this post was submitted on 22 Mar 2024
637 points (96.0% liked)

linuxmemes

20437 readers
1581 users here now

I use Arch btw

Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
poopsmith@lemmy.world
zephyr@lemmy.world
637
And that is why snapshots exist (sh.itjust.works)
submitted 5 months ago* (last edited 5 months ago) by 0x4E4F@sh.itjust.works to c/linuxmemes@lemmy.world
91 comments fedilink hide all child comments
 

Though the Windows thing was really funny ๐Ÿ˜‚.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Heavybell@lemmy.world 7 points 5 months ago (1 children)

Is that actually true? Does Windows check every file with Defender before deleting it?

[โ€“] 0x4E4F@sh.itjust.works 17 points 5 months ago* (last edited 5 months ago) (3 children)

Not just every file deleted, every file written to disk as well (downloaded, extracted from an archive, whatever).

It's also how most AV software works, except Defender is slow AF.

[โ€“] vox@sopuli.xyz 8 points 5 months ago (1 children)

also, defender is synchronous by default (e.g. nothing gets written until it gets scanned, and scanning parallelization is limited), and can only act asynchronously (aka write first, then queue check) on "trusted dev drives" (aka ReFS-based virtual vhdx partitions aimed at developers as a solution to horrible ntfs throughput, especially if defender is enabled)

[โ€“] 0x4E4F@sh.itjust.works 1 points 5 months ago* (last edited 5 months ago)

Not true, it does get written before it gets scanned. In fact, it doesn't even always scan before the file is read by explorer (yes, it's the worst AV ever). It's easy to prove this, just extract FFF's WinRAR keygen and you'll see what I mean.

[โ€“] HStone32@lemmy.world 7 points 5 months ago (1 children)

Huh. All that security, and yet there are still so many viruses capable of infecting windows.

[โ€“] deur@feddit.nl 7 points 5 months ago (1 children)

Huh.... all that immune system yet there are still so many viruses capable of infecting humans.

[โ€“] 0x4E4F@sh.itjust.works 1 points 5 months ago

Humans are easy targets ๐Ÿ˜... we've lived semi-isolated from nature at least the last few hundred years.

[โ€“] uis@lemm.ee 1 points 5 months ago (1 children)

I thought it checks every file closed

[โ€“] 0x4E4F@sh.itjust.works 1 points 5 months ago (1 children)

No, it scans file headers when you do read/write operations on disk. Every AV works this way, except, as I said, Defender is slow AF.

[โ€“] uis@lemm.ee 1 points 5 months ago (1 children)

I can't find talk I watched, but I found github issue it was based on.

Short version: Defender is triggered not on open, not on read or write, but on CloseHandle.

[โ€“] 0x4E4F@sh.itjust.works 1 points 5 months ago* (last edited 5 months ago) (1 children)

CloseHandle of what? Read/write operations?

[โ€“] uis@lemm.ee 2 points 5 months ago (1 children)

Found! Even metadata chamge.

[โ€“] PipedLinkBot@feddit.rocks 1 points 5 months ago

Here is an alternative Piped link(s):

Found

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.