top | item 33038921

(no title)

abpavel | 3 years ago

No, because they would cause the following scenario: Malicious attacker looks for exactly what Microsoft detected, and fixes each specific detection while keep operating the undetected ones. The end result would be operational malicious site, without being detected.

discuss

dtjb|3 years ago

The fact that Microsoft detected malware is already known, publicly.

salawat|3 years ago

So what? Just leave legit users in the dark because assholes exist? This type of logic needs to die. Assholes continue to exist because we enable them to by not raising the bar high enough that compromise is impractical, and no longer easy money.

from|3 years ago

People underestimate the extent to which a bunch of opaque "anti-abuse" algorithms control things. Everyone is given a risk score and if you exceed an internal threshold they will never respond to your support requests until your complaint gets on the HN frontpage. Then as justification to continue their pointless cat and mouse game the abuse department types will come in and say "well if we told you why we arbitrarily decided to <steal your money/delete your 20 year old email account/prevent you from logging in with a weird error message> then the real criminals would know how we detected them!"

Dylan16807|3 years ago

In the specific scenario where they're running multiple kinds of malware on the same site, they won't know which one got detected.

Is that really something to worry about so strongly that we screw over legitimate websites?

A malicious actor can already know exactly what's detected if they run one malware at a time per site.

unknown|3 years ago

[deleted]