I don’t know how most package managers on windows work, but usually, auto updates are disabled by default for software that comes from one. For example, Firefox installed using APT on various linux distro will not auto-update out of it.

I vaguely remember chocolatey packages not really doing that, causing mismatch between installed versions and its internal database, though, so maybe it wasn’t that good of a solution.

The software itself, and the devs, have little to nothing to do with this besides detecting the issue. Which was not obvious, since (it seems) the attack was targeted at specific IPs/hosts/places. It likely worked transparently without alteration for most users, probably including the devs themselves.

It also would only affects updates through the built-in updater; if you disabled that, and/or installed through some package managers, you would not have been affected.

A disturbing situation indeed. I assume some update regarding having adequately digitally signed updates were done (at least, I hope… I don’t really use N++ anymore). But the reality is, some central infrastructure are vulnerable to people with a lot of resources, and actually plugging those holes requires a bit of involvement from the users, depending how far one would go. Even if everything’s signed, you have to either know the signatory’s public key beforehand or get a certificate that you trust. And that trust is derived from an authority you trust (either automatically through common CA lists, or because you manually added it to your system). And these authorities themselves can become a weak point when a state actor butts in, meaning the only good solution is double checking those certificates with the actual source, and actually blocking everything when they change, which is somewhat tedious… and so on and so on.

Of course, some people do that; when security matters a LOT. But for most people, basic measures should be enough… usually.

Notepad++ installed from any package manager was perfectly fine and safe.

I’ve kind of stopped following things up since I left windows, but maybe you’re remembering when this actually happened a while ago? This is just some in-progress post-mortem report.

Oh, yes, I won. I’ve known for months. Microsoft have nothing to do with it anymore.

Maybe if they keep making it worse and worse it will kind of circle back to good.

Steganography is extremely far from undetectable, unfortunately. And trivial to find out once you know its there; if we ever allow a framework to be put in place to intercept communication at a large scale, it will be the inverse of the cat and mouse game we have with encryption : very hard to improve, very easy to detect.

And I’m aware of the many funky things we did. At some point people tunneled DNS queries through HTTPS, to get through wifi captive portal that only allowed HTTPS traffic until authenticated.

Just to be clear, I’m aware of the issues of detecting stealth data, and even detecting encryption against seemingly random data. It’s kinda fascinating to detect the difference, too; some people have looked into that. But the point is, if you’ve already agreed on “banning encrypted communication that can’t be listened to easily”, you can basically just say “this is gibberish, decrypt it or get to jail”. I also know that this sounds insane and throw away the “innocent until proven guilty” principle, but we’re slowly creeping toward a world where our device scans all our document and communication to notify of issues to a central authority, where black box in large networks are already present, and so on.

It’s been slowly creeping toward that. Finding way to hide traffic on public networks can only go so far if the listener can just stop you if it detect what looks like encrypted content.

And, since this is kind of a heated discussion, I’ll reiterate: it would be batshit crazy to go this way. But I would have found batshit crazy to have our own devices spy on us and report suspicious activities to third parties years ago, and yet here we are.

It’s not unsubstantiated. Push for government-sanctioned client-side spyware already happened years ago with the intent to scan all content and keeps happening every other year, each time with more support, inefficient laws about age control have been pushed in many countries and other are following suits, there’s constant harassment to tech company for them to create backdoor for spying on demand, device manufacturer are threatened for allowing custom software that can be used to circumvent such provisions, etc.

If you haven’t seen any of this, then sure, be surprised that a ban on general public encryption is not unthinkable.

Anyone who thinks a government can ban VPNs without destroying economy is deluded

Anyone who thinks government would never do something as utterly stupid as shooting itself repeatedly in the everything out of spite is deluded. Banning all form of encrypted traffic would be insane. Now tell me, how many insane things have we witnessed in the recent years from our collective governments?

Anything encrypted is blocked. Boom, done.

Is it stupid? Yes. Never stopped lawmakers.

It’s E2EE alright. Just, don’t ask what “ends” we’re talking about.

The drunk dude that’s always sitting on the ground near the park entrance and sell weird tissue dolls with curly hairs is more trustworthy, I’d say.

I can’t wait for a moment where he slip, jumping from the last thing to the next, and use the epstein files as a distraction for something else out of sheer stupidity.

This could be good, except that one move is shooting its own country in the everything.

No need. It seem it got fixed along the way. But that’s the point; I tried this a year ago, and it would not work, either under the default configuration with DRM enabled, or after disabling most of the privacy features, so I just gave up on it.

Firefox, for all the flaws regarding the direction Mozilla is taking, just worked out of the box. And for adoption, working out of the box immediately is kind of a requirement.

Both are completely unrelated to the discussion. TPM sometimes have issues regarding their security, but you can certainly use Secure Boot with your own signing keys to ensure the kernel you run is one you installed, which improves security. And you can use TPM to either keep your FDE keys, or only part of them combined with a PIN if you don’t fully trust them to be secure, so you keep strong encryption but with a bit of convenience.

Without a (properly configured) Secure Boot startup, anyone could just put a malware between the actual boot and your first kernel. If the first thing that happens when you boot is something asking for a password to be able to decrypt your storage, then an attacker can just put something here, grab your password, and let you proceed while storing in a a place it can be retrieved.

Is this scenario a concern for most people? That’s unlikely. But every computer sold these last five years (at least!) can be setup to reduce this risk, so why not take advantage of it.

Just update a W10 local install. It won’t even try to ask you to add a microsoft account.

Sure. It’s not anyone. It’s anyone that can get a warrant. Or anyone that have enough power/underhanded influence to ask them nicely. Or any admin that have access to cloud storage at MS (remember they where caught with some exec having full access to that a while ago). Or any big leak that could exfiltrate these data. And probably a handful of other people, like, someone getting access to your MS account for whatever reason (which kinda happen, seeing how people lose their mail account to phishing/scams all the time) suddenly having access to your keys from there.

If your keys are in a DB somewhere, there’s a lot of way they could get out. Would these ways coincide with someone actually having your drive at hand? Probably not. Still, the key not existing in plaintext in some third party storage close all these holes.

Your computer generate a random key using (hopefully) a trusted PRNG with good enough sources. This key is then used to encrypt your data. This key is stored in your computer’s TPM module, and provided to the OS only if the chip approves all the checks in places. In addition, you get that key displayed to you, so you can write it down (or alternatively save the key file somewhere of your convenience). This is relatively good as far as security goes (unless the TPM is broken, which can happen).

And then, unless you jumped through hoops to disable it, your PC sends the key to Microsoft so they can just keep it linked to your account. That’s the part that sucks, because then, they have the key, can unlock your drive on your behalf, and have to produce it if asked by a judge or something.

Note that there are relatively safe way to protect these keys even if they are backed up in “the cloud”, by encrypting them beforehand using your actual password. It’s not absolutely perfect, but can make it very hard/costly/impossible to retrieve, depending on the resources of the attacker/government agency. But MS didn’t chose this way. I don’t know if it’s because of sheer incompetence, inattention, or because this feature is claimed to be here to “help” people that lose their key, and as such are likely to lose their password too, but it is what it is.

Don’t worry, I’ve heard they limited this wonderful feature to paid accounts.