This is why gamers should reject kernel anti cheats. A single dev at a single company that requires one could read them as easily as any other file. I’m not exaggerating, unless I’m misinformed
Just use a separate boot for games
One that is not Windows, yes
I think instead I will choose to both A) not install a rootkit on my desktop B) avoid an OS that handles passwords in plaintext
This is sort of like saying “I leave my valuables in plain sight by my door because it has a lock on it and door locks are trustworthy.” I’m not super into cyber security and stuff but it seems like one of the most common problems is programs managing to get access to memory they shouldn’t have access to. It seems to happen all the time! Just like many locks for you door are trash.
Defense in depth is a concept they teach you in cybersecurity 101. But that’s expensive and time consuming, so you end up with shit like this.
It’s ridiculous. It presupposes that cybersecurity doesn’t value or employ defense in depth. Completely untrue.
Look at the attack vector researchers were trying to solve when they created OAuth2.0 w/ PKCE.
And yet you and most people use a door with a lock instead of something more secure because… in general they do work well for the purpose they’re trying to serve. Most criminals aren’t master criminals, and master criminals aren’t coming after your house.
Don’t overthink the metaphor. These things are fragile and fall apart. The “door with a lock” is the “guarantee” (wink wink) that the operating system won’t let programs see memory they shouldn’t be allowed to. Putting your valuables in a safe instead of sitting in the floor would be encrypting the passwords in memory in the metaphor.
Also, cyber security and physical security are very different. With cyber security you need to understand that there are orders of magnitude more people looking for simple problems. Like a criminal checking every door in the world automatically, just looking for ones that are unlocked. Someone not being a “target for master criminals” isn’t really applicable for this. Besides, that’s a critique of what level of security an individual should have, but pointing out the flaw in Edge is a critique of something that claims to be secure that isn’t.
fair
Fuck Microslop Fuck windows 11
“Yeah totally secure! Just trust me!..” basically
This is LITERALLY isn’t secure; they should atleast make it encrypted. This is just the same as using your notes app as password manager! But it’s microsoft, and they’re willingly giving your bitlocker encryption key to the FBIs for your drives. So I’m not surprised…
I feel it may be worse than using your notes app.
A malicious attack doesn’t know which notes app, nor the filename.
This has every browser opening the exact same passwords.txt in root.
You guys are using edge?
Edge is on my computer, and I can’t delete it, at least not with my limited IT experience. It’s buried deep in the operating system, and it opens up seemingly randomly, I use firefox.
Looking online about getting rid of it, others described it as cancer.
The solution is to use Linux Mint.
I’m afraid as I am on my backup computer, and I worry that if I try to change over I will not do it correctly as has been the case every single time I’ve tried to download a program to accept zip files, or torrents I don’t know what my deal is.
I really do want to switch over, I am working on fixing my better computer. More than anything I want a graphene OS phone.
Good that you want to switch, take your time, don’t be afraid. There are many resources online for how to switch without accidentally deleting or losing access to things. I have been using Linux Mint for over a year now switching from Windows 10 and I haven’t run into any limitations or issues. It’s been a great learning experience and has overall lead to me being more technologically savvy. If you have any questions there are many places to discuss, feel free to ask.
phew it’s an expected feature, thank goodness!!!
if they patch this, they should be dragged through the town square after that comment
It’s an expected feature for me too, in that I expect Microsoft to be fucking useless at everything lol
That’s the added trust and security they always boast about
trust is multiplicative, not additive
Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised. Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats.
“We value user safety and usability, but if you’re already compromised you can go fuck yourself”
No, if you are already compromised there is just no way anyone can help you anymore besides wiping your whole system.
True, but there’s a big fucking difference between handing over the keys without being asked, and doing basic fucking due diligence and not loading all your passwords in plain text into memory by default.
(@iglou@programming.dev ) I can’t defend MicroSlop because that mentality is pants on head stupid and is directly in opposition to any statement that they care about security. Because, again, they made their browser behave this way for no real reason besides blowing smoke up our ass. Chromium handles passwords properly, MicroSlop chose to do it insecurely and is hiding behind the dumbest defense. Because their OS has more holes than Swiss cheese and they refuse to plug a basic security hole that they put there intentionally.
Chrome’s handling is barely more secure. A compromised device will have a much easier time reading Chrome’s encrypted store than scanning your RAM to find passwords.
Remember that if you don’t need to input a password to open the store, then anything with access to your device can also read it.
Wether it’s encrypted in your RAM or not barely makes any difference in how difficult the task is.
The only solution is: Browsers should require a password. Or even better: Use a dedicated, properly secured password manager.
Chrome’s handling is barely more secure. A compromised device will have a much easier time reading Chrome’s encrypted store than scanning your RAM to find passwords.
Regardless, they’re still loading them into memory in plain text, and knowing this exists, is going to be an easier task to grab than dealing with the encrypted store chromium uses. At least chromium uses the in built credential api to try to protect the secrets, the fact edge doesn’t is an egregious security hole.
I don’t disagree that users need to have to enter a password to view their stored passwords, but you’re hand waving a massive and intentional decrease in security on Edge’s part. No matter how easy it is to get out of another browser, this is a violation of basic secure development practices. Security is only as strong as the weakest link, and edge is determined to not even close one of the easiest links in the chain.
I will disagree on the RAM scanning being easier. It is my opinion that the weakest link here is the password store.
The security hole here is a password management system that can work without external secret. It is shocking that this is still common practice and that people use them.
Yeah, I can’t believe I’m defending Microsoft but that’s probably what they meant. No browser password saving feature is safe if your device is compromised.
Use a proper encrypted password manager
Microsoft SSH agent persistently stores your unencrypted private keys in the registry. They’re still there unlocked and usable after you reboot.
Right there in the name, it says Secure She’ll Hades
does this company intentionally want users to stop using it? cuz day by day either theres a new windows bug or just shittier softwares
Not to worry, the next update will fix it. (And make 12 others things worse. Also it will make your printer stop working. Again.)
as if it ever worked with windows anyway…lol…got it working on linux on the first try
The AI tells them this is fine, and we are not to question the AI.
Trust me bro
M365 chat also fetches a copy of whatever secured file links you send to each other. Goes without saying, but never use Microsoft products if you value security.
2026 is gonna be the year I finally move to Linux. I have huge concerns about many aspects of switching, but they’re being overtaken by concerns about staying with Windows. I don’t even mind if my overall user experience is a bit worse on Linux (I am trying to have reasonable expectations that it won’t be the walk in the park Linux advocates on Lemmy like to claim), I just have much more faith in its security, privacy, customisability and - most importantly - the motivations and intentions of its developers.
I switched my mom to Linux because teaching her how to use Linux as her daily driver was easier than trying to unfuck windows on her computer.
Back up your data and then go nuts.
Controversial take from someone who dual boots windows and linux on my home PC and uses macs as work machines but, honestly windows is fine. IMO if you’re the kind of person who cares about a good running machine you’ll have configured settings and gotten rid of the bloatware and done a bunch of stuff to make windows a relatively decent experience anyway, and linux requires a similar amount of effort to get running the way you want it also, but can be a differently polished experience.
Modern OS’s are much of a muchness in practice with regards to their pros and cons. Please don’t downvote me to hell linux lovers, it’s my honest opinion after decades of use of all three.
Best of luck! If you’ve got questions or problems feel free to DM me (or reply here) and I’ll try to help as best I can. I’ve been using linux since the mid 90s, so I have a decent idea of how it all works :)
If you move to one of the big supported distributions, you’ll be extremely surprised how easy it is.
If you just want things to stay consistent and easy, I can’t recommend Linux mint enough. I installed it on my son’s laptop almost two years ago and he’s never needed my help to fix anything since.
The installation walks you through everything, just like Windows, but it’ll only take about the third of the time. Everything just works and there’s no trash to uninstall or debloat scripts to run when you’re done.
If you do any gaming you might want to run Fedora or bazzite (fedora with training wheels), but if you’re using KDE for the desktop that’s almost as easy and seamless.
Can confirm, Bazzite is ridiculously easy. If you don’t want to dual-boot it’s easier to install than Windows. I have it on my laptop and all my games run better now.
Except Tropico 6. For some reason that made my entire system go crazy. 😄
Bazzite is so easy to set up it’s kind of ridiculous. I ended up jumping to straight Fedora just so I can fiddle with things a little more, but for 99% of users the immutable distro thing is perfectly fine
Just made the move a few months ago. Only headache was a missing headset driver, but Claude was able to one shot one for me that’s been stable ever since.
Not looking back. There have been very few things that haven’t worked so far. Take the leap!
I don’t worry, I just don’t use Edge or Windows or any MS software really (except for Teams at work)
