Most active commenters
  • freeone3000(5)
  • merb(3)

←back to thread

macOS unable to open any non-Apple application

(twitter.com)
2603 points mattsolle | 19 comments | 12 Nov 20 21:00 UTC | HN request time: 1.9s | source | bottom
Show context
elitepleb ◴[12 Nov 20 22:01 UTC] No.25075702[source]
Don't you love it the ability to compile and run software on your hardware is controlled by a third party over the internet?

I sure love the SAAS future we are heading forwards.

replies(1): >>25075830 #
MeinBlutIstBlau ◴[12 Nov 20 22:10 UTC] No.25075830[source]
I will be a full on linux junkie when that happens.
replies(5): >>25075847 #>>25075850 #>>25075931 #>>25079771 #>>25082812 #
1. freeone3000 ◴[12 Nov 20 22:12 UTC] No.25075850[source]
It IS, though. SmartScreen on Windows doesn't check binaries created on the same machine, but you'll get flagged if you move the untrusted binary to another machine you own.
replies(4): >>25075928 #>>25076229 #>>25076287 #>>25077842 #
2. meibo ◴[12 Nov 20 22:17 UTC] No.25075928[source]
Note that SmartScreen has an UI that lets you bypass it without having to disable it system wide, and has a sane timeout (I believe 30 seconds) after which it just pops up a dialogue box telling you that it can't check the binary, allowing you to continue.
replies(1): >>25076040 #
3. swiley ◴[12 Nov 20 22:26 UTC] No.25076040[source]
>has a sane timeout (I believe 30 seconds)

What the hell? You have to wait 30 seconds before you can run unsigned code on Windows without calling home to Microsoft about it? How is that considered sane? (I mean, forking on windows is slow but it's not that slow.)

How do people (and corporations! Especially ones sensitive to sharing IP!) put up with this stuff?!

replies(4): >>25076116 #>>25076168 #>>25076195 #>>25076224 #
4. merb ◴[12 Nov 20 22:33 UTC] No.25076116{3}[source]
well it is more insane because if you have an elevated exe that can span other exe which would trigger smartscreen the elevated exe can actually put a smartscreen filter in it. I mean what is the point in smartscreening an exe that gets spawned from an elevated exe?!
replies(1): >>25076225 #
5. Hammershaft ◴[12 Nov 20 22:38 UTC] No.25076168{3}[source]
iirc no, there is a "More Info" button in the smart screen pop up that you can click instantly, and from there a button to run the app is available instantly.
6. meibo ◴[12 Nov 20 22:40 UTC] No.25076195{3}[source]
Only if the server doesn't respond in time, that is - if you'd wanna prevent it from happening, you could just turn it off in the first place via GPO: https://docs.microsoft.com/en-us/windows/security/threat-pro...

I'd assume that's what most corporations do, since that's what it's there for.

I wouldn't 100% forsake the benefits of this stuff, since it does protect normal users - defender on modern Windows installs is good software and really does its job well, while staying out of your way most of the time. I'd leave it on for my parents.

7. damnencryption ◴[12 Nov 20 22:42 UTC] No.25076224{3}[source]
Smart screen and other measures on windows are so useless that they just encourage consumers to engage in bad security practices.

I downloaded steam from the steam page, windows blocked it. I downloaded Chrome, windows blocked it. What's even the fucking point?

replies(1): >>25081468 #
8. freeone3000 ◴[12 Nov 20 22:42 UTC] No.25076225{4}[source]
To prevent virus spread by confused deputies: even if you somehow get CreateProcess permission by, ex, getting a service registered, the actual malicious executable will still be blocked.
replies(1): >>25076553 #
9. hnick ◴[12 Nov 20 22:42 UTC] No.25076229[source]
I'm not sure what they call it, but Windows does get in the way for things you compile on your own machine. I compiled the JuicyPotato exploit and tried to copy it to another local folder and got error 0x800700E1 and the EXE went missing.
replies(2): >>25076261 #>>25076498 #
10. freeone3000 ◴[12 Nov 20 22:45 UTC] No.25076261[source]
That's Defender behavior -- you'll want to disable antivirus before building viruses :)

Defender is a traditional hueristic-based AV with on-disk and live load scanning and an offline database. SmartScreen is a reputation-based (certs + "how many people ran this") checker, and is much more visible. Win10 runs both.

replies(1): >>25076298 #
11. kuratkull ◴[12 Nov 20 22:47 UTC] No.25076287[source]
Unless this is a 2004 feature, it does block binaries compiled on the same machine. Not very fun if you are compiling stuff repeatedly with a couple of second wait-times when running the binary.
12. hnick ◴[12 Nov 20 22:48 UTC] No.25076298{3}[source]
Ah right, that makes sense. Yes I did disable it before moving it to Kali :)
13. ◴[12 Nov 20 23:07 UTC] No.25076498[source]
14. merb ◴[12 Nov 20 23:10 UTC] No.25076553{5}[source]
well as said its an elevated process that can completly disable smartscreen, so an attacker would only need to run an exe that downloads another malicious exe after it disabled smartscreen that would not be blocked.
replies(1): >>25077004 #
15. freeone3000 ◴[12 Nov 20 23:56 UTC] No.25077004{6}[source]
Imagine a program, WinSudo.exe. This program runs elevated, by magic. It passes its arguments to CreateProcess(). You call WinSudo.exe Virus.exe. Virus.exe execution is blocked by SmartScreen.

(This scenario is itself a security flaw that existed for some combinations of Windows system utilities, so this is a real concern.)

Now, you could change WinSudo.exe to disable SmartScreen, sure -- but this requires you to be able to modify WinSudo.exe (which should require Administrator), and the mismatched binary would ALSO flag SmartScreen.

replies(1): >>25082431 #
16. nichch ◴[13 Nov 20 01:41 UTC] No.25077842[source]
Unsure if this is new, but as recently as September 2020, Windows definitely SmartScreen'ed an executable created on the same machine.
17. tored ◴[13 Nov 20 12:27 UTC] No.25081468{4}[source]
> What's even the fucking point?

To make you use Microsoft Store.

18. merb ◴[13 Nov 20 14:24 UTC] No.25082431{7}[source]
well WinSudo.exe DisableSmartScreenAndCallVirus.exe Virus.exe might work if the first two are not smart screen detected yet. a simple program might not be detected by smartscreen yet.
replies(1): >>25119931 #
19. freeone3000 ◴[17 Nov 20 03:15 UTC] No.25119931{8}[source]
Which is why the default action for unknown programs is to prompt.