← Back to context

Comment by freeone3000

4 years ago

It IS, though. SmartScreen on Windows doesn't check binaries created on the same machine, but you'll get flagged if you move the untrusted binary to another machine you own.

Note that SmartScreen has an UI that lets you bypass it without having to disable it system wide, and has a sane timeout (I believe 30 seconds) after which it just pops up a dialogue box telling you that it can't check the binary, allowing you to continue.

  • >has a sane timeout (I believe 30 seconds)

    What the hell? You have to wait 30 seconds before you can run unsigned code on Windows without calling home to Microsoft about it? How is that considered sane? (I mean, forking on windows is slow but it's not that slow.)

    How do people (and corporations! Especially ones sensitive to sharing IP!) put up with this stuff?!

    • Smart screen and other measures on windows are so useless that they just encourage consumers to engage in bad security practices.

      I downloaded steam from the steam page, windows blocked it. I downloaded Chrome, windows blocked it. What's even the fucking point?

      1 reply →

    • Only if the server doesn't respond in time, that is - if you'd wanna prevent it from happening, you could just turn it off in the first place via GPO: https://docs.microsoft.com/en-us/windows/security/threat-pro...

      I'd assume that's what most corporations do, since that's what it's there for.

      I wouldn't 100% forsake the benefits of this stuff, since it does protect normal users - defender on modern Windows installs is good software and really does its job well, while staying out of your way most of the time. I'd leave it on for my parents.

    • iirc no, there is a "More Info" button in the smart screen pop up that you can click instantly, and from there a button to run the app is available instantly.

    • well it is more insane because if you have an elevated exe that can span other exe which would trigger smartscreen the elevated exe can actually put a smartscreen filter in it. I mean what is the point in smartscreening an exe that gets spawned from an elevated exe?!

      5 replies →

Unless this is a 2004 feature, it does block binaries compiled on the same machine. Not very fun if you are compiling stuff repeatedly with a couple of second wait-times when running the binary.

I'm not sure what they call it, but Windows does get in the way for things you compile on your own machine. I compiled the JuicyPotato exploit and tried to copy it to another local folder and got error 0x800700E1 and the EXE went missing.

  • That's Defender behavior -- you'll want to disable antivirus before building viruses :)

    Defender is a traditional hueristic-based AV with on-disk and live load scanning and an offline database. SmartScreen is a reputation-based (certs + "how many people ran this") checker, and is much more visible. Win10 runs both.

    • Ah right, that makes sense. Yes I did disable it before moving it to Kali :)

Unsure if this is new, but as recently as September 2020, Windows definitely SmartScreen'ed an executable created on the same machine.