How was Windows Store app able to download adware to a Windows 10 PC?

  1. Brink's Avatar
    Posts : 34,565
    64-bit Windows 10 Pro build 18290
       08 May 2016 #1

    How was Windows Store app able to download adware to a Windows 10 PC?


    Apps from the Windows Store run in a highly restricted sandbox and have to be approved before they can be listed. So why was this app able to automatically download an executable file that multiple virus scanners identified as potentially dangerous?

    One of the biggest selling points of the Windows Store is its promise of safety. Apps have to be approved to make it into the store, and the sandbox in which apps run should prevent them from causing any damage or installing malware or unwanted software.

    That doesn't mean developers can't try shady tricks. But their options are extremely limited, which is why I was surprised to find an app in the Windows Store last week that actually succeeded in downloading adware to a Windows 10 PC.

    An unsophisticated user might have been fooled into going one step further and running that software, resulting in the installation of an annoying piece of adware and potentially much worse...


    Source: How was this Windows Store app able to download adware to a Windows 10 PC? | ZDNet
      My ComputersSystem Spec

  2. TairikuOkami's Avatar
    Posts : 3,512
    Home 1809 x64 10.0.17763.194
       09 May 2016 #1

    The author got a little overexcited. For starters it is PUP, secondly, it merely opened a link, the browser downloaded it, so no sandbox was breached. I guess, that the proclaimed update downloaded some script, which caused a link to open.
      My ComputerSystem Spec

  3.    09 May 2016 #2

    TairikuOkami said: View Post
    The author got a little overexcited. For starters it is PUP, secondly, it merely opened a link, the browser downloaded it, so no sandbox was breached. I guess, that the proclaimed update downloaded some script, which caused a link to open.
    Yes, but the MS apps are supposed to be "safe". This one reached outside the sandbox in an attempt to harm the system.
      My ComputerSystem Spec

  4. TairikuOkami's Avatar
    Posts : 3,512
    Home 1809 x64 10.0.17763.194
       09 May 2016 #3

    The problem is, that it is a download app. The app itself and its content are sandboxed, but not, what it downloads.
    Just like a browser, eg Chrome, it is sandboxed, but a user can download any malware and run it, sandbox does not apply.
      My ComputerSystem Spec

  5.    09 May 2016 #4

    TairikuOkami said: View Post
    The problem is, that it is a download app. The app itself and its content are sandboxed, but not, what it downloads.
    Just like a browser, eg Chrome, it is sandboxed, but a user can download any malware and run it, sandbox does not apply.
    Correct, but it gives a false sense of security to unsuspecting, every-day-novice users.
      My ComputerSystem Spec

  6. TairikuOkami's Avatar
    Posts : 3,512
    Home 1809 x64 10.0.17763.194
       09 May 2016 #5

    simrick said: View Post
    Correct, but it gives a false sense of security to unsuspecting, every-day-novice users.
    Well so do security companies and people then act surprised, how could they get infected with AV installed.
    Accidents happen, but they help to improve safety, I guess, that MS will respond by some nice improvements.
      My ComputerSystem Spec


 

Related Threads
I keep getting this message. I Googled it, and some solutions say to check permissions. I did, and I already have full control. 50840
I just upgraded from 8.1, to windows 10 today. Everything seems fine at the moment, except when I open the store, and try to download an app, I go to the page and it gives me this constant 'loading sign'. http://i.imgur.com/q1rc2tz.png It...
Hi - I have purchased a few songs on Windows 10 store and pressed download to have them on my PC for offline listening / transferring to MP3 player. However, although a blue box appears in the top right corner of the screen in Groove Music telling...
Hi, I bought a Dell inspiron I15RV laptop 2 years ago. It had windows 8, i upgraded to windows 8.1. The store was working fine. I was able to download apps and games. But unfortunately, few months ago my store stopped working. I tried almost...
Hi, I bought a Dell inspiron I15RV laptop 2 years ago. It had windows 8, i upgraded to windows 8.1. The store was working fine. I was able to download apps and games. But unfortunately, few months ago my store stopped working. I tried almost...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 06:03.
Find Us