Why Windows identifies random apps as threats
Some Windows PC owners woke up earlier this week to find their computers suddenly receiving spam messages from Windows Defender warning them about a new 'HackTool' called WinRing0. While these warnings are certainly concerning, chances are your computer isn't actually under attack—at least not yet. But that doesn't mean you should ignore the warnings.
Why WinRing0 started activating Windows Defender
The problem with random alerts like this is that it's not always clear what the threat is or why Defender considers it a threat. In the case of WinRing0, it's because an exploit in that kernel-level software has previously been linked to dangerous malware (as BleepingComputer reported).
Having kernel-level access essentially means that WinRing0 has access to core components and resources of the operating system. That's a dangerous gamble if the software can be exploited in some way, and it appears that WinRing0 has become the primary driver behind how the SteelFox malware operates and gains access to infected systems.
Even if you've taken the effort to harden your Windows PC's security with Defender, malware like SteelFox can still use the vulnerability found in WinRing0 to bypass your protections.
Another big problem with software like WinRing0 is that it tends to find its way into a lot of different software. That's the case with this latest Windows Defender warning, which The Verge reports is part of a number of widely used PC fan control apps, including Fan Control, which was mentioned a few years ago.
Windows Defender also seems to trigger the warning if you have other third-party monitoring software installed, including Libre Hardware Monitor, MSI Afterburner , SteelSeries Engine, Razer Synapse, OmenMon, etc.
This is not surprising.
The overall impact of this on monitoring software like Afterburner and Fan Control is clear. Unless Microsoft provides some way for these apps to access these low-level permissions in the future, you're taking a huge security risk by installing and using any of them.
The move isn't entirely unexpected, however. Last year's massive CrowdStrike breach had dire consequences for many companies, including some in the healthcare industry. Since then, Microsoft has been under a lot of pressure to close security holes that shouldn't exist, like the one WinRing0 used to gain kernel-level access.
It's unclear why it took Microsoft so long to address WinRing0. That doesn't mean that software that uses it is completely useless, though. You can still use it if you want. But you're likely putting your system at risk by doing so.
Unfortunately, there is a workaround, but it's unlikely to work. According to comments on GitHub, the vulnerability found in WinRing0 has been patched. However, getting it approved and signed by Microsoft is unlikely, as the open source community behind it doesn't believe they have the resources to get Microsoft to sign the latest version. And without Microsoft's signature, you won't be able to install it on your Windows system.
The only other alternative is for each of these application developers to create their own software to access kernel-level permissions. But that is an expensive endeavor that many of them cannot afford. Even if they did, it would likely result in additional costs for users of their software through software purchases.
If you use any of the monitoring software mentioned above, or if you notice Windows Defender warning you about WinRing0 on your system, then there's probably nothing to worry about at the moment. However, it's always better to be safe than sorry, especially when it comes to software with kernel-level access like this.
You should read it
- How to turn on and off UAC on Windows 10
- How to use Windows Defender increases security when surfing the web
- Warning: Trickbot malicious code can knock down Windows Defender security application on Windows 10
- Microsoft brings Windows Defender Antivirus to macOS
- How to display confirmation when deleting files on Windows 8
- Huawei software hides a dangerous vulnerability that puts its MateBook at risk of being hacked
- How to fix Your virus & threat protection is managed by your organization
- Instructions for using Windows Defender
May be interested
- Random function in Excel (RAND function), how to use the Random function and examplesrandom function in excel (rand function), how to use the random function and examples. you need to get a random value in a range of values. to avoid duplicate values and objectivity, you should use the rand () function. the article below gi
- How to disable random MAC address on Androidto ensure a more optimal security state, devices running android 10 and above will use random wifi mac addresses by default.
- 11 Useful Windows Apps That Don't Come Pre-Installedthere are a number of handy windows apps that most users would probably enjoy if they were part of the windows experience from the start.
- 12 Apps Windows 11 Users Should Install on Their New PChere are 11 apps you should have on microsoft's new operating system. these apps improve on existing features or add what windows 11 lacks (and they work just as well on windows 10).
- 5 tips to discover new and interesting apps in the iPhone App Storethe app store contains thousands of great apps that you haven't tried yet. mainstream search terms may not be helpful if you want to discover unique applications and it's not fun to embark on endless scrolling with random keywords.
- Identify blood-sucking Aedes mosquitoes that transmit dengue fever to humansaedes aegypti mosquito identification characteristics according to documents of the preventive medicine department, ministry of health.
- How to Create a Random Sample in Excelthis wikihow teaches you how to generate a random selection from pre-existing data in microsoft excel. random selections are useful for creating fair, non-biased samples of your data collection. open the microsoft excel program. you can...
- What is RNG?rng stands for random number generator. this is defined as a device or algorithm that comes with random opportunities.
- 8 apps identify everything with the phone cameracamera smartphone also functions as an image search engine and identifies everything you see in the world. here are the best things to identify apps for android and iphone.
- How to check if Windows Defender generates random files and how to fix themover the past few days, many users reported an issue with microsoft defender where it caused the user's disk to fill up. this article, tipsmake will guide you to check and fix this problem.