Re: [Lynx-dev] Windows Defender ATP
>>> I just discovered the new features of Microsoft's "Windows Defender >>> Advanced Threat Protection". >> So let me get this straight... You're asking a bunch of opensource >> geeks to explain a "Feature" of a black box environment that has >> been purposefully created to "secure" said black box using an >> unknown and apparently flawed method. > I made a note that it was a "new feature". I guess "opensource > geeks" like you do not make flaws :-) Oh, nonsense; we create as many bugs as anyone else. (The difference, insofar as there is one, in this respect lies in how they get noticed and fixed.) I don't see what its being a new feature has to do with it. Your mail seemed - at least to me, and apparently to David as well - as asking us to diagnose and/or fix peculiar behaviour from this "Advanced Threat Protection", even though it's closed source, is a Windows thing, and is - apparently - designed to break some things, and your issue seems to be that it _isn't_ breaking lynx. If this looked like a bug in lynx, well, then it would be reasonable to ask the list. But the only question I see you asking was < What could cause the difference in behaviour? and those without visibility into what this Defender product does can, at best, speculate in a vacuum. The right place to look for this kind of support, it seems to me, is a support venue for Windows Defender Advanced Threat Protection. (That may involve up-front costs, yes. That is one of the prices of running under Windows.) With full packet traces from the lynx, Chrome, curl, and wget fetch attempts, I might be able to take a few guesses. I might be hireable for that, but you would doubtless find it cheaper (and probably get better results) to hire someone who has existing Windows expertise - that is work I have no interest in doing unless well paid. >> Alternately, lynx might be used by the NSA for "special" purposes so >> lynx has an exception to the rules and thus WE 0WN the >> Virtual-verse!!! > Seriously, I do *not* have "Lynx" in my User-Agent string. So what? > But lynx maybe have other "finger-prints" that NSA would detect? Are you running the lynx, Chrome, curl, and wget instances you're talking about on the same Windows machine that has Defender installed? Then there are _lots_ of other ways it could be recognizing lynx as lynx. (Even if not, there are probably plenty of various possible fingerprints, though I'm not competent to do more than speculate on them.) Not that I think a lynx-specific exception is all that plausible, mind you. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTMLmo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] Windows Defender ATP
David Niklas wrote: I just discovered the new features of Microsoft's "Windows Defender Advanced Threat Protection". So let me get this straight... You're asking a bunch of opensource geeks to explain a "Feature" of a black box environment that has been purposefully created to "secure" said black box using an unknown and apparently flawed method. I made a note that it was a "new feature". I guess "opensource geeks" like you do not make flaws :-) Give Microsoft some slack please. This 'Network Protection' feature looks really promising. Alternately, lynx might be used by the NSA for "special" purposes so lynx has an exception to the rules and thus WE 0WN the Virtual-verse!!! Seriously, I do *not* have "Lynx" in my User-Agent string. I even get a warning for that: Warning: User-Agent string does not contain "Lynx" or "L_y_n_x"! But lynx maybe have other "finger-prints" that NSA would detect? -- --gv ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] Windows Defender ATP
It sounded like windows allowed lynx to bypass because of the openssl it was using at compile time. I have a version from 2014 with 0.9.8 that can negotiate tls 1.0. If that utility cannot recognize old tls it might behave this way. Hard to imagine curl or wget using a different library though. > On Jan 29, 2019, at 21:44, David Niklas wrote: > > On Tue, 29 Jan 2019 16:29:23 +0100 > Gisle Vanem wrote: >> I just discovered the new features of Microsoft's >> "Windows Defender Advanced Threat Protection". >> >> Overview of all these features: >>https://demo.wd.microsoft.com/?ocid=cx-wddocs-testground >> >> After enabling the interesting feature, 'Network Protection' >> by: >> c:\> powershell Set-MpPreference -EnableNetworkProtection Enabled >> ref: https://demo.wd.microsoft.com/Page/NP >> >> Then trying to fetch the test-page using Chrome, curl an wget, I >> get a trace like this: >> c:\> wget https://smartscreentestratings2.net/ >> >> --2019-01-29 14:54:23-- https://smartscreentestratings2.net/ >> Resolving smartscreentestratings2.net >> (smartscreentestratings2.net)... 23.99.0.12 Connecting to >> smartscreentestratings2.net >> (smartscreentestratings2.net)|23.99.0.12|:443... connected. Unable to >> establish SSL connection. >> >> (and a WinDefender block warning window pops up). >> >> But using 'lynx -dump https://smartscreentestratings2.net/', I'm >> getting a seemingly valid connection and page is rendered as: >>SmartScreen Test >> >> This is a test page for SmartScreen. >> >> As if the 'Network Protection' was disabled. But I do get the >> same WinDefender block warning window in addition to the page >> >> What could cause the difference in behaviour? >> My Lynx used OpenSSL, so does my Wget and curl >> (with CURL_SSL_BACKEND=openssl) >> >> Scratching head now!? > > So let me get this straight... You're asking a bunch of opensource geeks > to explain a "Feature" of a black box environment that has been > purposefully created to "secure" said black box using an unknown and > apparently flawed method. > Would @CEO "fix" Windowz at our behest? (I'm pausing for the laughter at > the suggestion...) > > More seriously, this sounds like a Windowz bug. Without a gdb trace I > can't tell you where lynx succeeds but curl and wget fail. I'd guess that > there is a library in there someplace that lynx does not use but the > others do. > > Alternately, lynx might be used by the NSA for "special" purposes so lynx > has an exception to the rules and thus WE 0WN the Virtual-verse!!! > > Trying NOT to be less than useless, > David > > ___ > Lynx-dev mailing list > Lynx-dev@nongnu.org > https://lists.nongnu.org/mailman/listinfo/lynx-dev ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
[Lynx-dev] Windows Defender ATP
On Tue, 29 Jan 2019 16:29:23 +0100 Gisle Vanem wrote: > I just discovered the new features of Microsoft's > "Windows Defender Advanced Threat Protection". > > Overview of all these features: > https://demo.wd.microsoft.com/?ocid=cx-wddocs-testground > > After enabling the interesting feature, 'Network Protection' > by: >c:\> powershell Set-MpPreference -EnableNetworkProtection Enabled >ref: https://demo.wd.microsoft.com/Page/NP > > Then trying to fetch the test-page using Chrome, curl an wget, I > get a trace like this: > c:\> wget https://smartscreentestratings2.net/ > >--2019-01-29 14:54:23-- https://smartscreentestratings2.net/ >Resolving smartscreentestratings2.net > (smartscreentestratings2.net)... 23.99.0.12 Connecting to > smartscreentestratings2.net > (smartscreentestratings2.net)|23.99.0.12|:443... connected. Unable to > establish SSL connection. > >(and a WinDefender block warning window pops up). > > But using 'lynx -dump https://smartscreentestratings2.net/', I'm > getting a seemingly valid connection and page is rendered as: > SmartScreen Test > >This is a test page for SmartScreen. > > As if the 'Network Protection' was disabled. But I do get the > same WinDefender block warning window in addition to the page > > What could cause the difference in behaviour? > My Lynx used OpenSSL, so does my Wget and curl > (with CURL_SSL_BACKEND=openssl) > > Scratching head now!? So let me get this straight... You're asking a bunch of opensource geeks to explain a "Feature" of a black box environment that has been purposefully created to "secure" said black box using an unknown and apparently flawed method. Would @CEO "fix" Windowz at our behest? (I'm pausing for the laughter at the suggestion...) More seriously, this sounds like a Windowz bug. Without a gdb trace I can't tell you where lynx succeeds but curl and wget fail. I'd guess that there is a library in there someplace that lynx does not use but the others do. Alternately, lynx might be used by the NSA for "special" purposes so lynx has an exception to the rules and thus WE 0WN the Virtual-verse!!! Trying NOT to be less than useless, David ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
[Lynx-dev] Windows Defender ATP
I just discovered the new features of Microsoft's "Windows Defender Advanced Threat Protection". Overview of all these features: https://demo.wd.microsoft.com/?ocid=cx-wddocs-testground After enabling the interesting feature, 'Network Protection' by: c:\> powershell Set-MpPreference -EnableNetworkProtection Enabled ref: https://demo.wd.microsoft.com/Page/NP Then trying to fetch the test-page using Chrome, curl an wget, I get a trace like this: c:\> wget https://smartscreentestratings2.net/ --2019-01-29 14:54:23-- https://smartscreentestratings2.net/ Resolving smartscreentestratings2.net (smartscreentestratings2.net)... 23.99.0.12 Connecting to smartscreentestratings2.net (smartscreentestratings2.net)|23.99.0.12|:443... connected. Unable to establish SSL connection. (and a WinDefender block warning window pops up). But using 'lynx -dump https://smartscreentestratings2.net/', I'm getting a seemingly valid connection and page is rendered as: SmartScreen Test This is a test page for SmartScreen. As if the 'Network Protection' was disabled. But I do get the same WinDefender block warning window in addition to the page What could cause the difference in behaviour? My Lynx used OpenSSL, so does my Wget and curl (with CURL_SSL_BACKEND=openssl) Scratching head now!? -- --gv ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
