontinued because there was nothing left that needed to be fixed or changed and a "new version" was required in order to keep the treadmill running.
Or it was discontinued because there was nobody to implement bugfixes and new features requested by it's users.
Re: (Score:1)
Except that's not what is happening at all. I'm sure you'll be just fine when someone comes into your house, and replaced all of your hardwood flooring with hot pink shag carpet because that's what global metrics tell them people really want.
Re: (Score:2)
Please wait while your defibrillator downloads and installs new updates.
Re: (Score:3)
Yeah it's a horrible world where you get updates and benefits from new technology automatically while companies are able to optimise their software to focus on what users want.
I agree that we sure do have awesome amazing new technology (hardware) the software people keep pissing all over because bean counters running the show care about making money more than they care about making value.
The level of hostility / fuckery the industry is currently engaged in is nothing short of an embarrassment.
In other news the people who think that all modern software sucks and that UI is going down hill
If the shoe fits..
and who also have telemetry disabled overlaps almost perfectly. Guess what, company's data show the features you like are unused.
You don't need to turn your product into malware to improve it. You can solicit feedback, conduct focus groups or even more radical a concept: product testing PRIOR to rel
Re: (Score:3)
Using any OS that auto-updates for control systems is user incompetence.
It's not the fault of a desktop operating system designed as an office productivity tool if someone dies from its gross misuse.
Re: (Score:2)
Re: (Score:3, Informative)
Those blinkenlights also are things like ARP traffic and other things that might not have anything to do with telemetry.
But you know, hyperventilate over your "blinkenlights"
Re: (Score:2)
Nobody ever built a "telemetry watcher", to see if Chrome is reporting stuff to Google, or Windows to Microsoft?
Shouldn't that be open to the user? As far as I know, my keystrokes and screenshots are not going anywhere. Chrome url I suppose, but that's not hidden.
Incognito in chrome going to google or ms, now that's a problem, though the ISP would know.
Re: (Score:3)
Most of that is probably incoming traffic. I run ssh on a non standard port and still get thousands of login attempts daily. Finally I switched off passwords just for peace of mind and allow only keys. One specific address from china had done 50,000 connections even after disabling passwords.
Re: (Score:2)
Because it probably is. (Score:1)
Slams (Score:2)
Is this how Microsoft is "slamming" Google? (see previously posted article)
Re: (Score:2)
My thought as well...
But most probably a false alarm.
Re: (Score:2)
Well, yeah. Totally agreed. The issue is a false positive, which Microsoft's Defender is highly guilty of as of late. It has been flagging a bunch of F/OSS hosted on GitHub (which MS owns, so no excuse why they couldn't probe that site for source code vs binary differences), as well as flagging my own code right after I compile it. And for my own, we're talking super simple 10 line or less scripts that don't include any libraries. Their scanning system is just bonkers in the past year or two.
Re: (Score:2)
As the number of signatures goes up the risk of hash collisions increases(*). Can't be arsed to do the math right now, but I'm fairly certain the rate of increase isn't just linear either. i.e. expect more false positives, and at an increased rate as time goes on.
It was a pain in the arse when Defender started flagging Dos Box as malicious a couple of years ago, but I suspect that's just the tip of the iceberg.
(*) I could be talking out of my arse, but if so pretend this is merely a simplification / analogy
malware detected (Score:3)
WARNING: browser is not Bing. Delete immediately
Re: (Score:2)
Notice: 'Bing' is not a browser.
Re: (Score:2)
Close enough for the great unwashed masses
I fail to see the problem (Score:5, Insightful)
Chrome is spyware. It has numerous backdoors which siphon your personal information. It does even try to hide this fact.
Of course it would be flagged as a trojan. Why is this even news?
Re: (Score:2)
You know what else pisses me off? Some web sites don't work well in non-Chrome web browsers like Office 365's Outlook. :(
Re: (Score:2)
My employer (foolishly IMHO) switched to Office 365 with mail hosted at Microsoft last summer. I have a Linux client at work, so the best way to access my email is through the website (it says IMAP is enabled, but I've never figured out how to access it). And I've found it works just fine in Firefox. It actually works remarkably well for what is essentially a web page. And with the use of some userContent.css rules, I was able to cut out several annoying UI elements, like the breaks in the message index
Not the only one... (Score:2)
I also saw it flag the "official" uTorrent client the other day.
And it was reporting a rather nasty rootkit, not anything related to adware (the free Windows clients display ads).
Now I'm wondering how bad that update might be. Work systems don't use Defender fortunately, but most people I know are using it instead of a paid product.
Re: (Score:2)
The work system I use does use Defender - the place has gone full O365 on us. Defender has coughed up false-positive problems in past releases, too, so I wouldn't be surprised if there's an update tonight that patches it again. OTOH, Chrome has been uninstalled, because ChrEdge works well enough and it's part of the MS package the company has bought into. Funny though, until December, we still needed IE to start the timesheet application (now it works, with minor glitches, with ChrEdge).
Back in mainframe da
Re: (Score:2)
Re: (Score:2)
I wouldn't be surprised if was right, uTorrent is pretty shady. Why not use an open source client like qBittorrent or Deluge?
Assumptions? (Score:4, Insightful)
It seems to me there is an assumption here that it is impossible for Google to have a supply chain attack, and therefore Microsoft MUST be wrong... while I think that is plausible, and even likely, to assert it as fact means you should probably re-assess your decision making paradigm.
Re: (Score:2)
I devoutly hope Chrome has no PHP code.
Re: (Score:2)
I mean yes, but also presumably based on the name the attack is a PHP-based attack, and Chrome is not PHP and does not come with PHP. Unfortunately Microsoft doesn't provide any additional information about WTF "PHP/Funvalget.A" is, and searching for it finds a ton of articles about this story. Adding "-chrome" did not help as it basically limited it to the useless Microsoft Defender documentation.
However, in favor of this being something real, the issue is apparently with a localization file, and if Google
Why is the fire alarm going off? (Score:3)
Reminds me of a lesson I learned back in college days: I saw the laboratory building manager going past and asked him why the fire alarm was going off; he responded "I think the building is on fire.".
Re: (Score:2)
Reminds me of a lesson I learned back in college days: I saw the laboratory building manager going past and asked him why the fire alarm was going off; he responded "I think the building is on fire.".
Based on the false positive rate of fire alarms, I'd be confident the building wasn't on fire. Like Car Alarms, Fire Alarms have become almost useless for warning of actual fire.
Chrome _is_ a backdoor (Score:2)
Microsoft Defender (Score:2)
Proudly defending Microsoft's market position since 2005.
testing? (Score:2)
Re: (Score:2)
You're probably the first post that actually puts some responsibility on Google. As I think about, you're absolutely right.
Yes, this could actually be malware in Google's product.
Yes, this could be Microsoft ATP incorrectly detecting chrome as malware.
Yet, Google also has a responsibility to do release based testing. Every product company I've dealt with has done release based testing. You'll never get full coverage on every OS and version out there. Yet, you always try and hit the popular ones. Microsoft i
Re: (Score:2)
This! Ir reads an awful lot like that dreaded phrase was heard recently at Google: "OMG it compiled! SHIP IT!!!"
MS 'Edge'ing out Chrome? (Score:2)