zlacker

[parent] [thread] 6 comments
1. kijin+(OP)[view] [source] 2026-02-04 06:32:34
Malware can't modify files in System32, but it can drop extra files in there no problem. The only way to find and clean them up is a clean install.

In Linux, one could write a script that reinstalls all packages, cleans up anything that doesn't belong to an installed package, and asks you about files it's not sure about. It's easy to modify a Linux system, but just as easy to restore it to a known state.

replies(1): >>tonyme+t
2. tonyme+t[view] [source] 2026-02-04 06:37:31
>>kijin+(OP)
False . Even escalated sustem32 is blocked by protected folders. The write silently fails and logs to MS Defender
replies(1): >>kijin+ui
◧◩
3. kijin+ui[view] [source] [discussion] 2026-02-04 09:06:15
>>tonyme+t
Well, try again. I just managed to copy a random .exe to C:\Windows\System32 using an administrator account. I got a typical UAC dialog that most people would blindly click "Continue" on, and the copy succeeded. :)
replies(2): >>tonyme+bq1 >>tonyme+ZY1
◧◩◪
4. tonyme+bq1[view] [source] [discussion] 2026-02-04 16:19:06
>>kijin+ui
That’s via explorer not an installer
◧◩◪
5. tonyme+ZY1[view] [source] [discussion] 2026-02-04 18:44:21
>>kijin+ui
And you likely have protected folders and certainly s mode disabled
replies(1): >>kijin+6u3
◧◩◪◨
6. kijin+6u3[view] [source] [discussion] 2026-02-05 04:22:05
>>tonyme+ZY1
It's a testing box, sure, but a lot of people have the same setting, usually because of some legacy app that requires it.

It does contradict your insistence that Windows would never allow such things. An exploit doesn't need to do its thing silently in order to be effective. If a security apparatus can be bypassed by tricking a user to flip a switch, it WILL be bypassed. Heck, just trying to install or update Notepad++ throws up a UAC dialog. Who would suspect anything?

replies(1): >>tonyme+U95
◧◩◪◨⬒
7. tonyme+U95[view] [source] [discussion] 2026-02-05 17:27:40
>>kijin+6u3
I'm not going to say that any OS is perfect. and it's great that you actually test Windows. most critiques I see are 1990s assessments of ACLs and memory protection.

Generally protected folders (CFA) will protect system32 , but trusted apps can make it through. e.g. explorer.exe and powershell.exe if it's run in the terminal. Untrusted apps are expected to be blocked.

My general point is that modern windows landscape has an incredible number of protections that linux systems don't. and linux has become a bigger target over the past 10+ years as well.

It's not so much to say that Windows is better, but to encourage Linux users to be more careful with their systems, and Windows users to enable those features if they turned them off in the past.

[go to top]