VS Code

903 readers

5 users here now

founded 2 years ago

MODERATORS

[email protected]

Microsoft apologizes for removing VSCode extensions used by millions (www.bleepingcomputer.com)

submitted 2 weeks ago* (last edited 2 weeks ago) by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 2 weeks ago

This feels way too apologetic by MS to me. Dunno if that's mainly the reporting in this article.

When asked by BleepingComputer about this development, cybersecurity researcher Amit Assaraf continued to claim that the extension did contain malicious code. However, there was no malicious intent from the publisher, commenting that "in this case, Microsoft moved too fast."

They "accidentally included" stuff that didn't belong in there. They obfuscated their code. Multiple red flags were hit.

For me, moving fast in blocking spread seems warranted. Maybe it shouldn't trigger removal on installs immediately, depending on how fast they can check.

The authors ban circumvention and outdated dependency the cause but not an issue claims were dubious at best as well.

Sure, maybe no ill intent. But that doesn't mean security practices should not happen.