Hello everyone, this post will be about the insanity of windows security, that has yet not been useful.
Alright, lets begin.

Lets say you create a hello world program on linux. Simply, std::cout << "Hello, world" << std::endl;, and thats it. Now, what does linux think of it?
Linux says: its fine! And so does virustotal. Lets check on windows now!

I made the same file on windows, by using:

#include <iostream>
#include <windows.h>

int main() {
    std::cout << "Hello, world" << std::endl;    
}

And out of nowhere, its instantly detected as malware! And on virustotal, even by 7 different antimalwares.
I thought this must've been wrong, so I compiled the same program with the --static flag, which will completely change the hash yet the functionality will be same. Sandboxes detected obfuscation as a possible flag, which does make sence since I am including the entire windows library, so I let that pass, but yet, still, it was detected by 3 antimalwares.

Turns out, windows has a zero-trust sort of approach to security, yet ineffective to anything actually malicious. This also includes windows smartscreen, which detects as potentially malicious preety much anything. Now, why is this the case?
Well, partially because of the amount of windows malware, but partially also microsoft's monopoly. Do you want the smartscreen notification to go away? Good luck without paying.
If you don't care to add all these verifications, your product is preety much dead on arrival, since all users will get this notification, not open it because windows hides the run anyway button, and therefore your program won't get enough attention from microsoft to actually remove this notification, and your program is dead forever.

Even tho there are all these complex malware technigues, when I tried to bypass it, it took me about 30minutes to come up with a solution. Simply make a shortcut to microsoft edge, to open up cmd with a command to start the exe(renamed to .jpg), using the start command, and it worked flawlessly at the time, and I have not tested it since.
.hta apps work the same way, aswell as .scr apps sometimes.

Zero-Trust is nice, if it cannot be bypassed by a random person in half an hour. Otherwise, its really not.

See you next time!