Though the Windows thing was really funny 😂.

  • 0x4E4FOP
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    2
    ·
    edit-2
    9 months ago

    Not just every file deleted, every file written to disk as well (downloaded, extracted from an archive, whatever).

    It’s also how most AV software works, except Defender is slow AF.

    • voxel@sopuli.xyz
      link
      fedilink
      arrow-up
      8
      ·
      9 months ago

      also, defender is synchronous by default (e.g. nothing gets written until it gets scanned, and scanning parallelization is limited), and can only act asynchronously (aka write first, then queue check) on “trusted dev drives” (aka ReFS-based virtual vhdx partitions aimed at developers as a solution to horrible ntfs throughput, especially if defender is enabled)

      • 0x4E4FOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        9 months ago

        Not true, it does get written before it gets scanned. In fact, it doesn’t even always scan before the file is read by explorer (yes, it’s the worst AV ever). It’s easy to prove this, just extract FFF’s WinRAR keygen and you’ll see what I mean.

    • HStone32@lemmy.world
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      9 months ago

      Huh. All that security, and yet there are still so many viruses capable of infecting windows.

      • deur@feddit.nl
        link
        fedilink
        arrow-up
        9
        arrow-down
        2
        ·
        9 months ago

        Huh… all that immune system yet there are still so many viruses capable of infecting humans.

        • 0x4E4FOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          Humans are easy targets 😁… we’ve lived semi-isolated from nature at least the last few hundred years.

      • 0x4E4FOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        No, it scans file headers when you do read/write operations on disk. Every AV works this way, except, as I said, Defender is slow AF.

        • uis@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          9 months ago

          I can’t find talk I watched, but I found github issue it was based on.

          Short version: Defender is triggered not on open, not on read or write, but on CloseHandle.