Why does Windows consider fan control software to be 'dangerous'?
There have been a number of reports that Windows Defender is flagging software that controls PC fan operation and lights as 'dangerous.' Similar issues have occurred with multiple pieces of software, and technology media The Verge explains why this is happening.
WinRing0: Why Windows is flagging your PC monitoring and fan control apps as a threat | The Verge
Windows 11/10 is flagging 'Winring0' on your PC monitoring, fan control apps, here's why - Neowin
Among the apps flagged as risky are those developed by gaming product manufacturers such as Razer and SteelSeries, and they all share a common thread: they use a system driver called 'WinRing0.'
WinRing0 is a driver that allows access to I/O ports and PCI, but vulnerabilities were found in some versions in 2020. In theory, it is possible to read and write the values of pointers in memory, and even to gain system privileges.
The reason companies use these drivers is because there are very few ways to control hardware in Windows. According to the developer of the software that controls the lights, the only free drivers that can access the necessary registers are 'WinRing0' and 'InpOut32', and InpOut32 conflicts with Riot Games' anti-cheat tool, so they have no choice but to use WinRing0. The developer himself acknowledges that WinRing0 is vulnerable, but says, 'It's a driver with kernel-level access privileges, so it's only natural that it would have such a vulnerability.'
Furthermore, there have been cases where software that was given kernel-level access permissions has malfunctioned, causing Windows itself to crash, so it is a reasonable decision to try to close a potential loophole.
Razer has updated its control software to stop using WinRing0, and developers of software called SignalRGB have worked around the restrictions by using their own SMBus drivers, but these updates come at a cost.
The WinRing0 vulnerability itself has already been patched, but the signed patched version is not easily available because it is not distributed in open source, which has caused dissatisfaction among developers who have been using it because it is open source.
'It's not realistic to require non-profit, open source software to pay the same costs as a for-profit company to get a signed driver,' said Adam Honse, developer of the LED management app OpenRGB . 'The signatures are also time-limited and require ongoing updates, which would likely incur recurring costs. After researching, it appears that you can't even get a signing certificate unless you're a company. Microsoft has given us a hard time.'
Related Posts:
