Wikipedia:Reference desk/Archives/Computing/2022 September 4

= September 4 =

"Behavior:Win32/Hive.ZY" - do Electron-based applications actually have a serious vulnerability or not?
Today Windows users had an update to the default security software, Windows Defender, which produces the above quoted message (and the general impression that the computer is infected with ransomware) whenever an Electron-based application is opened. This is apparently a false positive. This Reddit thread about the Hive.ZY warnings links to this older Reddit thread about the Electron vulnerability. It seems the virus databases which Defender relies on have been updated to include Electron as a threat (with the amusing side effect of causing a security alert whenever Microsoft Teams is opened). In my case I get an alert whenever I open my browser of choice (Vivaldi). The MS-and-chromium-based world seems to be anticipating another update which will put an end to the false positive. I'm wondering, though, isn't there an actual vulnerability in Electron which should be flagged up like this? I'm guessing that it's up to the individual developers of software based on Electron to patch their code to make it secure, and I'd like to know whether the Vivaldi team are even considering this: I haven't found anything about it on their forums. But perhaps it's not a real threat? Card Zero (talk) 18:46, 4 September 2022 (UTC)


 * I am not sure that this is a database-related diagnosis. It seems by a naive reading of "Behavior:..." that this is a heuristics-based finding. Malware signatures kept in a database are not used for heuristical analysis and it is a well-known issue that such analysis often results in false-positives. I sincerely doubt that Electron suffers from such an infection. Of course, it could be subject to any number of other threats, but who really knows? Elizium23 (talk) 00:55, 9 September 2022 (UTC)
 * That would be reassuring, if it's just heuristics-based foolishness. Of course I wasn't suggesting that Electron is infected with anything, merely that it might be a very easy point of attack for a no-click exploit, and complacently used by lots of popular software (and even worse, niche software like my browser, which might not get its act together to fix the more difficult security holes). Still, as you say, who really knows. I will proceed with fingers crossed, it's the modern way. And actually somewhere along the way I read that the possible attacks on Electron are not very easy. That seems to be the actual source of security with regard to Electron: relying on malware authors having better things to do. Card Zero  (talk) 21:23, 9 September 2022 (UTC)