because windows has no concept of an executable bit, so a rename could make it runnable? or a benign looking program has a built-in interpreter run code from external file?
> because windows has no concept of an executable bit, so a rename could make it runnable
This much I understand - but why can something so tightly integrated into the OS not instead intercept a file rename event and scan at that point?
I seem to be lacking sufficient information as to what specifically about Windows necessitates scanning everything on the filesystem when macOS and the various common Linux distros seem to do fine without it. It's not as if Windows is the only OS with interpreters, either.
dataflow|5 years ago
Sure it does. Execution is a permission you can set in the security tab.
> a rename could make it runnable
This is more likely why.
samb1729|5 years ago
This much I understand - but why can something so tightly integrated into the OS not instead intercept a file rename event and scan at that point?
I seem to be lacking sufficient information as to what specifically about Windows necessitates scanning everything on the filesystem when macOS and the various common Linux distros seem to do fine without it. It's not as if Windows is the only OS with interpreters, either.