This is just a link to their front page. Is it suppose to explain. I’ve seen corporate laptops which do not allow a boot from a USB stick so you are lucky. Don’t give this idea to your admins.
It sounds too simple for AV companies, like Kaspersky et al, to only rely on a hash to ID malware. In about 15 seconds I can change the hash for any file. I did an experiment with tor.exe and changed Tor to ToR in some message. Below are the before and after SHA256 hashes.
If a new tor.exe comes out and is seen for the first time anywhere it will be unknown to any AV. Does this make it safe? OR a known malware has one bit changed in a message, like I did, does it now fool the AVs.
Too easy.
I remember a post in 2022 about Norton 360
It clearly only complained when executed and not the hash.
On the landing page under limitations, it has explained the issue. Tor makes all users lookalike not hidden. Therefore connections to the tor network are detectable. Although the content of the connection is secure.
The bootable flash drives are already not allowed. There are some workarounds for that too. I am not concerned with that, since booting with an unregistered bootable OS, raises a much bigger red flag than using a proxy, or VPN on a network.
I assume that the mechanism with which Anti-viruses look for threats is different from the one by which they control the apps. For viruses, they sometimes look for patterns in the assembly code. Or other patterns depending on the threat type.
In the tor execution permission case which I checked, apparently AV looks for the application signature (or a combination of executable identities), by removing the signature (or changing the identification parameters) the program executes well. Although I had to change two executables (tor browser and tor). I should have checked whether a Tor update would have worked or not. If it works it means that the AV only bans a very specific exe and nothing more.
Having said that, I still think that being able to hide the Identity of the Tor browser is a lacking feature. Especially in countries where having anti-censorship tools is considered a crime. This feature adds a layer of safety to the user. I am not sure how it can be implemented for the tor released executables, but it must not be too complicated for the tor builds and source codes.
OK. I had already read that at some time. I thought there was something different.
You will most likely get success with the source. Now the question, not necessarily from me to you but in general.
I am in a place where it is a crime to have anti censorship tools so I am very very weary. I know the penalties. I have no idea who you are so why should I trust this build you put out somewhere for me to download even if it is source code for me to build. You could only pass this on to close friends you have mutual trust with. Then it gets passed on from that close friend to that person’s close friend and so on. In that “so on” there is an state agent called, let’s say, Bill Haydon who reports to Karla.
You see where I am going. In an environment you write about it must be very difficult to trust anything.
As I currently live in such regions where having such tools can be troublesome I can express my experience. I will keep the question open for answers for those of us who have the brightest minds.
In my region, using said VPNs or Proxies is not “illegal” yet you can get into trouble for activities that come with using the tools. (e.g. being active on a banned social media, site, …) However, making, shipping, selling, and distributing VPNs, and Proxies is illegal. (it is an absurd law that comes from an uneducated lawmaker. after all, what is a VPN, but a secure connection between two computers like every other connection.)
In my region, people use all sorts of unknown, compromised, harmful VPNs, just because they connect them to the said banned service. Some government-related companies even release their own VPN (unknown to people) with the sole aim of having control over the connections. This way they hit two targets with one bullet. Double charge people for the internet, and have total control over the internet.
Having said that my naive solutions to the problem are:
For those who have sufficient knowledge and experience with programming and building processes, providing a configuration file that makes masking the “regular” tor signature and its related “red flag” processes easier. For example, a script that changes whatever tor name occurrence in the project to something else. Or giving the user easy access to change logos. This way you can build your tor without the looking eyes getting suspicious.
Provide an installation mechanism to make these changes. I mean after installation. Tor could perform some types of post-processing to do so. I have no experience with Windows apps but I have seen such a mechanism in the LuckyPatcher app on Android.
Both of these solutions do not cause any trust issues. since for both you receive the sources from the official repos and websites.