Is it possible that a safe browser choose to spy on its users?
Users of "the world's most popular desktop operating system" have recently reported that the Microsoft Defender antivirus tool, which comes standard with Windows 10 and 11, flags the newest version of the Tor browser as "Win32/Malgent!MTB" malware.
The event has alarmed many Tor users, who rely on the browser to protect their online privacy.
Tor Browser is a free, open-source web browser that allows for anonymous browsing using arc routing. It soon captured the hearts of users and became a popular solution for individuals who wish to protect their online anonymity.
But now what? Is it possible that the popular Tor Browser decided to spy on its users? Or did its creators confront a supply chain attack? It's actually a lot simpler than it appears at first glance.
Experts believe the misdefinition is the result of a new heuristic detection approach in Microsoft Defender. This approach is intended to detect Trojans that utilize Tor to conceal their activity. However, it appears that the start-up threshold has been set too high, thus Defender not only detects Trojan, but also detects Tor as harmful.
Heuristic detection is a method of detecting malware that use a set of rules and algorithms to detect suspicious activity. It is distinct from signature-based detection, which is based on a specific database of known malware. While heuristic approaches are useful for detecting new threats, they frequently result in false operations.
Tor representatives encouraged users to ensure that the browser was downloaded from the official website. If the download came from a reputable official source, the Defender warning should be ignored.
Furthermore, the creators suggested that Tor be included to Microsoft's removal list and that "tor.exe" be released from quarantine if Defender damaged Tor.
Microsoft has not yet issued an official statement on this matter, however a remedy is anticipated to be included in the upcoming Microsoft Defender update.