Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Microsoft Security Windows

Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer' (zdnet.com) 125

Earlier this month, Microsoft said "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack," adding that "no known ransomware works against Windows 10 S." News outlet ZDNet asked a security researcher to see how good Microsoft's claims were. Turns out, not much. From the report: We asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system? It took him a little over three hours to bust the operating system's various layers of security, but he got there. "I'm honestly surprised it was this easy," he said in a call after his attack. "When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would've wanted more restrictions on trying to run privileged processes instead of it being such a short process."
This discussion has been archived. No new comments can be posted.

Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer'

Comments Filter:
  • Known to MS (Score:5, Funny)

    by turkeydance ( 1266624 ) on Friday June 23, 2017 @11:03AM (#54676027)
    i know nothing...Sgt Schultz
  • HA HA (Score:4, Interesting)

    by Higaran ( 835598 ) on Friday June 23, 2017 @11:05AM (#54676045)
    I'm usually a fan of MS, but that is some bull if I ever heard it. Maybe there is not a known ransomware because no one thought to make one yet, I didn't even really realize that OS was even out yet.
  • by UnknowingFool ( 672806 ) on Friday June 23, 2017 @11:07AM (#54676059)
    MS can't possibly know all the ransomware out there, however, I think MS does a terrible job at fixing anything. I had a friend who bought a MS product but in working with it he found a bug. He calls MS support. They research it but they say with his level of support, they can't go any further without premium support. So he pays for premium support. Premium support confirms that it is a bug. He asks when a fix is possible. They say they are not going to fix it. He asks why the heck did his premium support money do? For the privilege of telling him that it was a bug apparently.
    • Re: (Score:1, Interesting)

      MS can't possibly know all the ransomware out there, however, I think MS does a terrible job at fixing anything.

      Are you suggesting MS doesn't actively develop malware for their older systems to encourage people to upgrade? Because that would be a stupid suggestion.

      • 1) MS wouldn't know about all the ransomware out there especially if the ransomware authors are trying to hide it. 2) MS in my experience is terrible at fixing things.
    • Microsoft will refund all funds if they agree that there is a bug in their software.
    • You obviously don't work in software. Any major software project has hundreds to thousands of know bugs, including Apple products, Microsoft products, even Linux based products. All of those bugs have to be prioritized and weighed. Is this something that most customers need fixed? Will it cause more problems to fix it than to leave it? Is it better to put our efforts toward moving toward the next version, which automatically fixes this problem, instead of trying to fix it in this version, which will be obso
      • The same is true in every industry, from airplanes to credit card processing to medicine. Doctors always have to decide if there is greater harm done to a patient's overall life health chances by fixing a problem than to leave the problem and help the patient adjust to it.
      • The problem wasn't "Oh you found a bug, let's put it in the list and it'll get on the list." The problem was "oh you're having problems. You'll need premium support to go on. That's extra. Premium Support: Oh that is a bug. We're not fixing it."
      • What are the bugs in SEL4?

    • by swb ( 14022 )

      I've had Microsoft refund support charges for known bugs and in a couple of cases for situations that could have easily been called user error if they were being hard about it.

    • MS can't possibly know all the ransomware out there, however, I think MS does a terrible job at fixing anything. I had a friend who bought a MS product but in working with it he found a bug. He calls MS support. They research it but they say with his level of support, they can't go any further without premium support. So he pays for premium support. Premium support confirms that it is a bug. He asks when a fix is possible. They say they are not going to fix it. He asks why the heck did his premium support money do? For the privilege of telling him that it was a bug apparently.

      You and your friend clearly do not understand how Enterprise support works. It's not there to make code changes (even bug fixes) for individual users. It exists to make changes that improve the system for the largest number of users.

    • by sims 2 ( 994794 )

      I still think windows home server was a disaster.
      Oh it just occasionally corrupts backups so you can't open them.

      It was never fixed!

      No way to repair or recover the data was ever provided.

      Then they took out Drive Extender and still didn't fix it.

      • I still think windows home server was a disaster.
        Oh it just occasionally corrupts backups so you can't open them.

        It was never fixed!

        No way to repair or recover the data was ever provided.

        Then they took out Drive Extender and still didn't fix it.

        Sadly, WHS was a great idea doomed from the get-go for a myriad of reasons. It needed a crowd sufficiently-enthusiast to want a product capable of handling home streaming and backups, but insufficiently enthusiast to set up a FreeNAS, Plex, and the free version of Macrium (or the inexpensive 5-user license of Acronis, which was still half-decent at the time). The hardware had its issues, not the least of which being manufactured by an HP that was trying to figure out how to do this 'mobile' thing by buying

        • by sims 2 ( 994794 )

          I picked it because I assumed since they made windows it would be able to automatically do the fix up required when restoring to a diffrent system handle resizing the file system and it supported using of a bunch of discs as pooled storage for backup in hindsight using 5 drives setup as equivilent of raid 0 was a terrible idea. Although somehow I didn't loose any data from drive failure it was just mhs screwing up.

          It could do all of those things to a point the hardware support for restore was terrible.

          But f

  • What's interesting is that Windows 10 S is supposed to only run apps from the store. So by finding a way for it to run ransomware, they have also found a way for it to run basically any other piece of software. Personally, I don't know why MS thinks it's a good idea to limit the software that runs on a machine. Windows RT failed for a reason. People want to be able to run whatever software they like.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      People want to be able to run whatever software they like.

      Some people obviously do. But iOS is also highly successful.

      • Re:Interesting (Score:4, Insightful)

        by TheFakeTimCook ( 4641057 ) on Friday June 23, 2017 @11:20AM (#54676149)

        People want to be able to run whatever software they like.

        Some people obviously do. But iOS is also highly successful.

        But, there's a difference. Actually two:

        1. the iOS App Store is likely VAST compared with the WIndows 10 App Store. That makes a VAST difference.

        2. People who own iPhones/iPads understand the reasoning behind, and are used to, the App Store Restriction (which really isn't a restriction anymore, since iOS 8).

        • contact censorship should not be part of an app store if any thing apple can have an adults only one and and an open politics ones

          • contact censorship should not be part of an app store if any thing apple can have an adults only one and and an open politics ones

            In Your Not So Humble Opinion, of course.

            Which part of "People who own iPhones/iPads understand the reasoning behind, and are used to, the App Store Restriction" didn't you understand?

            Question: Doesn't "Freedom of Choice" INCLUDE the "right" to join a "Members Only" Club? Afterall, no one FORCES you to buy an iPhone/iPad.

      • I don't use my iPhone or my Android tablet as general-purpose computing devices. I use my laptop and desktop for those, and those had better run arbitrary software or they're of little use to me.

    • does windows 10 S let intel / amd / nvidia / others run there non app store drivers?

  • "We can tell because Windows 10 runs tons of snoopware."

  • by TheHawke ( 237817 ) <rchapin&stx,rr,com> on Friday June 23, 2017 @11:16AM (#54676121)

    Back in the days of Mac OS8, he proclaimed that the MacOS was virus-proof.

    Big mistake.

    By the end of the week at least a dozen or so viriii were released into the wild and Jobs had to eat humble pie.

    • by boley1 ( 2001576 )

      Steve Jobs eating humble pie? You must be talking about another Steve Jobs.

    • English is such a logical and regular language! No wonder it is the language of exchange between peoples.
    • Have to call BS on this. I was actually working for Apple during this period.

      There was always the ubiquitous nVir and a number of other nasties floating around.

      The only implication in Apple's advertising is that the risk of data loss or loss of functionality was less. And it was.

      Of the 10 or 15 meaningful malwares that infected the old 68000 OS, there were only two or three which could do serious damage. And most infections were cleaned up quite nicely with no data loss.

      I love it when someone who never set

    • In typical modern slashdot fashion, a person is marked up because he made a "cool" sounding claim. This claim of course is unsupported, and is likely made up. But hey, don't let truth get in the way of a good story, right?

      This particular lie bothered me because I remembered reading something a long time ago that implied the opposite. I will admit it took me the better part of an hour to find this article. It is about how the U.S. Army had switched to Mac OS in 1999 for their web page, since they were si
    • by SeaFox ( 739806 )

      Back in the days of Mac OS8, he proclaimed that the MacOS was virus-proof. [citation needed]

      Big mistake.

      By the end of the week at least a dozen or so viriii were released into the wild[citation needed] and Jobs had to eat humble pie.

  • by Thyamine ( 531612 ) <thyamine.ofdragons@com> on Friday June 23, 2017 @11:30AM (#54676189) Homepage Journal
    I think this is always silly when a company claims something like this, and I think everyone in the industry understands that. However, it gets headlines, and will be used for marketing. All the normal users though will never see this article explaining why it's bull, but they'll remember 'Hmm Windows S doesn't get ransomware'. Now maybe some of the marketing people really believe this statement, however I highly doubt any of the devs or engineering team truly thought 'ah ha! We've done it!'
  • Even if it was impossible to get ransomware in there, is there any value to it? You know, it's also impossible to run ransomware on my cheap calculator, and that one at least has a following. :P

  • by Anonymous Coward

    ... would make it harder for state actors to compromise. State actors want a compromiseable OS.

    • Not to worry, there is no chance that any version of Windows will have too much security. No special effort is needed to ensure that.

  • by LeftCoastThinker ( 4697521 ) on Friday June 23, 2017 @11:44AM (#54676307)

    Windows 10S is nothing more than a play to walled garden Windows, by appealing to consumers fears, all while the customer pays for the pleasure. Hopefully someone will file a class action for false advertising (since actually hacking the OS was a trivial 3 hours for someone who knew what they were doing).

    It is high time that companies take cyber security seriously, before someone hacks a windows computer running some critical system and causes a major accident (oh wait, that has happened multiple times already). For far too long companies have played fast and loose with the word secure.

    Is it possible for MS to make a hardened version of Windows? Probably, but it would require a fundamental re-thinking of how windows runs, and there would be a performance hit. MS would have to spend real resources on the security aspect, and that would take resources away from developing the shiny interface tweaks that no one gives a shit about but the MBAs think is critical...

    • Is it possible for MS to make a hardened version of Windows?

      First, you need to define "hardened", You're not going to get exploit-free on something as complex as a modern OS with changing applications that run scripts. Second, Microsoft has. Sometime in the mid 200?s they decided to make things more secure, and did a pretty decent job of it.

      • I agree that they have made progress towards making Windows more secure, but there is still a lot more that can be done. Hardening is about all we can ever hope for, since hacking a system is by definition always possible given enough time and resources (which is why real security in combination with air-gap and Faraday cages is used for hardware that really has to be secure; think NSA/classified military designs/etc.) The goal of hardening is to make large scale attacks infeasible. You will never elimin

  • uh.... (Score:5, Informative)

    by circularWaffle ( 4839643 ) on Friday June 23, 2017 @11:50AM (#54676363)
    Does MS realize that infection/breach through macros is NOT a new/unknown/zero day thing? That's why the "Protected View" is in place in the first place..........Yes, the protection is in place....But it doesn't mean that a user isn't going to deliberately ignore any warnings just because, "idk I just thought it was a document from my friend and didn't think about it". That shit happens all the time! This is now a known exploit. I mean, seriously, go fix the issue MS.
    • Yeah it's the DLL injection in a closed OS that is the news here

  • Are they suggesting that the less capable the operating system, the more virus proof it is?

    I think I can dig out a set of WfW floppies...

  • No known ransomware is running on my Windows 7 system either.
  • I needed a good laugh today.

    "I'm pretty sure my last words are going to be 'Hold my beer and watch this'"
  • by Anonymous Coward

    He had to download Word via the app store, create a malicious macro to run it after starting it explicitly with admin privileges, mount a network drive to place the macro (because Word won't run downloaded ones), use the macro from there _and_ explicitly ignore a warning that said it was insecure.

    Who calls that easy? This would require a good amount of social engineering, which will always be capable of being used to install and run something arbitrary. Normal users, even with admin rights, don't start Word

  • by rsmith-mac ( 639075 ) on Friday June 23, 2017 @06:14PM (#54678685)

    Word was opened with administrative privileges through Windows' Task Manager

    Isn't this essentially cheating? If Word is opened by a user, it's only opened at standard user privileges, even if that user is a member of the admin group.

    The use of a macro is clever enough. But if it hinges on Word running as Admin, then I have to question whether this is anything more than a publicity stunt.

    • by Anonymous Coward

      Office macros essentially allow you to run arbitrary code, so I expect a privilege escalation exploit could be used from the macro instead. I think the researcher was just going for the easiest way to do it. Getting the user to bypass the setting preventing macros downloaded from the internet from running would be harder.

  • Because it's hard to have ransomware running on a shit toy gimped OS that very few people want to use and thus not in any kind of widespread use.
  • by SuperDre ( 982372 ) on Saturday June 24, 2017 @03:29AM (#54680755) Homepage
    Read the whole story and think... Then you'll know this 'researcher' is just bullshitting. You already need to start word in admin-mode (first thing that makes ms their claim still stand), then you need to click on the activate macro's button, and in the end you still need to be able to install the malware which is not on the ms windows store and therefore cannot simply be installed, but that's something he doesn't even do claiming with some bullshit about not wanting his network to be infested.. no this is just a clickbait article by zdnet for triggering some extra ad revenue...
  • Fact is, it didn't work out of the box. So none of the 10S machines were infected by Wannacry. Fair enough. However the whole big deal of 10S is that it's supposed to be fricking hard, like Linux/Unix hard to break it since they eliminated all of the buggy 32 bit API calls. Looks like it's the same old crap. They didn't fix the OS. It's like the 16-32 bit transition all over again.

  • The researcher should be able to do it whilst holding his beer. Consider it a fair handicap for Windows.

"Confound these ancestors.... They've stolen our best ideas!" - Ben Jonson

Working...