Nicehash petitioning against Microsoft

[Energycore]

Nicehash, a cryptocurrency mining service for small users, is Petitioning against Microsoft for the blocking of mining software on Windows Defender. They're also asking Microsoft to target the -other- software that's on illegitimate miners, rather than the mining algorithm itself.

 

Quote

Many legitimate coin-mining software applications are being incorrectly labeled as malware and/or being flagged as PUAs (Potentially Unwanted Applications) by Windows operating systems.

 

We request that mining software that is from trusted sources, EG. software that has an EV certificate has its code-signed, comes from a publicly known author, and is proven to be safe (for example, QuickMiner, XMRig, and many others) be allowed by Windows Defender and allowed to run smoothly when installed by the user. Mining software cannot be installed by a third party for nefarious purposes without additional software components, so Windows Defender must stop blocking legitimate software in order to protect users from real malware.

They include 10 Appendixes which go into detail about their stance, but no external references to academic work or news.

 

My thoughts

Microsoft has always blocked mining software of ANY kind as malign. Nicehash argues that this is anti-consumer as it prevents consumers from mining, compared to big factories that have their own setup and probably use Linux.

 

I see some good points and some bad points.

• Reduces trust in Windows Defender and antivirus software.
  • I think this is a fair point if you're told by a lot of people that it's randomly blocking programs that should be legitimate, and people's imaginations would run wild if they're told a Microsoft is specifically blocking one type of legitimate software. There will be people on the side of Microsoft though.
• Many points related to decentralization and making mining harder for personal users compared to huge mining farms.
  • I personally care about this because I mine on my gaming GPU on the side, and I want to be able to continue doing so. That said, outside of people who mine, who cares? Not a lot of people, so there's a chance this doesn't get much traction at all outside techy communities.
• Damages the reputation of blockchain.
  • This one's a weird one. Are they arguing that Windows Defender is defaming mining software by stating that it's malicious and can harm your computer? I'm not a legal expert but I don't know that this is the right thing to argue.
• Contributes to damaging the environment
  • Now if you can't see the irony in this one, allow me to point it out. They argue that small home mining rigs tend to use less power and can more easily obtain more energy from sustainable sources [citation needed].

So all in all, I do think it's better if Antivirus Software doesn't block legitimate software of any kind. I don't think this is something worth crying wolf about.

 

Home users that are annoyed by Microsoft should look at alternatives, they do exist. I'm hoping that a Linux distro that can put a dent in the behemoth that is Windows at some point comes along.

 

Sources

https://www.nicehash.com/petition-against-microsoft

[porina]

This is a long time problem with anti-virus software in general. Too many false positives as they try to justify their value and existence. It even hits distributed computing software from time to time, presumably as bad actors try to increase their credit by unauthorised installs which get flagged. I actually find MS' built in one in Win10 to be one of the least intrusive. It also isn't just about mining to me, but lots of other useful software gets flagged because they do funky things at low level.

 

I've stopped mining for now as it is too hot, but I was running Phoenix Miner no problem under Windows earlier in the year. Didn't need to set manual exemptions or anything. 

[Helpful Tech Witch]

3 minutes ago, porina said:

It also isn't just about mining to me, but lots of other useful software gets flagged because they do funky things at low level

that, or if i run a program from aunknown develpoer i have to press a million things to run it.

[Mnky313]

I mean, if Defender just said 'hey, here's a piece of software that you might not want. Click here to remove it' that would be fine.

Instead it just deletes it without warning, then refuses to restore it and if you download it again guess what. It deletes it again XD.

[StDragon]

If you ever wanted to know the group-think in AV false positives, look no further than an AV engine clearing house (such as virustotal.com).

Almost always a component used is guilty by association with other nefarious programs.

[Hairless Monkey Boy]

For every one miner who is slightly inconvenienced by this "false positive" how many other users are benefitted? I would guess a lot. It's not hard to add an exception to Windows Defender, or to disable it all together.

 

I'm fine with this.

[TetraSky]

Considering the number of malwares out there that makes use of mining to make money out of your computer without you ever knowing about it, Microsoft blocking them to protect the majority of their users is a good thing. Same reason why most other standalone security solutions also block anything mining related.

If miners want to mine on Windows, they can simply deactivate Windows Defender, it's not hard. It's easier than starting to mine in the first place.

[StDragon]

1 minute ago, TetraSky said:

If miners want to mine on Windows, they can simply deactivate Windows Defender, it's not hard. It's easier than starting to mine in the first place.

How about Nicehash write their own code instead of reusing someone else's of dubious origins ? 

[Jtalk4456]

in all fairness, i'm not too upset at an abundance of caution. False negatives are an issue, but not false positives

[LAwLz]

51 minutes ago, HairlessMonkeyBoy said:

For every one miner who is slightly inconvenienced by this "false positive" how many other users are benefitted? I would guess a lot. It's not hard to add an exception to Windows Defender, or to disable it all together.

 

I'm fine with this.

Sadly, Microsoft do make it hard. 

Disabling it is damn near impossible, and on my computer qBittorent constantly gets flagged. I have to go through the process of unblocking it like once a week because windows defender seems to forget exceptions every time it gets updated. Oh and if you click the wrong option once it deletes the program files. 

 

I can see both sides of this. I get that Microsoft wants to protect users, and hidden, malicious crypto miners have gotten quite common in recent years. But at the same time I feel really bad for nicehash or any other program that has been incorrectly flagged. Microsoft doesn't seem to care about fixing any false positives that defender has. The qBittorent issue has been going on for like a year and no fix is in sight. 

Maybe this petition will light a much needed fire under microsoft's butt to at least make them fix defenders amnesia, or rework their false positive report system so they it actually does something. 

[StDragon]

6 minutes ago, LAwLz said:

Sadly, Microsoft do make it hard. 

Disabling it is damn near impossible, and on my computer qBittorent constantly gets flagged. 

 Well, this is what happens when people complain the OS isn't' doing enough to stop a Layer 8 problem. It's a no-win situation for MS.

[LAwLz]

2 minutes ago, StDragon said:

 Well, this is what happens when people complain the OS isn't' doing enough to stop a Layer 8 problem. It's a no-win situation for MS.

What do you mean? I have never heard anyone complain about defender making it too easy to whitelist a program, nor have I heard someone complain they defender is too easy to turn off. 

[Energycore]

12 minutes ago, LAwLz said:

Microsoft doesn't seem to care about fixing any false positives that defender has

Maybe we start looking for Antivirus software that does respect this kind of thing? I don't care about throwing Windows Defender away again tbh

[LAwLz]

Just now, Energycore said:

Maybe we start looking for Antivirus software that does respect this kind of thing? I don't care about throwing Windows Defender away again tbh

Other AVs might be better at that, but it seems like they have their own share of problems. Injecting root certs, having their own vulnerabilities, hijacking browser sessions, interfering with Windows updates etc. 

 

I actually really like Windows Defender. It's the only AV I recommend. It's just a shame about false positives being so annoying. If Microsoft made a good false positive report system, or just made it so that defender remembered programs I whitelist then I'd say it was as flawless as an AV can be. 

[Energycore]

Just now, LAwLz said:

I actually really like Windows Defender. It's the only AV I recommend.

I agree with this. For 99% of people it won't give them issues. They just don't care about the rest

[StDragon]

12 minutes ago, LAwLz said:

What do you mean? I have never heard anyone complain about defender making it too easy to whitelist a program, nor have I heard someone complain they defender is too easy to turn off. 

And you won't, because MS has decided to protect YOU from YOURSELF. And that includes anyone using their OS. Hence why MS makes it difficult by design.

[LAwLz]

17 minutes ago, StDragon said:

And you won't, because MS has decided to protect YOU from YOURSELF. And that includes anyone using their OS. Hence why MS makes it difficult by design.

Yes and I think that's bad. I don't quite get your point.

How exactly are Microsoft in a lose-lose situation here? You said this happened because people complained to Microsoft about them not doing enough, and I have never seen anyone suggest any of the things I have a problem with. I have also recommended two solutions for it which Microsoft doesn't seem interested in fixing.

I am not sure if I am just being dumb, but I am not able to follow your logic.

[Hairless Monkey Boy]

43 minutes ago, LAwLz said:

Microsoft doesn't seem to care about fixing any false positives that defender has.

In Microsoft's defense, this is not an easy thing to get perfectly correct, and I'd rather they err on the side of false positive than false negative.

 

It's a shame that you've had such a hard time whitelisting your applications. I have not had that experience.

[StDragon]

1 minute ago, LAwLz said:

Yes and I think that's bad. I don't quite get your point.

How exactly are Microsoft in a lose-lose situation here? You said this happened because people complained to Microsoft about them not doing enough, and I have never seen anyone suggest any of the things I have a problem with. I have also recommended two solutions for it which Microsoft doesn't seem interested in fixing.

I am not sure if I am just being dumb, but I am not able to follow your logic.

People complain that Windows is insecure; no one really disputes that for a whole host of reasons of their own (MS) accord. So, the solution is to protect the user from performing actions that would otherwise compromise their system. In essence, MS is protecting the user from themselves. Their actions are often the vector in rooting the box. Thus a "Layer 8" problem.

[Energycore]

Just now, Sakuriru said:

I disagree, this increases trust in Windows Defender for me. It's not a random block of a legitimate program, it's a block of a program that's attempting to mine cryptocurrency, which is what a lot of malware attempts to do once it infects a computer. Microsoft should continue to block mining.

I don't know, I feel like it's like being against software that encrypts files like 7zip just because there's a LOT of malware that encrypts your data and then asks for ransom.

[LAwLz]

9 minutes ago, StDragon said:

People complain that Windows is insecure; no one really disputes that for a whole host of reasons of their own (MS) accord. So, the solution is to protect the user from performing actions that would otherwise compromise their system. In essence, MS is protecting the user from themselves. Their actions are often the vector in rooting the box. Thus a "Layer 8" problem.

I know what "layer 8" is.

I just don't really follow your logic. Yes, people said Windows is/was insecure. People weren't asking for these "remedies" though. It seems like a really weak defense of Microsoft to just go "well they did something and now people are complaining about that too! They can't win!".

 

When people said "Windows is insecure" they didn't say "please make it so that I can't whitelist programs in my anti virus, and please make it so that you can't turn the anti virus program off".

If people ask you to improve something and you introduce a change that's bad then you can't just brush off criticism as "well looks like people are never pleased". People aren't pleased as long as the "solutions" have issues.

 

 

If you want an analogy, let's say VLC had an issue with playing HDR files. It messed up the colors.

Users: Hey, VideoLAN, VLC glitches out when we try and play HDR files. Can you please fix it?
VideoLAN: Sure thing! We're removing support for HDR from VLC. You can no longer play HDR files at all, thus fixing the issue with messed up colors!

Users: What the fuck? This is not what we asked for. Can you please just make it so that HDR files work instead?

You: Well, looks like VideoLAN is in a lose-lose situation. People complained about HDR files and now that VideoLAN has fixed the issue people still complain! People sure always find a way to complain about something...

 

 

That is basically what is happening here. Microsoft introduced "fixes" for their security issues that nobody asked for, and the "fixes" are shit and causes issues on their own.

 

 

16 minutes ago, Energycore said:

I don't know, I feel like it's like being against software that encrypts files like 7zip just because there's a LOT of malware that encrypts your data and then asks for ransom.

Or block email clients because a lot of malware is spread through email.

Or if we want a real world analogy, it's like banning chef knives because they are sometimes used to harm people.

"It's often used for bad things" is a very bad excuse for blocking/banning something if it has legitimate purposes too. That type of mentality and governing rarely ends well.

[Moonzy]

I think most of the issues listed can be avoided just by adding nicehash folder to the exception list

But it does add a bit of sketch to it if you have to add it to exception list to begin with

 

If I were Microsoft, I wouldn't wanna take responsibility for softwares that are written by anonymous developers

Many miners developers stays anonymous for obvious reasons, like Phoenix

[Brooksie359]

4 hours ago, LAwLz said:

Yes and I think that's bad. I don't quite get your point.

How exactly are Microsoft in a lose-lose situation here? You said this happened because people complained to Microsoft about them not doing enough, and I have never seen anyone suggest any of the things I have a problem with. I have also recommended two solutions for it which Microsoft doesn't seem interested in fixing.

I am not sure if I am just being dumb, but I am not able to follow your logic.

I think the problem is that from a tech savvy persons perspective it really shouldn't be an issue to implement the things you are talking about but the problem is that there are alot of people who are not so smart and don't understand what they are doing and end up allowing viruses and malware on their computer. I know before windows defender was a thing I had to fix some of my family members who didn't understand what they were doing. Even though they had an anti-virus they still would get viruses and malware. 

[Jet_ski]

Microsoft security team probably isn’t going to overlook Nicehash’s history. Their co-founder’s involvement in creating ransomware and the founding of a group to use ransomware is probably fresh in their minds.

 

Since many mining developers are anonymous, building backdoors is a bigger concern. Cryptojacking is an ongoing issue, Microsoft has nothing to gain but a lot to lose in allowing the mining apps. From their perspective if you’re sophisticated enough to handle the risk, then you can easily manage the software so there’s nothing to be upset about.

[captain_to_fire]

8 hours ago, Energycore said:

So all in all, I do think it's better if Antivirus Software doesn't block legitimate software of any kind. I don't think this is something worth crying wolf about.

 

Home users that are annoyed by Microsoft should look at alternatives, they do exist. I'm hoping that a Linux distro that can put a dent in the behemoth that is Windows at some point comes along.

Because at the moment, antivirus programs can´t differentiate cryptojacking which is malicious, and intentional mining. That is why all antivirus programs, not just Windows Defender flag mining applications as potentially malicious. Remember that around 2018, cryptojacking surpassed ransomware if I’m not mistaken. 

 

I don’t think this is a huge issue because one who intentionally mines on their own PC can whitelist NiceHash on the antivirus settings.

 

Edit: Also, this "issue" is not exclusive to Windows Defender. Here's my parent's PC at home with Kaspersky Security Cloud installed, and it flagged NiceHash as potentially malicious.

 

Edited June 3, 2021 by captain_to_fire