Vodaphone blocks this site for being “18+ content”, I guess because of “hacking” or something? There’s no explanation or option to report a false positive and they want you to put in credit card details to confirm your age to unlock it
(I don’t need tips to get around this or anything, I can just connect to another network or use a VPN)
So it's been "on review" for more than a year now?! So the filter is basically unidirectional since they apparently don't care about false positives. I wonder who else uses that filter database provider
Oh, and Microsoft includes that adult software in their operating system. Can someone report to Vodafone that all Windows PCs must be blocked because they run adult content. Except for those who have deleted curl.exe of course...
In the UK where 20% of the internet is blocked – it's surprising you haven't experienced this before. Call your service provider and tell them you want access to adult material.
This sounds like an extreme over-estimate. Some ISP's, mostly mobile ones, default to blocking "adult material" unless you tell them to turn that off. Some of the larger ISPs are under court order to block some specific other content (Pirate Bay in particular; my old ISP was one of them, my current ISP happily lets me access it, not that I've ever done so other than to see if it's blocked).
Most ISPs block at most a tiny set of sites and personally in 23 years of using UK ISPs I've never "organically" run into those blocks (as in, no site I actually had any interest in accessing has been blocked; I've only seen them when checking whether people were right that a specific site was blocked). And yes, that includes visiting sites with "adult material" without running into any blocks.
I do have a VPN, so it'd take me as long to bypass as it takes me to press one button in my browser address bar, but I only need that to evade IP region/country blocks - never needed it to get around UK filtering.
That’s not true. I’ve experienced this once before that I can remember, on https://hackmii.com/ and it doesn’t happen on my home network except on actual scam sites which isn’t a government thing but an ISP feature that can probably be turned off. This is a Vodaphone thing, not a UK thing.
I don’t care that much about this specific site, I guess I just want to complain that they don’t have a way to report false positives which maybe isn’t the best reason to post a comment on an unrelated article but still
They overblock, probably intentionally, so it's easy to find a "legit" reason to unblock. It was something really banal for me - I think they'd blocked a furniture site or something.
> "You can't just disable this 'feature' from Vodafone? I'm in the UK and my ISP doesn't do this."
Yes, you can disable it quite easily. Usually by entering a credit card number in their app or website to prove you're 18, or alternatively by contacting their customer service chat.
But of course, only pervs who want to access porn would do that, right?
In my experience it's a good idea to disable it regardless, it as there are often a lot of "false positives", and the filtering can sometimes cause performance problems. (Unless you've got kids and really do want to block porn, but eventually they're gong to discover VPNs...)
> But of course, only pervs who want to access porn would do that, right?
No? Why would you say this? I disabled this back with my old carrier and it was pretty painless - I don't recall there being any stigma attatched to turning off the filters. I've since moved carriers and I don't remember having to disable filters - maybe I did or maybe something about signing up turned it off?
I'm on EE PAYG. I have to go in to a store and show them my ID if I wish to remove content protection. I can't even visit webarchive pages with it enabled.
Painless based on provider, otherwise what described above is a pain.
> But of course, only pervs who want to access porn would do that, right?
Are people actually afraid of some stranger call-center worker silently judging them, but not even saying anything out-loud about it because the call is recorded and they'd be fired if they tried to actually shame you?
You presumably can't get a contract if you're under 18 because that would usually mean a credit check. But you can certainly get an account, on PAYG or pre-paid monthly direct debit that is not subject to contract. Some providers have "UK residents 18+ only" in their terms but others do not.
No, they don't all do that. Those kind of blocks are mostly confined to a handful of the larger ISPs, and especially the mobile providers. I've yet to manage to find something my current ISP blocks, for example. Might well be they block something, but none of the "usual suspects" that I'm willing to test (e.g. Pirate Bay, Sci Hub)
Not all of them. I’m on Zen, no filters as far as I’m aware, sci-hub works fine. Libgen is fine. Torrent sites that the ‘main’ ISPs block come up just fine, too.
Edit: some of the ISPs that do seem to land on this URL (note http) –
I can if I put in bank card details to confirm my age but it would be better if this didn’t happen in the first place unless there’s actually something 18+ on the site
Wow. I’ve never seen this class of ISP censorship. Is this some sort of government mandated system or has Vodaphone taken it upon themselves to do this?
The best solution would be the remove whatever stupid law allowed for that kind of censorship in the first place. As a bonus, if the UK puts up a better fight against this stuff it'll make it harder for it spread. Any nation where people have a vote should be strongly rejecting that crap.
Apparently, judging from the sibling comments, such law doesn't even exist: the UK government "advised" the ISPs to "voluntarily" adopt such censorship on their own, or else the government would actually bother to draft and pass such a law.
I'm happy for an ISP to be allowed to carry out as much censorship as it wants, provided it makes that known. They definitely shouldn't be forced to, though — in the general case — and I don't think anyone's demonstrated that they have been so in this case.
> I'm happy for an ISP to be allowed to carry out as much censorship as it wants, provided it makes that known.
Knowing about it won't help you if every ISP option you have is doing the same thing.
Where I live, we have laws that prevent people from interfering with the mail. If I send a letter to someone, once it's accepted the mail carriers can't generally withhold it and make demands before they deliver it or open my letter and remove or change whatever words/pages they feel like before completing delivery.
I think the internet should be treated the same. Beyond some basic QOS ISPs should be dumb pipes and be mostly forbidden from messing with things you send/receive over the connection.
I think there's a reasonable need for an ISP to act as a censor, if that's what its customers require. Hopefully, enough people want a censorship-free experience that every provider becoming a censor is unlikely to happen.
If your mail service had a "make sure mail from known pornographers doesn't get delivered to my house" option, and you had kids at home, you might well opt for it.
If someone wants to block certain sites there are client-based solutions that people can set up themselves and proxies they can use if they really want to depend on someone else to decide what they should be allowed to see. There's no need for it at the ISP level. At the very least it should be opt in, but something you have to ask to have removed.
CMD > run as admin > enter "sfc /scannow" without quotes then update should work again.
Next time anyone runs into a similar problem you might just want to zip the file before deleting it put a password if you AV still reports it. Or just get rid of your AV software it clearly su*ks if it reports legit system files.
The article doesn't mention an AV software, but a vulnerability assessment solution. Its purpose is to report known vulnerabilities and it would suck, if it did not report known vulnerabilities in system files out of fear of a downstream PEBKAC.
If you are running Windows 10, Windows 8.1 or Windows 8, first run the inbox Deployment Image Servicing and Management (DISM) tool prior to running the System File Checker. (If you are running Windows 7 or Windows Vista, skip to Step 3.)
I'm of the opinion that answers.microsoft.com exists only to mislead and confuse people so they stop reporting issues. I have NEVER seen an actual answer on there, and have never seen an answer that wasn't just copy/pasted by a stranger from an irrelevant Microsoft knowledgebase article.
It gets top SEO billing, and seems to be entirely unmoderated, or at least moderated by people who don't know anything about Windows. It's less informative than Quora. All this does is take all the air out of the room for an actual information source about Windows problems, and it's clearly ignored by Microsoft internal teams.
Creating a "Support Forum" for your brand that never offers actual support should be fraud.
The people who told them that deleting system binaries would fix their problems?
> I have been pointed to responses on the Microsoft site answers.microsoft.com done by “helpful volunteers” that specifically recommend removing the curl.exe executable as a fix.
Don't trust strangers on the internet with advice you don't understand the implications of. Even if they are sincere and mean well, they can still be wrong.
But that's the problem, the people doing this do not understand what curl is/does so want it gone because its got a CVE and some outlet somewhere has said its worse than what it is.
if that's the case we should just delete the entire OS as there are vulns all over it.
> The people who told them that deleting system binaries would fix their problems?
If you are responsible for the security posture and compliance in your organization, reading and acting on security assessments, and yet you do random changes based on random comments on forums, you deserve the blame.
I don't think we're not talking about individual end-users here. Those do not scan their systems for CVEs and do not have a requirement to get to 0 alerts.
> If you are responsible for the security posture and compliance in your organization, reading and acting on security assessments, and yet you do random changes based on random comments on forums, you deserve the blame.
It's not as easy. Of course experienced sysadmins know it's bullshit. The problem is that cybersecurity insurance policies require "immediate action" on alerts and no one, even assuming a competent CTO, wants to be stuck with the bill should a security incident arise and the insurance say "audit says no of your machines had mitigated issue xyz, claim denied". Deleting a flagged binary is evidence of mitigation.
The amount of utter bullshit, not to mention the literal spyware that is insurance-compliant antivirus solutions, that insurances force clients to comply with is insane.
The core problem is that insurances don't have the time to actually do deep dives to check if their clients have decent or no IT security. Hell, I'd wager everyone here knows of "that one server that never got updates, was in no inventory or whatever, and once the last disk failed suddenly everything else came crashing down". And so, insurances go with a 12 pound hammer to which everything is a nail, as it is the best way for them to be able to underwrite policies with the insane amount of coverage that GDPR and friends expose the clients to.
Agreed! And when people like that go to random forums asking for solutions to fix that CVE now, and are told to just override it with latest curl, that is the optimal solution given their (bullshit) constraints and I wouldn't blame the random forums.
> I don't think we're not talking about individual end-users here.
Are you sure about that? From TFA:
> Lots of Windows users everywhere runs security scanners on their systems with regular intervals in order to verify that their systems are fine. At some point after December 21, 2022, some of these scanners started to detect installations of curl that included the above mentioned CVE. Nessus apparently started this on February 23.
> This is not helpful.
> Lots of Windows users everywhere then started to panic when these security applications warned them about their vulnerable curl.exe.
That sounded like it included individual end-users to me.
Anectodally, I know a few Windows users who don't trust Microsoft to do security well, but can't bring themselves to move off Windows for whatever reason, so run 3rd party AV and security tools to help protect themselves.
> Either you're security-conscious or you do random changes based on anonymous forum posts, I just don't really see an overlap.
I think there's going to be a not-totally-insignificant minority of people out there who are both worried about security, but just don't have great technical knowledge. (They sometimes show up on r/privacy if you need convincing they even exist.) Even if it's a really small percentage of users, given how large the Windows install base is, that's still going to be a fair amount of people looking for any kind of fix for the "problem" that their security scanner has warned them about.
I'm guessing a common sequence is someone knowing what curl is, but not knowing that Windows ships with it. So, thinking that System32\curl.exe must have been put there by malware, or put there by someone installing optional software.
There are people responsible for the security of Windows systems in some organisations that do not understand their job. They look into their AV solution and it says vulnerable file detected on $x systems and they instruct their IT department to remove the file.
Ive been actually impressed by Crowdstrike product (I guess)
Ive tested a two or three years old Chrome version with JIT compiler vulnerability and guess what - on empty Linux vm it managed to escape chrome and execute code
Meanwhile on Windows with Crowdstrike Chrome just showed some error message about mem. access
Im not sure who handled that attack - was it Windows or Crowdstrike, but eitherway Ive been impressed
"""
The Applicant must be active in its management of computers and network devices. It must routinely
...
remove or disable unnecessary software (including applications, system utilities and network services)
"""
So, based on the quote above, curl.exe must be removed if it is not used, no matter whether it is vulnerable or not (yes I know it is a misreading, but it's frightening that the most literal interpretation is a misreading).
>Many Windows users are even contractually “forced” to fix (all) such security warnings within a certain time period or risk bad consequences and penalties.
So the blame would be on managers who think checking boxes is how every single job works.
Many times those managers are not responsible for the contractual obligation either. It's one of those comedy of errors type situations where no one single group is fully responsible but put all the decisions together and bad things result.
Microsoft. It's their binary shipped in their system, and their customers are being directed to break their own systems. It's on them to remediate the situation.
But Microsoft are not advising them to remove curl AFAIK, in that case Microsoft should fix every issue ever within Windows, even if its self inflicted.
End of the day this as Daniel says is scare mongering by others who don't know what they are doing.
The phrase, if someone told you to jump off a cliff, would you?, and, Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should...
Not really. They aren't the ones directing customers to break their systems. They could ban anti-virus software and get slammed for being anti-competitive I suppose. Or they could try to track down all the vendors who are being stupid and ask them to please stop but that probably won't remediate it. They don't have a lot of moves here nor does the curl project.
Their platform (Windows) is getting a bad reputation due to the problem they neglected to fix (shipping a "vulnerable" curl, informing users when the old curl was getting flagged). They could pass the buck but it's just going to be bad for them later when users think Windows itself has security vulns and breaks itself when the users do what they're told to do by vendors. If they don't want the bad rep, they need to be proactive and work with vendors and better inform customers. If I was the CEO I'd do something about it.
The last couple of CVEs I was forced to address were in docker images based on alpine or debian, in which the some library version on the system was hit with a High or Critical level CVE. But in reality the ability to exploit the vulnerability required being able to execute a particular program on the running system. The levels of exploit required to even get to being able to exploit this vulnerability in the context I was required to mitigate it meant that in reality, your systems have already been compromised even before this can be exploited.
CVE numbers have exploded while their quality has declined partly due to things like company and project bug bounties, where individuals get bonuses internally for submitting CVEs that get an ID. There's a virtual army of people doing nothing but looking for subtle ways to exploit key tools just to be able to earn a bonus. Some bigger projects, like the linux kernel, dispute some CVEs (e.g. CVE-2023-23005) because they are b.s., but smaller projects don't have the luxury.
Follow the links to the actual issue description and check if it makes sense in your context. While the current aggregators are not perfect, there will always be edge cases where you care about some issues more/less than someone else. The whole idea of having a single number has limitations.
They deserve to not be allowed to restore their system to normal?
> The people who deleted or replaced the curl executable noticed that they cannot upgrade because the Windows update procedure detects that the Windows install has been tampered with and it refuses to continue.
It does make sense, as the upgrade may break the system because of the tampering. Probably say upfront that there's a problem and let the user do a full reinstall when they can rather than attempt to upgrade and break everything. They could have a "force upgrade" button, but many people would just click that without thinking twice then blame MS when it breaks everything.
curl is used to download files… if it is missing, Windows presumably won’t be able to download something. If they just go for it anyway, the system could end up in some undefined state.
Since the policy is going an extra mile preventing something rather than simply not caring, it probably does make sense. Just in a way that's not trivial to anticipate.
Every time I run into a Windows related problem I find an answers.microsoft.com post of someone with the exact problem I'm having and every time the thread runs dry after some Verified Super Duper Senior Adviser Technician Microsoft Windows Expert Professional says "have you tried reinstalling Windows 11".
I don't know if you get forum points for suggesting wiping your drive or something but I've never seen a useful response from someone tagged as some kind of expert by answers.microsoft.com.
they cannot upgrade because the Windows update procedure detects that the Windows install has been tampered with and it refuses to continue.
I'm surprised I've never heard of this before. In my experience you can almost hear Windows Update cackling with glee as it un-customizes your Windows install.
I use whatever Microsoft call their built in security this year, use ublock origin, and reinstall Windows about once a year. This seems to be the better alternative to having Norton/McCafe/<insert name of "security" program that uses more CPU than malware>.
ESET NOD32 is still going to be lighter and more performant than any alternative, including Windows Defender. The latter includes big delay for small file access, even just metadata!
Is there a windows equivalent of "chmod 0000 /file/to/be/made/unavailable" ? Even that seems pretty brutal but at least it's easily reversible if you discover that "oh I needed that to download the vendor patch that will _actually_ fix the problem"
There is, you can go into the NTFS permissions and just deny access to every group and user on every type of file access. I did that for compattelrunner.exe*
Windows has so far randomly undone these changes so there's probably some kind of recovery mechanism that gets triggered when you alter file permissions. A script running on login setting the permissions through powershell seems to have put that stupid executable in stasis on my machine at least, so perhaps it works for curl too.
* compattelrunner is a telemetry generation tool that seemingly cannot be killed. I have applied every registry hack, privacy tool, and Windows setting, but that damned thing will not be disabled. If it weren't for the driver signature enforcement, I would've written a minifilter driver that makes all files with that name disappear to finally rid myself of this curse.
Really depends on how windows put that curl.exe there in the first place. WinSxS would probably detect the damage and fix it. It is kind of how MS 'fixed' DLL hell. Windows really tries to stop that sort of thing. Also depending on how it was installed you may be able to get the windows installer subsystem that controls it to just uninstall it for you. Would just depend if it s part of another bundle or not. If you want to see how there are tons of vids on how people make stripped down windows installs.
Also if you are stuck with this another way to fix it is to just run the file out of a different directory and/or rename your new one. Windows load hierarchy is local folder first, then path (which usually has system32 in there somewhere).
But if you are dead set on your chmod method yes you could use calcs to do it. Add the executable permission to false. You prob would have to do that from a decently privlaged account. You probably could also do it from active directory using a group policy.
A better way is to open a phone support ticket with MS if they are the ones installing it. Going onto their web support boards is usually basically a dead end. If you bought your PC from an OEM you can call them too then they can open a ticket with MS.
because it comes from the motherboard and will reinstall every time i reboot. I have deleted it before, renamed it and more but nothing helped unless i revoked its privileges.
Or differently said, modern asus motherboards actively come with a rootkit.
Another one a lot of people don't realize ships with Windows 10 & 11 is tar. Specifically bsdtar which along with tar files can also create and extract zip files.
curl on windows is my fallback to telnet (which is even less likely to be available on a clients windows computer)
to quickly check connectivity and address resolution without having to install anything
I love the sneer towards the helpful voulonteers on the Microsoft forums.
Hello, <name>, how are you?
Good day! I'm <other name> a Windows user like you and I'll be happy to assist you today. I know this has been difficult for you, Rest assured, I'm going to do my best to help you
Please do
<giant copy paste including scf /scannnow and dism /something>
If the problem still persists, please try to update using the Microsoft tool.
Kindly let me know if this helps or if you have any further concerns.
Sincerely,
<other name>
Independent Advisor
Standard Disclaimer: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.
>I just want to emphasize that if you install and run Windows, your friendly provider is Microsoft. You need to contact Microsoft for support and help with Windows related issues.
Worth remembering this is only the case if you buy a retail license.
If you cheaped out with an OEM license, you are your own customer support and Microsoft won't help you.
If you bought a laptop or pre-made desktop, you have an OEM license provided to you by whoever manufactured your computer and they are your customer support; Microsoft won't help you.
Honestly Microsoft doesn’t help you even if you paid directly. You might get lucky and have some forum volunteer give you a hand, but Microsoft will absolutely under no circumstances fix your PC
(I don’t need tips to get around this or anything, I can just connect to another network or use a VPN)