Nicehash petitioning against Microsoft

[WkdPaul]

7 hours ago, TetraSky said:

If miners want to mine on Windows, they can simply deactivate Windows Defender, it's not hard. It's easier than starting to mine in the first place.

That's one of the point Nicehash makes ; people need to disable Windows defender and that puts the users at risk ... IMO that's misleading at beast, disingenuous at worst.

 

Windows Defender has an exclusion feature, one that I personally took advantage of when I mined, there's no need to disable Windows Defender at all. Adding exclusions is simple, takes seconds, and you're good to go after that.

[Kisai]

7 hours ago, porina said:

This is a long time problem with anti-virus software in general. Too many false positives as they try to justify their value and existence. It even hits distributed computing software from time to time, presumably as bad actors try to increase their credit by unauthorised installs which get flagged. I actually find MS' built in one in Win10 to be one of the least intrusive. It also isn't just about mining to me, but lots of other useful software gets flagged because they do funky things at low level.

 

I've stopped mining for now as it is too hot, but I was running Phoenix Miner no problem under Windows earlier in the year. Didn't need to set manual exemptions or anything. 

I think the reason here is likely because it was being packaged in malware. So "cloud" based AV products start seeing it as malware itself.

 

Most AV products haven't been reliable in a long time, and too many people get told to just "ignore" it, and thus we're back to the problem of needing app stores with no ability to side-load since users can be deceived by non-store software.

 

For example, during peak piracy (eg video piracy is still very common) periods, there will often be files pushed with the same file name as untainted software, posing as the release group, and because pirates just tend to download everything, these malicious things overwrite the non-malicious ones, and then of course if the user ever happens to unpack it, or scan the directory where this stuff was downloaded, their AV product goes haywire, and the release group gets blamed for spreading malware.

 

I once uploaded a malicious file I found in the wild last week to virustotal and only 6 AV products picked it up.

[WkdPaul]

3 minutes ago, Kisai said:

*snip*

Exactly, I personally would prefer an AV that's a bit too aggressive and give false positive, than one that isn't and let one virus pass through ... that one fail can cause a lot more damages than any false positive.

[Moonzy]

31 minutes ago, wkdpaul said:

Exactly, I personally would prefer an AV that's a bit too aggressive and give false positive, than one that isn't and let one virus pass through ... that one fail can cause a lot more damages than any false positive.

不怕一万，只怕万一

[Brooksie359]

2 hours ago, wkdpaul said:

That's one of the point Nicehash makes ; people need to disable Windows defender and that puts the users at risk ... IMO that's misleading at beast, disingenuous at worst.

 

Windows Defender has an exclusion feature, one that I personally took advantage of when I mined, there's no need to disable Windows Defender at all. Adding exclusions is simple, takes seconds, and you're good to go after that.

Yeah if you can figure out how to setup cryptocurrency mining you can probably figure out how to make an exception for nicehash. Also its such a niche group that just statistically it makes sense to block it to protect the majority of the people who use windows.

[LAwLz]

7 hours ago, Moonzy said:

I think most of the issues listed can be avoided just by adding nicehash folder to the exception list

But it does add a bit of sketch to it if you have to add it to exception list to begin with

 

If I were Microsoft, I wouldn't wanna take responsibility for softwares that are written by anonymous developers

Many miners developers stays anonymous for obvious reasons, like Phoenix

What do you mean "anonymous developers"?

1) Why do you think anonymous developer somehow makes the software sketchy?

2) Why are you even bringing this up? The developers of Nicehash are known. They are not anymore anonymous than let's say the developers of Windows or other closed source software.

 

 

 

4 hours ago, Brooksie359 said:

I think the problem is that from a tech savvy persons perspective it really shouldn't be an issue to implement the things you are talking about but the problem is that there are alot of people who are not so smart and don't understand what they are doing and end up allowing viruses and malware on their computer.

Please explain to me how any of my suggestions would be a threat to the average user.

 

4 hours ago, Brooksie359 said:

I know before windows defender was a thing I had to fix some of my family members who didn't understand what they were doing. Even though they had an anti-virus they still would get viruses and malware. 

Correlation does not imply causation. You're jumping to unfound conclusions that I don't think are true.

[LAwLz]

3 hours ago, wkdpaul said:

Adding exclusions is simple, takes seconds, and you're good to go after that.

From my experience, it's not. That's one of the issues I got with Defender.

 

All three of these are Defender blocking qBitTorrent, and all three times did I whitelist it. Like I said before, every week or so Defender will "forget" that I whitelisted qBitTorrent and start blocking it again.

 

I've since added the install folder to the exclusion list in Defender rather than whitelist the application itself, but that's a really bad security practice. You don't want to exclude entire folders from being scanned by your AV. Your AV should just be able to remember which program hashes you have told it specifically are safe.

[Arika]

NUH-UH people are not allowed to be upset. it's their platform, therefore their rules!!!!1111!1!!!!1

[Moonzy]

19 minutes ago, LAwLz said:

1) Why do you think anonymous developer somehow makes the software sketchy?

anonymous dev =/= sketchy software

but when something happens, it's harder to track the dev

nicehash themselves had issue with phoenix (the developer of PhoenixMiner) just a month ago or two because phoenix went silent for few days

 

19 minutes ago, LAwLz said:

2) Why are you even bringing this up? The developers of Nicehash are known. They are not anymore anonymous than let's say the developers of Windows or other closed source software.

nicehash uses thirdparty miners (like phoenix miner for example) in their traditional miner client (not quickminer, they developed quickminer entirely)

so it's somewhat related

[LAwLz]

13 minutes ago, Moonzy said:

anonymous dev =/= sketchy software

but when something happens, it's harder to track the dev

nicehash themselves had issue with phoenix (the developer of PhoenixMiner) just a month ago or two because phoenix went silent for few days

Ehm, what are you on about? That's not how software development works. 

Being anonymous or not has nothing to do with how easy or hard it is to track a developer. 

 

My guess is that you read this blog post from Nicehash regarding Phoenix where they heavily push the narrative that "anonymous developer = bad" but the issue is that this is just Nicehash trying to protect their own ass by misleading people.

The issue did not happen because the developer of PhoeinixMiner went silent. The issue seems to have happened because Nicehash downloaded a sketchy binary file from a random forum (because the official PhoenixMiner repo got deleted by their hosting partner), and then decided to push that binary out to all their users using their update infrastructure. That's why they are pushing so hard on the "we don't know the developer, and we can't verify it" angle.

[Moonzy]

Just now, LAwLz said:

The issue seems to have happened because Nicehash downloaded a sketchy binary file from a random forum, and then decided to push that binary out to all their users using their update infrastructure.

i think they denied this as well, but -shrug- this is a whole other topic though

[LAwLz]

Just now, Moonzy said:

i think they denied this as well, but -shrug- this is a whole other topic though

In any case, anonymous developer != Bad.

Being anonymous or not has literally nothing to do with security. It's a red herring Nicehash threw around to try and shield themselves from criticism when it was discovered they might have distributed malware through their program.

[leadeater]

1 hour ago, LAwLz said:

All three of these are Defender blocking qBitTorrent, and all three times did I whitelist it. Like I said before, every week or so Defender will "forget" that I whitelisted qBitTorrent and start blocking it again.

Are you excluding the directory or the application?

[LAwLz]

8 minutes ago, leadeater said:

Are you excluding the directory or the application?

The application, like you should do.

I have since excluded the folder which is very bad security practices.

 

And before you ask, no, I have not updated or changed qBitTorrent in any way. The program has the same hash but Defender still forgets it like once every week. I would get it if I updated the program and Defender flagged it because it was essentially a new file, but in my case it is legitimately exactly the same file down to the bit, and Defender still can't remember that I have marked it as safe like 15 times over the course of a couple of months.

[leadeater]

7 minutes ago, LAwLz said:

I have marked it as safe like 15 times over the course of a couple of months

I get the same with NiceHash, seems to be common just for these class of application MS just seems to hate

[porina]

5 hours ago, wkdpaul said:

Exactly, I personally would prefer an AV that's a bit too aggressive and give false positive, than one that isn't and let one virus pass through ... that one fail can cause a lot more damages than any false positive.

I look at AV as a cost-benefit tradeoff. How much pain does it cost you, for how much value it gives? The last attack I had was on IE6, so basically every false positive since then has been a negative value to me.

 

For a time I ran no real time AV at all because during that era, the CPU impact was not insignificant. I think it was around the Core 2 era. Now, the paranoid will say, how do I know I wasn't infected? I still occasionally manually ran scans and they never found anything.

 

I would be more forgiving of AV if they made it easier for you to whitelist. This is ok. I want it. Never talk to me about it again. Over time it would quieten down and not get in the way.

[leadeater]

5 minutes ago, porina said:

Over time it would quieten down and not get in the way.

"But if I don't bug you every 5 seconds how do you know you are getting value out of me?"

[suicidalfranco]

2 hours ago, Arika S said:

NUH-UH people are not allowed to be upset. it's their platform, therefore their rules!!!!1111!1!!!!1

Sorry this artifact card can only be used on a deck that only contains Apple based creatures, Apple based instant spells, apple based sorcery, apple based enchantments and apple based land cards.

If the deck contains cards that are not apple based, exile this artifact.

[Arika]

1 hour ago, suicidalfranco said:

Sorry this artifact card can only be used on a deck that only contains Apple based creatures, Apple based instant spells, apple based sorcery, apple based enchantments and apple based land cards.

If the deck contains cards that are not apple based, exile this artifact.

Then I cast arcane adaptation to make everything an apple thread. 

[suicidalfranco]

1 hour ago, Arika S said:

Then I cast arcane adaptation to make everything an apple thread. 

How is this card not banned yet

[WolframaticAlpha]

16 hours ago, Mnky313 said:

I mean, if Defender just said 'hey, here's a piece of software that you might not want. Click here to remove it' that would be fine.

Instead it just deletes it without warning, then refuses to restore it and if you download it again guess what. It deletes it again XD.

same here. my new laptop has windows. Can't install any torrent client(for free and open source torrents of course), without windows defender being a complete dick, and removing the stuff.

[StDragon]

LOL, I wonder if MS will offer their own mining pool inside Defender too.

 

https://www.bleepingcomputer.com/news/cryptocurrency/norton-360-antivirus-now-lets-you-mine-ethereum-cryptocurrency/

[Franck]

16 hours ago, TetraSky said:

Considering the number of malwares out there that makes use of mining to make money out of your computer without you ever knowing about it, Microsoft blocking them to protect the majority of their users is a good thing. Same reason why most other standalone security solutions also block anything mining related.

If miners want to mine on Windows, they can simply deactivate Windows Defender, it's not hard. It's easier than starting to mine in the first place.

You don't have to disable the whole defender you can simply green list the 3 or 4 exe in the folder and your good to go. Personally I have zero problem by being blocked in the first place. I will take a false positive over false negative any day.

[LAwLz]

2 hours ago, Franck said:

I will take a false positive over false negative any day.

That's a false dilemma.

[StDragon]

28 minutes ago, LAwLz said:

That's a false dilemma.

So Linux it is