• DeathsEmbrace@lemmy.world
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    25
    ·
    edit-2
    1 year ago

    Because it makes it the easiest thing to spoof an .exe which enables attacks of which you will never get out of. A legit.exe vs a spoofed legit.exe will be the exact same in every way except the coding in spoofed fucks you.

    Edit: you’re trading security risk for security risk that makes it easier to hide. Not worth it.

    Edit 2: their is nothing 100% secure MD5 and Sha1 are both spoofable. Checksums and anything is capable of being man in the middle. You people act like you just found something that can’t be broken. This is the real world the moment you switch most black hatters and white hatters will switch too…

    • CheezyWeezle@lemmy.world
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      2
      ·
      1 year ago

      I’m not sure that these things work the way you think they do… an antivirus wouldn’t just look for the name of an executable to be “legit.exe” but rather would look at what the program calls itself in it’s manifest, compute the hash for the executable binary file, and compare that hash against a database of known good hashes. If the contents of the executable compute a hash identical to the known good hash, then you know the contents of the executable are clean.

      • gronjo45@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Still getting into programming and having a bit of trouble understanding what a “manifest” is. What does this technically entail? Are “manifests” implemented differently by PL or OS?

    • ඞmir@lemmy.ml
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      2
      ·
      1 year ago

      How is this getting upvoted. This is ridiculous garbage, every exe whitelist would obviously have checksums attached, not just a filename.

    • xantoxis@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      Please don’t reply to comments when you’re talking out your ass, that doesn’t help anyone. You don’t know wtf you’re on about, at all.

    • starchturrets@feddit.de
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Not really, WDAC doesn’t usually just look at the filename. It can look at the certificate it was signed by, or fallback to using hashes.