CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
Did a secure browser decide to spy on its users?
Recently, users of the "most popular desktop OS in the world" began to report that the Microsoft Defender antivirus program, integrated by default in Windows 10 and 11, marks the latest version of the Tor browser as malware "Win32 / Malgent!MTB".
The incident has caused concern among many Tor users who rely on the browser to ensure their online privacy.
Tor Browser is a free and open source web browser that uses onion routing to browse the Internet anonymously. At one time, it quickly won the hearts of users and became a popular choice for those who want to ensure their privacy online.
But now what? Did the beloved Tor Browser of millions decide to spy on its users? Or did its developers face an attack on the supply chain? Well, in fact, everything is much simpler than it may seem at first glance.
Experts believe that the erroneous definition is due to a new heuristic detection method used in Microsoft Defender. This method is designed to identify Trojans that use Tor to hide their activity. However, it seems that the trigger threshold was set too widely, so Defender does not limit itself to Trojans, but marks Tor itself as malicious.
In general, a heuristic detection method is a method for detecting malware that uses predefined rules and algorithms to identify suspicious behavior. It differs from the signature-based detection method, which relies on a specific database of known malware. While heuristic methods can be effective in detecting new threats, they can also often lead to false positives.
Tor representatives advised users to check whether the browser was installed from the official site. If a legitimate official source was used for the download, the Defender warning should be taken as false.
In addition, the developers recommended adding Tor to the Microsoft security software exclusion list and restoring it "tor.exe" from quarantine, if Defender has affected the operation of Tor.
At the moment, Microsoft has not made any official statements on this issue, but it is likely to release a fix with the next Microsoft Defender update.
Recently, users of the "most popular desktop OS in the world" began to report that the Microsoft Defender antivirus program, integrated by default in Windows 10 and 11, marks the latest version of the Tor browser as malware "Win32 / Malgent!MTB".
The incident has caused concern among many Tor users who rely on the browser to ensure their online privacy.
Tor Browser is a free and open source web browser that uses onion routing to browse the Internet anonymously. At one time, it quickly won the hearts of users and became a popular choice for those who want to ensure their privacy online.
But now what? Did the beloved Tor Browser of millions decide to spy on its users? Or did its developers face an attack on the supply chain? Well, in fact, everything is much simpler than it may seem at first glance.
Experts believe that the erroneous definition is due to a new heuristic detection method used in Microsoft Defender. This method is designed to identify Trojans that use Tor to hide their activity. However, it seems that the trigger threshold was set too widely, so Defender does not limit itself to Trojans, but marks Tor itself as malicious.
In general, a heuristic detection method is a method for detecting malware that uses predefined rules and algorithms to identify suspicious behavior. It differs from the signature-based detection method, which relies on a specific database of known malware. While heuristic methods can be effective in detecting new threats, they can also often lead to false positives.
Tor representatives advised users to check whether the browser was installed from the official site. If a legitimate official source was used for the download, the Defender warning should be taken as false.
In addition, the developers recommended adding Tor to the Microsoft security software exclusion list and restoring it "tor.exe" from quarantine, if Defender has affected the operation of Tor.
At the moment, Microsoft has not made any official statements on this issue, but it is likely to release a fix with the next Microsoft Defender update.
