• Car@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    7 months ago

    I always thought it wasn’t included by default to mitigate malware damage to a system. Malware needs to be just a little bit more advanced if it can’t hijack Powertools to do what it wants

    • palordrolap@kbin.social
      link
      fedilink
      arrow-up
      6
      arrow-down
      2
      ·
      edit-2
      7 months ago

      Any self-respecting malware writer will download and decompile the Powertools to find out what API calls are being used. Especially if they’re calls to an undocumented API.

      Having Powertools on your computer is thus not the security hole it might appear to be.

      The fact they exist at all - well that’s not really a security hole either. Their existence just more quickly dissolves any security-by-obscurity that might have existed. Someone would have found those calls another way.

      One might suppose that they contain something special that’s not in the stock OS, but then we’re back to the malware writer’s reverse engineering which would lead them to learn and implement their own versions of whatever it is that Powertools does.