Bonum Certa Men Certa

Microsoft “Defender” Pretender Attacks Random Software That Uses NSIS for installation; “Super Duper Secure Mode” for Edge is a Laugh

Guest post by Ryan, reprinted with permission from the original

Astronaut



Windows has for some time, apparently, attacked random software just because that software uses the Nullsoft Scriptable Installation System, a totally legitimate and Free and Open Source installation framework which has been around for decades.



Microsoft released an article about doing this years ago, but it appears they just randomly detect NSIS installers and assign some scary-sounding but bogus Trojan name to them.



In reality, just having a powerful scripting system doesn’t make your software a Trojan horse, and if Windows had proper software management, tools like NSIS would never have been necessary.



The developers I’ve heard from consider this just one more frustration to expect when developing software for Windows, and keep submitting their particular installer package to Microsoft to get on some kind of an exclusion list, but that doesn’t solve the bigger problem.



There’s nothing wrong with NSIS, and “Microsoft Pretender” is either just guessing and pulling random trojan names out of its proverbial ass or this is another attack on competitors and things that the “MAFIAA” doesn’t like and sometimes remove them without permission from the user or even a warning.



They’ve been caught doing this with LibreOffice, QBittorrent, PeaZip and other perfectly legitimate things.



Going after NSIS, which is what many Free Software programs prefer to use to install themselves on Windows because NSIS is also Free Software and doesn’t cost an exorbitant license fee, seems to me to be worthy of intense scrutiny, as it would be a great way to harass the Free Software community and blame it on “suspected malware”.



It seems, in my experience, that “False Positives” on Windows antivirus products are the most serious problem when you use Microsoft’s own, and it almost always “oopses” in really suspicious ways. Like, ways you’ll never have them dead to rights on, but very interesting nonetheless.



In fact, whenever I would ask VirusTotal for another opinion, it was rare that even a single antivirus program out of dozens of others agreed with Microsoft’s “False Positives”.



Like, you can just about count on “Microsoft Pretender” to miss RATS and ransomware, and removing QBittorrent without asking. (There’s also mention here of it attacking Ardour, a Free Software Digital Audio Workstation, and quarantining it.)



It’s a dark joke among Reddit users. Everyone knows how bad this thing is.



SJVN of ZDNet, which is a total spam farm now, for corporate PR releases, was talking about the “rich investigative experiences” of “Microsoft Pretender” for GNU/Linux, but considering that it’s by far the most incompetent and corrupt antivirus solution on the market for Windows, and it’s known to transmit lots of information about you back to Microsoft, there’s absolutely no reason to use it.



SJVN should write another article about the comforts of Rich Corinthian Leather seats. There’s nothing sadder than a so-called “independent journalist” who writes absolute drivel like this.



If Microsoft hadn’t made installing and removing software on Windows an unholy mess from its inception, and then told developers to go license a third party solution to deal with it, we probably wouldn’t be dealing with half the problems we have over the years, but NSIS is so good that it’s all but relegated the InstallShield Wizard and other expensive and error-prone methods of dealing with software programs on Windows to the ash heap of history.



Another thing Microsoft stands to gain from creating the perception that legitimate software (and might as well be FOSS while they’re attacking something) is overflowing with viruses, is it puts pressure on software developers to use Microsoft’s crummy Windows Store and agree to a litany of abuses that don’t apply if you “sideload” (the newspeak term for installing programs on your own computer).



Apple, for their part, pulls no punches when they make wild accusations that people who “sideload” are probably criminals.



Sure, yeah, okay…. I want to use Infinity for Reddit and NewPipe for Youtube on my phone because the real things have gotten so annoying that I can’t stand them and otherwise wouldn’t use a phone, but sure….



Most of the software in the F-Droid (for Android) store is of much higher technical quality and far less annoying to the user than in the Google Play or Apple App Store, because the author is writing it to be useful, not like these companies that have given up on anything except 27 tracking libraries and ads every 2 minutes.



Since Apple has warred against “sideloading”, anyone who wants software on their phone that’s not an annoying piece of shit designed to spy on them, shovel ads onto their screen, and drain their bank accounts with micro-transactions is now a “child molester”. Whoa, that escalated quickly. Thanks Apple!



Microsoft’s “liberalized” terms of use, which are still awful, for their Windows Store, are a desperate move ten years too late, and years after their Windows Mobile division failed.



Had they done these then, it may have saved that division.



Who knows? The Windows brand is the operating system version of “Internet Explorer” at this point. There are those who look back and actually liked Windows Mobile and say “Oh why oh why did they have to call it Windows?”.



I have to wonder who would accept any restrictions on their creative vision and their rights as a software author when delivering software straight to the customer and being able to ship the full version without any meddling from Microsoft and delays in getting updates out is possible.



Whether there’s a conspiracy afoot at Microsoft or if you believe them that these really are “False Positives” that few or no other antivirus companies can ever seem to corroborate, or both, it’s definitely worth openly asking why we’d install this junk on GNU/Linux.



Even if it is just to make sure malicious Windows software isn’t being downloaded by Windows users from a server, it doesn’t appear to be doing a great job as part of Windows itself.



Of course, at this point, all antivirus boils down to is a short list (of millions) of prevalent malware samples and then a lot of guesswork, and that leaves plenty of room to be wrong. When the problem on Windows is so out of control that you have to resort to outright guessing, there’s going to be collateral damage.



We’ve never had a disaster of this magnitude on GNU/Linux, so Microsoft Googlebombs “Linux malware” to refer to something that runs in Windows Subsystem for Linux, and that’s a very important distinction, as they bungle WSL/WSL2 quite badly and manage to add an insurmountable amount of attack surface on their own OS.



A “WSL” is what a company does when they’re losing, or have already lost. It says, “We’re not important anymore, but we are compatible with the standard.”.



SCO did it with their “Linux Kernel Personality” on their way to bankruptcy court, and Microsoft is doing it while they bleed users.



But when we see “Linux” news sites talking about WSL viruses, we should err, “Blow the WSL.” on them. They’re Windows viruses that just so happen to exploit some dodgy compatibility hack that Microsoft tossed in there.



Microsoft has done things like leave WSL broken and inaccessible for weeks at a time before.



So, even if you manage to become productive somehow with a workflow that relies on WSL, remember Microsoft’s incompetent upgrade bungling. It’s only a matter of time before you’re doing negative work that wouldn’t have been necessary at all on a real computer running real GNU/Linux.



This virus mess and the ensuing disaster of malicious and randomly-guessing “security” software, some of which actually does cost a fortune, are more reasons to get out.



I about fell out of my chair laughing the other day that Microsoft actually put a thing in Edge called “Super Duper Secure Mode” (actual name), and all it does really is turn off the just-in-time compiler from the V8 JavaScript engine so that it can slowly interpret the scripts on the page.



When something is compiled by a JIT runtime, you do get extra potential for security vulnerabilities. The Medium Security mode on the Tor Browser (Firefox based) also turns off the JIT.



The thing is that if your browser really wants to have good “Web apps” performance, it can’t run in this mode, so the whole thing is a ruse put in there so Microsoft can Googlebomb the illusion of security in their products some more.



In fact, every day, more and more of our infrastructure is under attack, more identity theft happens, and more corporate and national secrets are spilled due to the fact that Windows is naked despite all of this rather bloated security theater that removes compatibility with older programs.



The only thing that makes sense for “national security” executive orders would be a plan to transition away from Microsoft entirely. They’ve proven time and time again that they can’t secure Windows, and they misconfigure their own networks and cause data breaches with it, and blame their customers for “using it wrong”.



Whether you choose to use Microsoft products or not, your data is subject to Windows malware because somewhere along the way, you will do business with people who do use Microsoft products.



Until we have some sort of national “cybersecurity” policy that makes sense, I think all we can do is ensure that our computing is as secure as possible on our end.



Microsoft pays for whitepapers and advertisement editorials, but will these fix the problem when you’re a victim of identity theft or ransomware and trying to clean up the mess?



How much will Microsoft pay you to help out with that? The whitepapers maybe? SJVN and the Rich Investigative Experiences of Corinthian Leather?



FDR famously said (or rather, usurped for his pitch for the New Deal) that he wanted a chicken in every pot and a car in every garage, however, when the ransomware went after JBS and the Colonial Pipeline recently, humorously there were regions of America where you couldn’t get gas to travel to the store and there wouldn’t be a chicken for your pot if you could.



Microsoft has thrown up more roadblocks to prosperity. Their crummy software has licensing costs and it costs the economy over and over when we have to stop and deal with the fallout from the latest attack.



These are problems that we didn’t even have before there were computers everywhere. Dealing with antivirus software that barely works and often “malfunctions” is just salt in the wound.



Thanks Microsoft!

Recent Techrights' Posts

Wayland Pushers Lose the Argument, Use LLM Slop and Chatbots to Make Up Arguments for IBM
Another new low and low blow
What is "MATA"?
Think of it as GAFAM or "Meta"
WebProNews is a Slopfarm
Please avoid linking to WebProNews
Another "Told You So!": XBox Mass Layoffs at Microsoft (Many Recent Reports Were Chaff and Spin), Many Other Divisions Affected
With mass layoffs at Microsoft the world would be much better
 
Links 25/06/2025: Elon Musk’s Lawyers Caught Lying, WhatsApp Faces More Bans
Links for the day
Brian Fagioli Created Another Slopfarm Targeting "Linux" After BetaNews Became a Slopfarm of Phantom Accounts and Pseudonyms
Mr. Fagioli even had slop about a dead Torvalds (hypothetical) as clickbait
Wayland is Perfect, Nobody Can Escape Its Perfection! (Or Not)
Do not form on opinion on Wayland based on politics
Moral Duty for "Linux Sites" to Speak Out Against LLM Slop
My wife has long complained about "Linux bloggers" keeping quiet and thus passive about a growing problem: slop
In Recent Hours Google News Promoted at Least 3 Slopfarms That Relayed Linux Foundation Propaganda Made by Bots or LLM "Bullshit Generators" (as Dr. Stallman Dubbed Them)
Google is circling down the drain and Google News too is hopeless
Linux Journal is a Slopfarm, It's Experimenting With LLM 'Authors'
Is Slashdot next?
Microsoft LinkedIn is Dying and Many More Layoffs Are on the Way
LinkedIn is just a failed acquisition of Microsoft. It causes losses and debt.
Gemini Links 25/06/2025: Combinatorial Music and Self Hosting
Links for the day
Richard Stallman Coming Back to Europe This Autumn to Give More Talks
His last talk in Europe attracted about 400-450 people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 24, 2025
IRC logs for Tuesday, June 24, 2025
Social Control Media, Technology & Catholicism: Synod on Synodality review and feedback
Reprinted with permission from Daniel Pocock
How Many More Women Will Managers at Microsoft Strangle and Tell to Kill Themselves (or Try to Kill)?
The world needs to know what happened
The New BetaNews: 7 New 'Articles', All of Them LLM Slop
BetaNews is basically defunct. Nobody writes there anymore.
statCounter Estimates Only 1 in 300 Iranians Would Use Microsoft for Search
Iranians don't quite trust Microsoft
Gemini Links 24/06/2025: ftpd on FreeBSD and Online Small Web Magazine
Links for the day
Google News Does Great Harm by Promoting Slopfarms as Legitimate News Sites
Slopfarms are sites which are 100% LLM slop
Links 24/06/2025: Trouble at "Open" "AI" and ‘Siarhei is Free’
Links for the day
Gemini Links 24/06/2025: Stimulants and Subscription Costs for DRM
Links for the day
When the Microsoft Aggressors Rely on Several Law Firms ('Attack Dogs', 'Guns for Hire'), Not Just One, Lawyering Up Against Techrights (Acting on Behalf of Americans Against UK Publishers)
From serving customers at some restaurant he has moved on to bullying people with demand letters
Links 24/06/2025: OpenAI [sic] May Soon Die (Too Much Debt) and Social Control Media Accused of Being Misinformation/Disinformation/Propaganda Amplifier
Links for the day
Nirbheek Chauhan in Planet GNOME Explains Why Wayland Pushers Are Losing
"A strange game. The only winning move is not to play."
Polygamy, from Catholic Synod on Synodality to Social Control Media & Debian CyberPolygamy
Reprinted with permission from Daniel Pocock
Only a Third of or 1 in 3 Web-Connected Devices is a Desktop or Laptop, According to statCounter
we can expect Android to widen its lead
The Days Are Getting Shorter, the First Half of 2025 is Almost Over
We're gratified to see significant increase in traffic and also positive feedback on the work we do
Turning GNU/Linux Into a Political Football
X (not the site) is Free software
X Server Still Works for Many People
A lot of people will grow suspicious of Wayland boosters/pushers if they persist and insist on using these tactics
Exactly a Week Ago "BetaNews Staff" Said "Betanews Is Growing Alongside You". Since Then Every Article (All by "Camila Nogueira") Has Been LLM Slop.
BetaNews is basically a slopfarm
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 23, 2025
IRC logs for Monday, June 23, 2025
The "Tarzan Effect" in Compilers and Software
What happens when you forcibly make things 'work', either by hacks or by disregarding warnings (like those that compilers tend to issue)?
Gemini Links 23/06/2025: Mass Tourism, Hair Love, and Google Gemini as a Googlebomb
Links for the day
Law Firm Burgess Mee Does Not Fully Deny Participating in Abusive Litigation for Serial Strangler From Microsoft
I am not unfamiliar with these tactics
The Modus Operandi of Wayland Pushers: Make It Political
do what I say or you're a nazi...
Links 23/06/2025: RFE/RL Contributor Vladyslav Yesypenko Released, Recording Industry Cutbacks
Links for the day
Brett Wilson LLP Solicitors (M): Over 99.9% of Our E-mail is Self-Marketing, We Send You 3.5MB E-mails for Less Than 1KB of Text
Why would tech people entrust legal matters to such people?
Peter Moon's (Computerworld) Interview With Richard Stallman
Stallman: If you want freedom don't follow Linus Torvalds
At What Point Does Outsourcing Constitute Malpractice?
Brett Wilson LLP's new staff page is misleading
United Arab Emirates (UAE) Sailing to GNU/Linux, According to statCounter
countries in that region will quickly learn the price of neglecting digital sovereignty
From Do Your Own Research to Do Your Own Search
The Web is full of garbage; search engines amplify this garbage
More People Moving to Geminispace?
at age 6+ Gemini Protocol seems to have gained some maturity and it seems like more people use it
Permutation in LLMs Does, Inevitably, Change Meanings and Therefore LLMs Cannot Properly Rephrase or Summarise Texts
LLMs lack actual grasp or comprehension of what they spew out
Links 23/06/2025: Many Security Breaches, Population Declines
Links for the day
Gemini Links 23/06/2025: "America at the Crossroads" and OpenWRT Surgery
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 22, 2025
IRC logs for Sunday, June 22, 2025
Pure Dove
Different means different, and sometimes those who "deviate" from "the norm" have a point
Censorship is a Sign of Weakness Which Invites More Censorship Attempts
revolutionaries don't succumb to pressure from bullies
Why It's Unlikely That LLM Slop Will Dominate the Web in the Long Run
Slopfarms will eventually perish (they have no actual value) and "survivors" on the Web will be sites that never depended on search engines and social control media
GNU/Linux in Argentina Now Measured Near 5%
Like in central Europe, they must be seeing an increasingly hostile US
BetaNews is Fake News, Composed by LLM Slop
nothing in BetaNews is written by humans anymore