[Lynx-dev] Windows Defender ATP

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lynx-dev] Windows Defender ATP

From:	David Niklas
Subject:	[Lynx-dev] Windows Defender ATP
Date:	Tue, 29 Jan 2019 21:44:18 -0500

On Tue, 29 Jan 2019 16:29:23 +0100
Gisle Vanem <address@hidden> wrote:
> I just discovered the new features of Microsoft's
> "Windows Defender Advanced Threat Protection".
>
> Overview of all these features:
>     https://demo.wd.microsoft.com/?ocid=cx-wddocs-testground
>
> After enabling the interesting feature, 'Network Protection'
> by:
>    c:\> powershell Set-MpPreference -EnableNetworkProtection Enabled
>    ref: https://demo.wd.microsoft.com/Page/NP
>
> Then trying to fetch the test-page using Chrome, curl an wget, I
> get a trace like this:
>   c:\> wget https://smartscreentestratings2.net/
>
>    --2019-01-29 14:54:23--  https://smartscreentestratings2.net/
>    Resolving smartscreentestratings2.net
> (smartscreentestratings2.net)... 23.99.0.12 Connecting to
> smartscreentestratings2.net
> (smartscreentestratings2.net)|23.99.0.12|:443... connected. Unable to
> establish SSL connection.
>
>    (and a WinDefender block warning window pops up).
>
> But using 'lynx -dump https://smartscreentestratings2.net/', I'm
> getting a seemingly valid connection and page is rendered as:
>                                 SmartScreen Test
>
>    This is a test page for SmartScreen.
>
> As if the 'Network Protection' was disabled. But I do get the
> same WinDefender block warning window in addition to the page
>
> What could cause the difference in behaviour?
> My Lynx used OpenSSL, so does my Wget and curl
> (with CURL_SSL_BACKEND=openssl)
>
> Scratching head now!?

So let me get this straight... You're asking a bunch of opensource geeks
to explain a "Feature" of a black box environment that has been
purposefully created to "secure" said black box using an unknown and
apparently flawed method.
Would @CEO "fix" Windowz at our behest? (I'm pausing for the laughter at
the suggestion...)

More seriously, this sounds like a Windowz bug. Without a gdb trace I
can't tell you where lynx succeeds but curl and wget fail. I'd guess that
there is a library in there someplace that lynx does not use but the
others do.

Alternately, lynx might be used by the NSA for "special" purposes so lynx
has an exception to the rules and thus WE 0WN the Virtual-verse!!!

Trying NOT to be less than useless,
David

[Prev in Thread]

Current Thread

[Next in Thread]

[Lynx-dev] Windows Defender ATP, David Niklas <=
- Re: [Lynx-dev] Windows Defender ATP, Stefan Caunter, 2019/01/29
- Re: [Lynx-dev] Windows Defender ATP, Gisle Vanem, 2019/01/30
  - Re: [Lynx-dev] Windows Defender ATP, Mouse, 2019/01/30

Prev by Date: Re: [Lynx-dev] The HTML hidden attribute
Next by Date: Re: [Lynx-dev] Windows Defender ATP
Previous by thread: [Lynx-dev] Windows Defender ATP
Next by thread: Re: [Lynx-dev] Windows Defender ATP
Index(es):
- Date
- Thread