I don't work in cybersecurity and, after looking at the site's homepage, couldn't exactly figure out from all the buzzwords what exactly is this product. The most concerning takeaway from this article for me is that the maintainers of Huntress (whatever it is) can keep a log of, as well as personally access, the users' browser history, history of launched executables, device's hostname, and presumably a lot of other information. How is this product not a total security nightmare?
Thanks for the feedback on not understanding what we sell from the homepage. We sell an Endpoint Detection and Response (EDR) product that we manage with our 24/7 SOC. To perform the investigations on potentially malicious activity, we can fetch files from the endpoint and review them. We log all of this activity and make it available to our customers. We are an extension of their security team, which means they trust us with this access. We’ve been doing this for more than 10 years and have built up a pretty good reputation, but I can see how that would freak some folks out. We also sell to businesses, so this is something that would be installed on a work computer.
How was an individual user (in this article's case, a phishing sites developer) able to install your software and seemingly not notice the level of access they gave you to their computer?
Windows doesn’t have application permissions like Mac, iOS, and Android. An app doesn’t specify what it need to be able to do, it inherits the permissions of the user that launched it. Not a great permissions model, but it’s legacy all the way back to the earliest versions of Windows.
This is a surprising response - I was expecting something like "they clicked past an alert notifying that they were giving us this level of access". Just because Windows only has a generic password prompt whenever an app wants to do something dangerous, doesn't mean you can't inform the user via your app's own UI. Others like AnyDesk do exactly that.