No Known Ransomware Works Against Windows 10 S, Says Microsoft (betanews.com) 160
An anonymous reader shares a report: According to Microsoft, "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack." That's great news for anyone running the latest version of the OS, and the software giant says it is working to ensure Windows 10 remains safe from other future attacks. However, if you want to guarantee your safety from ransomware, then Microsoft points out there's an even more secure option to consider -- Windows 10 S. The new, hardened Windows 10 variant only runs apps from the Windows Store, which means it can't run programs from outside Microsoft's ecosystem, and that includes malware. Which is why, as Microsoft says, "No known ransomware works against Windows 10 S."
Oh yeah (Score:2, Insightful)
Jailbroken and rooted phones say otherwise.
And? (Score:2)
Jailbroken and rooted phones say otherwise.
But jail-breaking and rooting, that's not "ransomwear".
In any case there are significant differences between the phone OS and the desktop OS, just because they both share the same basic name doesn't mean one hack works on the other
Re: (Score:1)
Re: (Score:2)
Microsoft also stupidly assumes that no zero-day exploit could ever rootkit the OS, whereupon it can execute any program it wants. Why do I say stupidly? Because in the last year alone, four exploits have done exactly this with Edge, which runs on Windows 10 S.
Re: (Score:2)
Of course, Microsoft doesn't know right now of existing malware that exploits an Edge vulnerability and works as ransomware, so they're correct in saying no known ransomware works.
I'd be worried about unknown ransomware, but that's me.
Re: (Score:2)
TFA isn't clear on whether this is a Microsoft statement, or their own, but it seems to say that ransomware won't work simply because it won't run on the OS without being signed.
Re: (Score:2)
Assuming that Microsoft is perfect in keeping malware out of their store,and there's no other way to get executable code in, this is true.
Re: (Score:2)
But there is another way to get executable code in, namely through exploits like the SMBv1 vulnerability that wannacrypt used, or the three Edge exploits found at the last pwn2own event.
If you get executable code in that way, then signing is irrelevant, and so is the MS store. Sure, wannacrypt was written like shit and had to download its own executable separately, but a good hacker should be able to inject a proper malware payload.
Neither do the applications (Score:2, Interesting)
None of the applications I regularly use are supported on Win10 S, so I guess it's as useless for me as it is for the ransomware developers.....
Re: (Score:3, Insightful)
The most secure system is one that nobody can access
Re: (Score:3)
Back in the day when MacOS 9 was still non-multitasking the US Army ran their webserver on it with the assumption that if you can't log in to the machine remotely (the server did not support SSH, telnet or anything else) you can't hack it. Apparently it worked for them.
Re: (Score:2)
And the most useless.
Re: (Score:3)
I have the most secure operating system ever. It does nothing but play minesweeper. Internet connections automatically fail to protect the system integrity. The OS and the single minesweeper application are stored in ROM and cannot be modified either with or without a password.
This is more secure than Windows 10 S and slightly more useless.
Re: (Score:1)
So you have absolutely no idea as to what your highest score was?
Re: (Score:2)
Re: (Score:2)
I write my high scores down on a pad of paper. To prevent others from reading it I regularly burn those papers and watch the smoke rise. I call this "synching with the cloud".
Re: Neither do the applications (Score:2)
Re: (Score:2)
I have the most secure operating system ever. It does nothing but play minesweeper.
Let me guess: You run Luminesweeper [pineight.com].
Re: (Score:2)
Actually no. But reading that page it does sound much more secure than Windows 10 S while still providing a safe walled garden.
Re: (Score:2)
Here's my evil plan!
1) Install Windows 10 S on the system
2) Install Hyper-V on Windows 10 S (hopefully this is allowed)
3) Configure RemoteFX graphics so I can run the Guest VM with good performance
4) Setup a SMB share with an ACL only accessible by the Guest VM on the host
5) Install Windows 10 Professional as the guest
6) Run Windows Update.
7) Install Office, Visual Studio, Docker, Linux Subsystem, some other crap as well.
8) Snapshop the VM
Re: (Score:3)
Are you serious or joking? I honestly can't tell.
Re:Neither do the applications (Score:4, Insightful)
I just assumed Microsoft deleted their database on known ransomware so they could claim that no KNOWN ransomware works.
None? (Score:5, Insightful)
I believe the correct response to this is "Challenge Accepted".
Re: None? (Score:1)
Re: (Score:3)
No known ransomware runs on my pet rock, either.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
They didn't actually say "known to them," so if it's known by anyone I think it counts.
Re: None? (Score:3)
That would be easy enough. If it is ransomware the person writes, just get yourself infected by it and willfully pay the ransom.
Re: (Score:1)
Introducing: Captain Obvious! ;)
Re: (Score:2)
When MS makes Windows 10S the Only OS that OEM's can install on their kit (don't forget the pay $$ to upgrade to 10-Pro option) then just about everyone who buys a PC from the likes of Best-Buy, PC-World etc.
MS is aiming for a model where everyone pays for the upgrade and then pays daily/weekly/annually for updates and patches. Software rental is alive and kicking.
Re: (Score:2)
MS is aiming for a model where everyone pays for the upgrade and then pays daily/weekly/annually for updates and patches. Software rental is alive and kicking.
Well, that will certainly shut the "Macs cost more" crowd right the hell up, won't it?
Re: None? (Score:2)
Re: (Score:2)
And that's precisely why I'm fairly certain Windows will never become a subscription "service".
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
When MS makes Windows 10S the Only OS that OEM's can install on their kit
"When"? Can you provide a source for announced or leaked plans to discontinue Home in favor of S?
Re: (Score:2)
No link but isn't it the obvious move? Doing this will make more money for MS and that is what it is all about isn't it.
Re: (Score:2)
Does Chromium, the build of Chrome with all non-free parts stripped out, also log keys?
Also.... (Score:5, Insightful)
Also, no known useful software works on Windows 10 S either. Quite the tradeoff.
Before you scoff at this as random trolling, think about what the odds are that Adobe, Autocad, and any real software packages are going to take a 30% haircut required by the MS store to run on this turkey. Sure MS programs will be there but Steam worn't be, nor will much else useful other than a sub-section of Windows Phone apps.
But no malware as of today will run. They said the same thing about Windows 8.x upon release. And Windows 7, and.....
Re: (Score:1)
Photoshop Elements 15 is already available on there
Re:Also.... (Score:4, Insightful)
Windows 10S is ransomware, why would it let other ransomware run. It's like kidnappers, allowing other people who claim to be the kidnappers, getting the ranson and make no mistake, M$ is kidnapping your digital life with windows 10$ and holding it to ransom, pay or lose it.
M$ knows most consumers dislike them, just buy their gear because of existing lock in and now seeing that it is their only source of customers, they are attempting to force more people into the XBox domain. Seriously gullible idiots, who are paying to hand over control of their computer and their digital life to one corruptly monopolistic corporation, how popular is M$, just look at the lose phone (calling a winphone would be a lie).
Yet the moronic fuckwits, rather than reforming and trying to become a better supplier and regain popularity, is simply trying to force more lock in, to extort it's customer base, either sign and pay for life or be cut off. It looks like people are preferring to be cut off.
Re: (Score:1)
This is what Apple calls duplicating functionality in its own store rules.
Re: (Score:1)
"M$ knows most consumers dislike them"
Consumers don't give MS a second thought. They don't care about the OS they are running. They actually use their computer to run applications. They don't sit around nitpicking every perceived flaw in the underlying OS. MS discontinued their phone development because they are making more money from the patent licensing fees they receive on every Android device sold. And now they are doing something that is going to piss off the crusading MS haters. They are in the proces
Re: (Score:2)
Consumers will care when they can't run the same programs their friends are running.
Re: (Score:3)
Irrelevant when your entire customer base suffers from Stockholm syndrome.
All it would take is a weakening of anti-trust law (Score:2)
Re: (Score:1)
Windows 10 S sounds about as useless as the Windows surface RT that I was given, for free, as payment for work done. I sold it for $100. Had a lovely screen, great battery life, and just SO much potential. But, at the end of the day, the ONLY useful program on it was OneNote. And I already have that on my phone and other devices.
Useless. Useless. Useless. So much potential. Couldn't even run OpenVPN. Come on, Microsoft. You're trying to turn the world into a walled garden like iPhone and Android. The thing
Re: (Score:2)
Before you scoff at this as random trolling, think about what the odds are that Adobe, Autocad, and any real software packages are going to take a 30% haircut required by the MS store to run on this turkey. Sure MS programs will be there but Steam worn't be, nor will much else useful other than a sub-section of Windows Phone apps.
adobe and others already moved to subscription as a pre-emptive move during windows 8 launch. they saw it coming and did that.
and that did put a little damper on MS. it wasn't a secret that all the pushing of the unfinished win8 store and metro apps was fueled by the hope that they could get 30 percent of all desktop sw.
Re: Also.... (Score:2)
Re: (Score:1)
I only have 30% of my hair left.
I can not afford that.
On the plus side, I wouldn't have any overhead.
Re: (Score:1)
Of course, all it takes is a change to the terms and conditions, and suddenly they're not allowed any more.
This is Microsoft, FFS. You'd be safer sticking your head in a grizzly bear's mouth than trusting Microsoft not to kick you out of their ecosystem once they've hooked everyone into it.
To quote... (Score:2)
Re: (Score:2)
Surely you mean the Windows (S)hit Store?
Yeah but nobody wants to USE Windows 10 S! (Score:3)
Because the amount of software that works on Windows 10 S bites syphilitic camel wang.
Whatever (Score:1)
Re: (Score:2)
well.. (Score:4, Insightful)
Re:well.. (Score:4, Funny)
Please submit 1 Bitcoin in order to get your shit back.
Re: well.. (Score:2)
I only have five Shitcoins. What's the current exchange rate?
Yes there is (Score:1)
It's called Windows Update
Comment removed (Score:3)
Re: (Score:2)
That was my first thought too. Linux has a fantastic protection scheme offered by the fact that it's different and that it is a small and not very valuable attack surface for desktop users.
Windows 10S currently is the same. Will it still be the same this time next year? Well I hope so because the idea of locked down OSes should fail and die, but if it does become popular let's see how long it stays malware free.
Key Word (Score:3)
Known is the key word here. It's not the problems you know about, it's the ones you don't that get you.
So, let me get this straight... (Score:5, Interesting)
If the S version is supposedly better, why offer a $50 "upgrade" to the less secure non-S version? You can't have it both ways. Either you own your walled garden or you accept your open platform. You can't offer an upgrade to a version you're claiming is superior.
Moreover, they're basically arguing that their software is more secure because it's hobbled by design. A rock is similarly secure against WannaCry, but that doesn't mean it's actually useful for everyday computing tasks.
Re: (Score:1)
A rock is similarly secure against WannaCry
Just as any liberal is secure against any counter-arguments, because <BLOCKED>
Re: (Score:2)
You can't offer an upgrade to a version you're claiming is superior
Aside from the typo in that sentence, of course you can. "Superior" is not an absolute for an entire package. It depends highly on a use case. The most secure OS in the world can be free and I still won't consider it superior most likely because I won't be able to do anything with it.
Yeah right... (Score:2)
the other shoe drops (Score:3)
No Known Software Works In Windows 10 S (Score:2)
No known malware cleaner works either (Score:2)
I tried to convert back to Windows 7, but none of the tools would do that for me.
Just kidding. I never changed to Windows 10 in the first place
No ransomware for... (Score:1)
Re: (Score:1)
Clever...
10S, a push to education, doomed to fail?? (Score:5, Interesting)
Windows 10 S is clearly a push into the education market: but google has has had Chrome For Education for several years now: and the big advantage of Chrome Management Console (CMC) is it being active directory in the cloud done right. CMC makes it super easy to lock down, manage and update education targeted computers (it's also great for digital signage) /.ers have a comparison of the two systems.
I haven't used Azure AD, so it would be interesting if any
Apple had an awesome opportunity here after they created a whole new locked to a store OS niche, but never capitalised on it by giving schools the tools to manage the platform.
Now the only reason PC's are still selling, are office and legacy programs. Think custom business programs written in .NET and specialised CAD/CAM software. MS have lost the first mover advantage to chrome, and I doubt this move will get it back.
Re: (Score:3)
I regularly use exactly two programs for which I still need Windows. (I don't consider Apple a contender because of hardware lock-in and boutique pricing.) Neither of them are Office -- there are already reasonable alternatives for that. The moment Lightroom and Photoshop are available on Chrome or Mint, Microsoft has seen the last of me. (There are things called "lightroom" and "photoshop" on Android, but they're still mostly toys.) Apple saw the last of me some years ago, when I finally retired the G
Re: (Score:2)
I'm aware of that, thanks. I have a laptop running Mint on a silicon drive, and it's really fast and reliable. I wanted to get Lightroom working under Wine so I could have something handy in the field for post-processing. But there's something wrong with the way it does transparencies under Wine, making it generally unusable. This was version 5. I've read elsewhere that there are additional issues with Lightroom CC under Wine that Adobe has flatly refused to fix. So for now, I'm stuck with Windows.
in other news (Score:1)
Apple says
no mac is infected by wannacry
Re: (Score:2)
Macs can dual boot. I'm sure there is at least one mac user who had WannaCry hit their Windows version, and it encrypted the data files on their OSX partition.
"no known ransomware"... (Score:2)
"No known ransomware works against Windows 10 S."
Until the moment ransomware gets snuck into the Windows Store. Which, if it hasn't happened already, will probably be next Thursday.
Promise made and it will be kept. (Score:2)
hey microsoft, dont worry (Score:2)
Translation: (Score:2)
"No known ransomware works against Windows 10 S."
Read: "No one can compete with us on our home turf."
Throwing down the gauntlet (Score:2)
MS likes to invite trouble??!!
No Known *Software* Works on Windows 10 S (Score:1)
Arrogance.... (Score:2)
"Challenge accepted" ....said the 12 year old Lithuanian kid in his mom's basement. Expect ReallyWannaCry S Edition in weeks.
Known vs unknown (Score:2)
Pretty much by default, if software is known to be ransomware, Microsoft will remove it from the store. Thus, no known ransomware is on the store.
It's the unknown stuff that's the problem. It won't be known until after the timebomb has been released and the damage is done.
Gotta love word salad and technicalities.
Of course not (Score:2)
Malware is a business. For the same reason there is no malware working on some obscure NeXT clone OS, it doesn't work on Windows 10S: Why bother writing malware for a system nobody uses?
can't run programs outside store? (Score:3)
you can browse the web right? because it has the edge browser (you know, the most secure browser of the big 3).
sure, edge might run in a container or something similar, and those are secure, right?
better read up on the last pwn2own - https://arstechnica.com/securi... [arstechnica.com]
of course it doesn't (Score:2)
They made sure that no known *software* will run on Windows 10 S, so obviously Wannacry won't run.
The next generation of Wannacry though, is another story. Someone just has to use a fraudulent code signing certificate or whatever else Microsoft does with their store apps, or somehow masquerades as another application, and we're back to status quo.
"According to Microsoft" (Score:1)
Whichever M$ employee who wrote that press release will be looking for a new job when the "Challenge accepted" group goes berserk to prove him wrong. And they give the reason that M$ needed to be taught a lesson (again).
Anyone looking for a cheap ex-M$ marketing person?
Re: (Score:2)
Maybe we'll get lucky and the malware writers find a bunch of "Install Anything" exploits on Windows S.
Re: (Score:3)
The old wipe-and-Linux won't work if Windows 10 S devices come with Restricted Boot [fsf.org], which means UEFI Secure Boot that a device's owner cannot reconfigure. Microsoft licensed Windows RT only to OEMs who promised to configure all Windows RT devices with Restricted Boot.
Even without Restricted Boot, wipe-and-Linux will fail if manufacturers of components of said devices fail to cooperate with driver developers. You'll likely end up with unaccelerated graphics, no audio, no network, and no suspend.
Re: (Score:2)
W10 S.
not windows 10.. the whole point is that it can only run sw from the appstore.
unless you jailbreak it or whatever. or just write malware for the browser.
Re: (Score:2)
Or just get their appstore to do the malware distribution for you [trendmicro.com].
Or do you really think MS will check more about your software than whether its revenue stream is flowing?
Re: (Score:2)
With other malware I'd agree, with ransomware this isn't the case. Ransomware doesn't actually require any elevated permissions, that's what makes it so successful. What does ransomware want to access? Local files in the user storage space. I.e. exactly the files that the user needs to be able to manipulate in his every day business. It needn't install a service, it needn't create files in non-user spaces, it has no reason to write into the registry.
What ransomware needs to do, and I agree with you on that
UWP enforces file-level permissions (Score:2)
What does ransomware want to access? Local files in the user storage space. I.e. exactly the files that the user needs to be able to manipulate in his every day business.
The user's everyday business needs to access files that the user chose through the operating system's file chooser form. Ransomware, by contrast, needs to access the user's entire home directory. This is why modern sandboxed environments, such as OLPC Bitfrost, the Mac App Store Sandbox, and UWP, lock applications out of any file or directory that the user hasn't chosen through a file chooser form requested by that application.
What ransomware needs to do, and I agree with you on that ground, is to run software from an "odd" place, like the download directory, the temp directory or the user directory, i.e. from places where there should be no executable file in a normal work environment. That can be dealt with via software policies and execution prevention of software from places other than whitelisted directories where executables are stored.
Then watch ransomware install itself to Visual Studio's temporary directory, wher
Yet game console lockdown succeeded (Score:2)
Having an operating system that just works with applications that they pre-approved, and nothing else is a terrible idea. They tried this with Windows RT, look where they are now?
Microsoft tried this successfully with Xbox, Xbox 360, and Xbox One. Apple tried this successfully with iPod classic 5, iPhone 3G, iPod touch 2, and iPad. Sony tried this successfully with PlayStation, PlayStation 2, PlayStation 3, and PlayStation 4. Nintendo tried this successfully with NES, Super NES, Nintendo 64, Nintendo GameCube, Wii, and (so far) Nintendo Switch. Nintendo also tried it with Wii U, but that platform was less successful for reasons other than the lockdown.
So how did these other locked d
Re: (Score:2)
As examples, you named iOS devices and a bunch of gaming devices. Most people buy their game consoles for the purpose of running games that are released for that console. If they also want a computer, they typically buy a computer.
iOS works because there's so many and so varied apps in the App Store that it isn't a practical problem for the most part.
RT may have failed partly because Microsoft had no idea how to market it. Calling something Windows RT suggests that it will run Windows programs. It