Re: [Lynx-dev] Windows Defender ATP

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] Windows Defender ATP

From:	Stefan Caunter
Subject:	Re: [Lynx-dev] Windows Defender ATP
Date:	Tue, 29 Jan 2019 23:06:17 -0500

It sounded like windows allowed lynx to bypass because of the openssl it was 
using at compile time. I have a version from 2014 with 0.9.8 that can negotiate 
tls 1.0. If that utility cannot recognize old tls it might behave this way. 
Hard to imagine curl or wget using a different library though. 

> On Jan 29, 2019, at 21:44, David Niklas <address@hidden> wrote:
> 
> On Tue, 29 Jan 2019 16:29:23 +0100
> Gisle Vanem <address@hidden> wrote:
>> I just discovered the new features of Microsoft's
>> "Windows Defender Advanced Threat Protection".
>> 
>> Overview of all these features:
>>    https://demo.wd.microsoft.com/?ocid=cx-wddocs-testground
>> 
>> After enabling the interesting feature, 'Network Protection'
>> by:
>>   c:\> powershell Set-MpPreference -EnableNetworkProtection Enabled
>>   ref: https://demo.wd.microsoft.com/Page/NP
>> 
>> Then trying to fetch the test-page using Chrome, curl an wget, I
>> get a trace like this:
>>  c:\> wget https://smartscreentestratings2.net/
>> 
>>   --2019-01-29 14:54:23--  https://smartscreentestratings2.net/
>>   Resolving smartscreentestratings2.net
>> (smartscreentestratings2.net)... 23.99.0.12 Connecting to
>> smartscreentestratings2.net
>> (smartscreentestratings2.net)|23.99.0.12|:443... connected. Unable to
>> establish SSL connection.
>> 
>>   (and a WinDefender block warning window pops up).
>> 
>> But using 'lynx -dump https://smartscreentestratings2.net/', I'm
>> getting a seemingly valid connection and page is rendered as:
>>                                SmartScreen Test
>> 
>>   This is a test page for SmartScreen.
>> 
>> As if the 'Network Protection' was disabled. But I do get the
>> same WinDefender block warning window in addition to the page
>> 
>> What could cause the difference in behaviour?
>> My Lynx used OpenSSL, so does my Wget and curl
>> (with CURL_SSL_BACKEND=openssl)
>> 
>> Scratching head now!?
> 
> So let me get this straight... You're asking a bunch of opensource geeks
> to explain a "Feature" of a black box environment that has been
> purposefully created to "secure" said black box using an unknown and
> apparently flawed method.
> Would @CEO "fix" Windowz at our behest? (I'm pausing for the laughter at
> the suggestion...)
> 
> More seriously, this sounds like a Windowz bug. Without a gdb trace I
> can't tell you where lynx succeeds but curl and wget fail. I'd guess that
> there is a library in there someplace that lynx does not use but the
> others do.
> 
> Alternately, lynx might be used by the NSA for "special" purposes so lynx
> has an exception to the rules and thus WE 0WN the Virtual-verse!!!
> 
> Trying NOT to be less than useless,
> David
> 
> _______________________________________________
> Lynx-dev mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lynx-dev

[Prev in Thread]

Current Thread

[Next in Thread]

[Lynx-dev] Windows Defender ATP, David Niklas, 2019/01/29
- Re: [Lynx-dev] Windows Defender ATP, Stefan Caunter <=
- Re: [Lynx-dev] Windows Defender ATP, Gisle Vanem, 2019/01/30
  - Re: [Lynx-dev] Windows Defender ATP, Mouse, 2019/01/30

Prev by Date: [Lynx-dev] Windows Defender ATP
Next by Date: [Lynx-dev] a cookie question?
Previous by thread: [Lynx-dev] Windows Defender ATP
Next by thread: Re: [Lynx-dev] Windows Defender ATP
Index(es):
- Date
- Thread