Microsoft Defender ATP preview arrives for Linux distros -- iOS and Android versions to follow:
Microsoft has released a public preview of its Microsoft Defender Advanced Threat Protection (ATP) for various Linux distributions.
The company says that the tool will also be coming to iOS and Android later this year, and more details of these mobile editions are due to be revealed at next week's RSA Conference. The spread to additional platform comes after Microsoft rebranded Windows Defender as Microsoft Defender last year.
[...]On the Linux server front, RHEL 7+, CentOS Linux 7+, Ubuntu 16 LTS, or higher LTS, SLES 12+, Debian 9+ and Oracle EL 7 are supported by the preview, reported Bleeping Computer.
In a blog post about the release, Microsoft writes: "We're announcing another step in our journey to offer security from Microsoft with the public preview of Microsoft Defender ATP for Linux. Extending endpoint threat protection to Linux has been a long-time ask from our customers and we're excited to be able to deliver on that".
(Score: 2, Insightful) by Runaway1956 on Saturday February 22 2020, @09:06AM (13 children)
Now Linux users can have useless daemons running in the background, to slow the system to a crawl!!
I should probably be fair though. Windows Defender uses a lot less resources than the various third party antivirus programs. At least when I played with it, it seemed very lightweight, in comparison to any of the competition.
Still, this is Linux. Aside from malignant processes such as systemd, we don't really need full-time realtime protection.
(Score: 5, Interesting) by janrinok on Saturday February 22 2020, @09:13AM (4 children)
It rather depends on what you use your computer for. If you run a server of some kind, it is always useful to check that you are not pushing out viruses that, although they cannot affect your own computer, might have serious consequences for the recipient.
I'm still not tempted to go to MS for my antivirus needs though. I will never trust them with my data.
(Score: 0) by Anonymous Coward on Saturday February 22 2020, @02:32PM (2 children)
There are plenty of IDS systems for nix, don't need MS anywhere near my box.
(Score: 3, Insightful) by edIII on Saturday February 22 2020, @09:53PM (1 child)
Here's a short list [comparitech.com] of IDS for Linux, updated for today's environments.
Antivirus for Linux exists too [tecmint.com]. Microsoft is just adding to the alternatives, which does improve things somewhat, even if you don't choose it.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Sunday February 23 2020, @04:16PM
An offer of security from Microsoft? No thanks.
(Score: 4, Funny) by Bot on Saturday February 22 2020, @03:15PM
>It rather depends on what you use your computer for.
I use it to avoid running Windows. Basically I boot it, and when a desktop without M$ logo comes up, I exhale and leave it as is.
Account abandoned.
(Score: 3, Interesting) by c0lo on Saturday February 22 2020, @10:01AM (1 child)
Fortunately, there's a solution for that: poetterization!
Won't ever slow the system to a crawl, promise.
You see, an unusable system can't be slow, just unusable.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday March 12 2020, @04:22AM
if you can't logon then the system will run faster
if programs won't run it'll be even faster still
just imagine what happens when the network is disconnected
SPEED!!!!
(Score: 2) by knarf on Saturday February 22 2020, @10:27AM
> Aside from malignant processes such as systemd, we don't really need full-time realtime protection.
Wait a few years and you'll be ranting about systemd-atp eating your resources. Resistance is, after all, futile.
(Score: 5, Insightful) by Anonymous Coward on Saturday February 22 2020, @10:33AM (1 child)
Copyright infringing music/movie files, or illegal pornography.
Remember what the Windows 8/8.1/10 EULA reads like. Now imagine if they can find a way to get root level access to your Linux boxes and rummage through all your data 'legitimately' thanks to their anti-virus software. That is the true reason they are doing this, probably with funding from some TLAs.
(Score: 0) by Anonymous Coward on Sunday February 23 2020, @12:04AM
This is the ethical equivalent of injecting a healthy young child with cancer and ebola. MS be gone! Cast this evil out!
(Score: 0) by Anonymous Coward on Saturday February 22 2020, @12:44PM (2 children)
>> Now Linux users can have useless daemons running in the background, to slow the system to a crawl!!
Haven't you heard of systemd yet?
(Score: 2) by Bot on Saturday February 22 2020, @01:47PM
Maybe he classifies it as harmful rather than useless. It depends on the perspective. It is useless from a technical POV, it is harmful from a business perspective.
Account abandoned.
(Score: 0) by Anonymous Coward on Thursday March 12 2020, @04:25AM
the way people talk about systemd I keep thinking it is a virus specifically designed for linux
(Score: 5, Interesting) by dltaylor on Saturday February 22 2020, @10:05AM (1 child)
While it is true that any computer serving files/messages/... to other computers should be configured to halt the propagation of malware, Microsoft has repeatedly used various "cover programs" to exfiltrate data from the computers on which they run. Unless there is complete transparency for all data that this program sends back to Microsoft, it must be presumed to be a Trojan.
For example, Defender can legitimately claim to want to send logs of hit counts (which the administrators on-site should be reading), forwarding that data to Microsoft may provide information about the internal usage of various applications. In many environments (CIA, ...), even this information is not something that should be sent out without serious review.
While I do not expect Microsoft to provide source for Defender ATP, I would absolutely want an open source interpreter for EVERY PACKET sent out from it.
(Score: 0) by Anonymous Coward on Monday February 24 2020, @07:20PM
Should they? Can't my linux server by a common-carrier allowing whatever is sent to pass through without modification?
(Score: 0) by Anonymous Coward on Saturday February 22 2020, @10:09AM
First Trump, then Corona virus, and now this. We. Are. All. Going. To. Die.
And it will not be quick or merciful. Pray for the Rapture! Lord Linux, call me to meet you in the sky, and run infinite loops in 4.6 seconds!
(Score: 3, Touché) by fido_dogstoyevsky on Saturday February 22 2020, @11:11AM
Has to be said [invidio.us]
It's NOT a conspiracy... it's a plot.
(Score: 2) by Farkus888 on Saturday February 22 2020, @12:12PM (2 children)
Obvious concerns aside... As an admin of a mixed environment this has potential. At work we don't all get to pick every OS or make every design choice. The ability to DMZ and check files on a Linux machine before they get to a place they could be harmful would be nice.
(Score: 1, Insightful) by Anonymous Coward on Saturday February 22 2020, @04:05PM (1 child)
I use ClamAV for that. I’d say it works well, but I don’t know. Because I’ve not had a virus hit my systems in about 15 years. So maybe it works really well.
(Score: 0) by Anonymous Coward on Saturday February 22 2020, @10:08PM
You've not had a virus hit your systems that you know of. It isn't uncommon for groups to get a foothold in the system and be there for months before people notice it.
For what it is worth, if you aren't using one of the various signature services for ClamAV, the detection out of the box is somewhat lacking.
(Score: 0) by Anonymous Coward on Saturday February 22 2020, @12:50PM (2 children)
It didn't slow the system down at all, except for the occasional time Clippy popped up to ask if I wanted to upgrade to Windows 10 ([]yes/[]later/[]OK).
(Score: 2) by Gaaark on Saturday February 22 2020, @02:25PM
Let me guess: you clicked Later and it went ahead and did it anyway?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by Bot on Saturday February 22 2020, @03:07PM
>upgrade
For some values of "up"...
Account abandoned.
(Score: 4, Insightful) by Anonymous Coward on Saturday February 22 2020, @01:21PM (1 child)
No, we’ve been asking you to make Windows security not the shitshow it has been for the last 30 years. Work on that, please.
(Score: 0) by Anonymous Coward on Saturday February 22 2020, @03:29PM
Who are you going to trust? Viruses or Microsoft upgrades?
(Score: 2) by Bot on Saturday February 22 2020, @01:44PM (1 child)
Now that they developed the defender they will code the threats....
Account abandoned.
(Score: 3, Funny) by Anonymous Coward on Sunday February 23 2020, @02:32AM
Should have called it Microsoft Defendant.
(Score: 5, Insightful) by Gaaark on Saturday February 22 2020, @02:15PM
They can't even get their updates right without borking Windows: YEAH... I'll use a Microsoft product on MY Linux system.
From my COLD, DEAD HANDS.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 5, Insightful) by Azuma Hazuki on Saturday February 22 2020, @05:27PM (18 children)
ClamAV is a thing. Snort and other IDS exist and have done for years/decades. There is not only no reason for this to exist on a *nix system, but I'm throwing my hat in with the seemingly-paranoid posters upthread and guessing that this is some sort of exfiltration scheme.
This shit will never, ever, ever touch any machine I run.
I am "that girl" your mother warned you about...
(Score: 1, Interesting) by Anonymous Coward on Saturday February 22 2020, @08:06PM (14 children)
In case you don't see the downmodded comments, TMB has placed a permanent IP ban instead of the 2 week decaying ban that he himself said a spam mod would have.
(Score: 2) by Azuma Hazuki on Sunday February 23 2020, @08:39AM (7 children)
Uh, on who and for what exactly? I'm missing some context clues here...
I am "that girl" your mother warned you about...
(Score: 1, Insightful) by Anonymous Coward on Sunday February 23 2020, @06:38PM (6 children)
The AC from a month ago who got spam modded for copy/pasting a list of Trump's bullshit. I was also calling out Buzztardo for his hypocrisy, and was quickly banned via the spam mod. At least that is what the authoritarian shithead said, however the fact that my IP is still banned and janrinok's explanation below, shows that douche boy decided he needed to measure out his own version of justice.
The point is SN is run by fascists who like to make excuses so they can pretend they're all about MUH FREEDUMS! I am tired of the hypocrisy so I'm making more of a stink about it. Obviously I can use VPNs to get around the ban, though that hasn't stopped him from trying. I've gotten all manner of weird errors if I use the same route long enough, which means he is doing some vigilante type shit on his own.
Basically TMB got triggered to shit and used a spam mod as cover for his version of fascist vengeance. I have not once spammed again, I was not even that poor AC who accidentally submitted the same innocuous message twice and must've gotten an IP ban for nothing. Maybe if buzztardo would fix the site's problems with bad form keys and other shit then some poor bastard wouldn't resubmit a comment thinking the first failed.
Aristarchus' journal entry had some good copies, you can see the alt-right trying to enforce their ideological purity. The irony is too great, and it would be amusing if they didn't have a stranglehold on the site.
Also, I don't think anyone should have access to IP hash info by simply logging into the site. That should be secured to a special account, and access to that account monitored. It is not right for an abusive admin like Buzzy, or for editors, to be able to track an AC around the site. I am not bothered except by the ideological hypocrisy of it, my posts are pretty easily discerned.
Blech, just really disappointed that the slashcott traded one dictatorship for another, and that this place has become a haven for the alt-right. Only the constant vigilance of aristarchus, yourself, and a few others maintains any semblance of balance. Like the US itself only the belief that they run a platform without censorship keeps the place from descending into full-blown rightwing craziness.
I will credit the editorial team for keeping out the alt-right clickbait over the last few months, of course that was only after a big stink was raised about some of the most egregious racist clickbait while denying some very valid aristrachus subs.
(Score: 2) by janrinok on Monday February 24 2020, @09:12AM (5 children)
Or you could, you know, leave the site if it is not something you enjoy using. Nobody is making you stay, although many of us - myself included - hope that you do stay.
Also, you might find this link [soylentnews.org] interesting.
(Score: 1, Disagree) by Anonymous Coward on Monday February 24 2020, @05:41PM (3 children)
"And just to clear matters up, only a very limited number of administrators can actually 'see' the IP address - all that is available to most of us is a hash of the IP from which we can deduce nothing at all of its origin.
To summarize then - many ACs compromise themselves long before their actions draw attention to themselves. Perhaps you should ponder on this for a while."
Your link says nothing new and the suggestion in that previous comment that I should ponder the info was misguided. I already knew that information.
If you don't think admin abuse for personal vendettas is a problem, or that the site billing itself as a community effort when it is clearly not, well I don't know what to tell you. This site bills itself as a haven of freedom and community, but the reality is so far from that. This place is an authoritarian public square where people are tracked and the hall monitors can punish at will. Would just be nice if you'd have the courage to admit this instead of the ideological freedom nonsense.
Maybe it is a good object lesson for the anarcho-libertarians around here, they get to see the hypocrisy of their belief system up close. Not that I imagine buzzy boy has the capacity for self-reflection, but ya never know!
(Score: 2) by janrinok on Monday February 24 2020, @06:01PM
The point I was making is that some people get blocked because the VPN they are using is also being used by others who ARE abusing the site.
(Score: 2) by janrinok on Monday February 24 2020, @06:10PM
Step up and volunteer to help support this site and you will realise that, for most of the time, there is only 1 person currently active who has the system privileges to implement a block. He has to be one to do it no matter which members of the staff decide it is necessary. It is NOT a case of TMB taking unilateral action just because he can. You will also be able to see and join in the discussions that happen behind the scenes between many staff to make sure that we can protect the site and keep it online.
We want, no we NEED, more people who are prepared to give of their time to actively help run this site in order to enable others to complain about it.
(Score: 2) by janrinok on Tuesday February 25 2020, @08:38AM
What is your alternative suggestion for a method to protect the site from DDoS attacks, spam or abuse? Theoretically, we could make it that only logged in users have access to the site but that would be directly opposed to our desires to enable everyone to be free to express themselves in reasonable and intelligent discussion. So you have said what you don't want - what is it that you DO want and how would you achieve it?
Every member of staff, just as every member of our community, has the right to express their views and opinions. However, none of us are able to use our personal opinions to control the site without the agreement of others. TMB does NOT control this site - the Board does. TMB is not on the Board, the Editors are not on the Board. None of the names that you regularly see here are on the Board. The actions of the staff are all with the agreement of the Board who have, through necessity, delegated some of their authority to those sitting at their computer screens because sometimes action is necessary immediately. However, in all cases Deucalion/Juggs (who is the senior member of staff and represents the Board on a daily basis) is either involved or informed of all actions that are taken. Staff do not take arbitrary actions on a whim - despite being volunteers we all act professionally.
If you simply make this site a free-for-all it like many former 'chans' were, then this site will follow exactly the same route that they did. We would lose our legal protection of being a Public Benefit Corporation. There will be no sensible discussion, and the site could easily be used and abused to facilitate the kind of extremist expression and illegal activities that have led to the demise of many other sites. You simply have to look at our raison d'etre [soylentnews.org] to see that such a change is absolutely contrary to the reason that we exist.
I do not speak for any other member of the staff but I, for one, would not be prepared to give freely of my time to support such a site and I believe that there would be a similar response from some other staff too.
I accept that you are sincere in your views and by no means alone in what you wish to see. But the best way to help us it to join the team and give some of your time to do many of the daily tasks that must be carried out simply to remain a live site. Improve the quality of submissions so that we do not have to rely on bots to find material. Moderate favourably those comments that deserve it and, less often, moderate unfavourably those comments that do not contribute to the discussions that we have but that seek to disrupt such activities.
But, just as importantly, keep posting comments such as yours giving your own views so that we can all be involved in addressing the points that they raise in attempt to resolve them to the satisfaction of all those that support this site.
(Score: 0) by Anonymous Coward on Thursday March 12 2020, @04:27AM
or volunteer himself
(Score: 2) by janrinok on Sunday February 23 2020, @08:50AM
(Score: 2) by janrinok on Sunday February 23 2020, @09:02AM (4 children)
https://soylentnews.org/faq.pl?op=moderation#spam [soylentnews.org]
The spam moderation information in the link above doesn't specify a duration for the ban - it is up to the administrators to decide a duration depending on previous posting history and past relevant spam activity and moderations.
(Score: 2) by janrinok on Sunday February 23 2020, @09:03AM (3 children)
(Score: 0) by Anonymous Coward on Sunday February 23 2020, @06:52PM (2 children)
Because that is what TMB stated, he claimed zero responsibility and said it was only the spam mod itself and the negative karma would decay over two weeks or so. I decided not to bring it up till now as it is over four weeks.
It is clear to me that those who run the site are authoritarians who have zero problem with ideological persecution. Aristarchus seems to have saved a post by TMB regarding his true feelings: https://soylentnews.org/comments.pl?noupdate=1&sid=36179&page=1&cid=961243#commentwrap [soylentnews.org]
"See, the only thing between anyone on any censorious forum being silenced for bad speech is the admins' definition of bad. You should personally be very, very glad we do not silence folks for wrongthink."
But apparently less obvious methods of censorship like an extended IP ban for a very minor infraction are totally fine. That doesn't even get into the case of Athaniuskircher and his complaints. I read the report by marty, but there have been multiple accusations against TMB over the years and he himself claims it is possible for him to get away with malicious activities. Having admin access he can easily cover his tracks if no one else is watching.
So again, lying about the IP ban and enacting his own vendetta is the definition of fascism. Along with his attempts to continue blocking me through VPNs, had to disable javascript and cookies for the site as he began tracking me that way. Mind you at that point he was guessing that some AC post was myself and banning that. Wonder how many other ACs encountered problems due to his tantrum.
Anyyywayyyyy, you've never shown more than disdain for these types of complaints so whatever :[
(Score: 2) by janrinok on Monday February 24 2020, @09:05AM
If we receive repeated spam, excessive moderation abuse, or trolling intended to prevent others from using this site we can, if necessary, block an IP. If you and the AC are using the same VPN - and therefore have the same IP address - then you will end up being banned by loose association. It might not be aimed at you as an individual but at an IP address. As you have correctly pointed out we cannot see the identity of anyone using that IP. To avoid this you should always log in as a user so that we can clearly see what is happening.
However, some of our users are not very bright. They use a unique IP for an extended period of time under their username and then they think that by posting as AC that they are now invisible and anonymous. It is true that we cannot say hand on heart that it is a specific user but it significantly increases the chances that it is.
When they start using a single IP as both a user and AC and having conversations with themselves...... well, I think you can see that it does make things rather obvious.
And just to clear matters up, only a very limited number of administrators can actually 'see' the IP address - all that is available to most of us is a hash of the IP from which we can deduce nothing at all of its origin.
To summarize then - many ACs compromise themselves long before their actions draw attention to themselves. Perhaps you should ponder on this for a while.
(Score: 2) by janrinok on Monday February 24 2020, @06:20PM
If we are talking about the same block - and it is not clear which comments you are referring to if you do not link to them - the block is not due to lift until 7 March. The person who was blocked has been told this several times including by email sent to him. He has acknowledged receipt of this email.
So, if it is you who has been blocked, you know very well when the ban lifts and it has been clearly explained why the action was taken. If it is not yourself who has been banned then- you do not have all the facts to hand and you simply do not know what you are talking about. Or we simply do not know which event you are talking about. You have been asked to clarify which event several times.
(Score: 1) by fustakrakich on Saturday February 22 2020, @08:27PM (2 children)
Linux is getting weird. systemd, wayland, PAM (what the hell is that?), little by little even Slackware is soaking in it, something is afoot in San Dimas.
Which is the best BSD?
La politica e i criminali sono la stessa cosa..
(Score: 4, Insightful) by fido_dogstoyevsky on Saturday February 22 2020, @10:35PM
This one [openbsd.org]
It's NOT a conspiracy... it's a plot.
(Score: 2) by Mojibake Tengu on Sunday February 23 2020, @06:21AM
For recent Ryzen platforms, FreeBSD 12.1 is a very good one out of box. You may also try DragonflyBSD, that one is GNU friendly. OpenBSD may be too hardcore for a linuxer, and NetBSD is perfect for good haxorz only.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 0) by Anonymous Coward on Saturday February 22 2020, @06:02PM
Please, show me such idiots. If they aren't your imaginary friends, that is.
(Score: 1, Informative) by Anonymous Coward on Saturday February 22 2020, @08:52PM (3 children)
To use Microsoft Threat Protection, you need one of the following licenses or combination of licenses:
* Microsoft 365 E5
* Microsoft 365 E5 Security
* Office 365 E5, Enterprise Mobility + Security E5, and Windows E5
https://www.youtube.com/watch?v=4F4qzPbcFiA [youtube.com]
(Score: 1, Funny) by Anonymous Coward on Sunday February 23 2020, @12:09AM (2 children)
"Microsoft Threat Protection" .. sounds like the Mob.
"Lenny, explain to him."
"Ok. You see, you pay de boss for protection and we doesn't whack your system. Dats called protection."
"So, you gonna sign up, or we let Mr Kneecaps here have a talk wit you?"
(Score: 0) by Anonymous Coward on Sunday February 23 2020, @03:17AM
(Score: 0) by Anonymous Coward on Sunday March 22 2020, @10:46AM
that is actually what happens
download and install windows server in a VM sometime
you'll see..