Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer' (zdnet.com) 125
Earlier this month, Microsoft said "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack," adding
that "no known ransomware works against Windows 10 S." News outlet ZDNet asked a security researcher to see how good Microsoft's claims were. Turns out, not much. From the report: We asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system? It took him a little over three hours to bust the operating system's various layers of security, but he got there. "I'm honestly surprised it was this easy," he said in a call after his attack. "When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would've wanted more restrictions on trying to run privileged processes instead of it being such a short process."
Known to MS (Score:5, Funny)
HA HA (Score:4, Interesting)
Re: (Score:1)
In other words, Microsoft closes its eyes, puts hands over ears and repeats "LALALALALALALALALALA" to avoid hearing stuff.
"Known" is the keyword (Score:3)
Re: (Score:1, Funny)
Thank you for your valuable pro-Microsoft contribution to this tech site, Pajeet! The sum of 50 rupees has been deposited to your Bing Rewards account.
Re: (Score:3)
> Your friend is a liar or you are.
You aren't helping, nor are you even trying to contribute. You might want to revisit your assumptions, because they are most certainly leading you into false conclusions. The correct answer is, "I doubt it, let's see if there's any history to corroborate."
A cursory search result might lead you to http://www.schveiguy.com/blog/... [schveiguy.com]
Re: (Score:2)
I'm a freak. I read whole articles. You can find some interesting shit in there:
3. Why do you have hundreds of spreadsheets? Why not just merge them into one maintainable spreadsheet where you could fix the problem in one place?
Because shut up.
Anyway, I do have Office365, I do use web query to pull tables in, and they pull in fine. :)
The article didn't mention whether the web query method works or not after uninstalling Office 2010. I wonder if that was the issue
Re: (Score:1, Interesting)
MS can't possibly know all the ransomware out there, however, I think MS does a terrible job at fixing anything.
Are you suggesting MS doesn't actively develop malware for their older systems to encourage people to upgrade? Because that would be a stupid suggestion.
Re: "Known" is the keyword (Score:2)
They encouraged me way back when they were expecting us all to "upgrade" from XP to the piece of shit known as Vista. Windows, while getting better in stability thanks to NT, only got worse and worse with every version when it came to bloat and shittier defaults (XP required me to turn tons of useless shit off and tweak gazillions of settings to make it tolerable, but when I did it ran very fast and smooth). Vista, by comparison, was downright terrible.
As far as security goes... come on, it's Windows. No ma
Re: (Score:2)
Re: "Known" is the keyword (Score:2)
That's why they leave it to the third parties.
Re: (Score:1)
Re: (Score:1)
Because they do. When you pay for an incident you only pay if you are the one that screwed up. When you encounter a bug they will either provide you with a workaround, a fix, or refund you. I've had all three happen to me at one time or another.
This idea that you have to pay for support, then premium support is bunk.
Re: (Score:2)
In my experience in IT having called Microsoft about a dozen times, if they say that they are at fault for the issue they will refund the cost of the case you opened to have an issue resolved.
This includes bugs in their software and patches that were installed that broke something (like an exchange cluster for a hospital).
I believe I have had to pay when they say the only way to fix it is to reformat and reinstall, and that was after 20 hours of troubleshooting.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: "Known" is the keyword (Score:2)
What are the bugs in SEL4?
Re: (Score:2)
I've had Microsoft refund support charges for known bugs and in a couple of cases for situations that could have easily been called user error if they were being hard about it.
Re: (Score:2)
MS can't possibly know all the ransomware out there, however, I think MS does a terrible job at fixing anything. I had a friend who bought a MS product but in working with it he found a bug. He calls MS support. They research it but they say with his level of support, they can't go any further without premium support. So he pays for premium support. Premium support confirms that it is a bug. He asks when a fix is possible. They say they are not going to fix it. He asks why the heck did his premium support money do? For the privilege of telling him that it was a bug apparently.
You and your friend clearly do not understand how Enterprise support works. It's not there to make code changes (even bug fixes) for individual users. It exists to make changes that improve the system for the largest number of users.
Re: (Score:2)
Re: (Score:2)
I still think windows home server was a disaster.
Oh it just occasionally corrupts backups so you can't open them.
It was never fixed!
No way to repair or recover the data was ever provided.
Then they took out Drive Extender and still didn't fix it.
Re: (Score:3)
I still think windows home server was a disaster.
Oh it just occasionally corrupts backups so you can't open them.
It was never fixed!
No way to repair or recover the data was ever provided.
Then they took out Drive Extender and still didn't fix it.
Sadly, WHS was a great idea doomed from the get-go for a myriad of reasons. It needed a crowd sufficiently-enthusiast to want a product capable of handling home streaming and backups, but insufficiently enthusiast to set up a FreeNAS, Plex, and the free version of Macrium (or the inexpensive 5-user license of Acronis, which was still half-decent at the time). The hardware had its issues, not the least of which being manufactured by an HP that was trying to figure out how to do this 'mobile' thing by buying
Re: (Score:2)
I picked it because I assumed since they made windows it would be able to automatically do the fix up required when restoring to a diffrent system handle resizing the file system and it supported using of a bunch of discs as pooled storage for backup in hindsight using 5 drives setup as equivilent of raid 0 was a terrible idea. Although somehow I didn't loose any data from drive failure it was just mhs screwing up.
It could do all of those things to a point the hardware support for restore was terrible.
But f
Re:Meh (Score:5, Interesting)
You wish.
I often run suspicious files through AV websites like TotalVirus.com
You'd be AMAZED how much old stuff sitting in my inbox for 5 years won't be picked up by big-name anti-virus suites even with "heuristics".
And if you tweak it by just one byte (e.g. javascript viruses and changing a code-path ever-so-slightly), it'll usually zoom through ALL of them.
Sorry, but AV is just a constantly out-of-date database of things that MILLIONS of people have already caught, that is used as a lookup for every file access. In terms of protecting your computer, it's useless (or WannaCry wouldn't have happened, even on non-updated machines). In terms of doing so efficiently, it's absolutely atrocious.
Re: (Score:2)
or WannaCry wouldn't have happened, even on non-updated machines
That's a good point. A known vulnerability is surely one of the easiest heuristics to catch.
Re: (Score:2)
I think you meant virustotal.com
Interesting (Score:2)
What's interesting is that Windows 10 S is supposed to only run apps from the store. So by finding a way for it to run ransomware, they have also found a way for it to run basically any other piece of software. Personally, I don't know why MS thinks it's a good idea to limit the software that runs on a machine. Windows RT failed for a reason. People want to be able to run whatever software they like.
Re: (Score:2, Interesting)
People want to be able to run whatever software they like.
Some people obviously do. But iOS is also highly successful.
Re:Interesting (Score:4, Insightful)
People want to be able to run whatever software they like.
Some people obviously do. But iOS is also highly successful.
But, there's a difference. Actually two:
1. the iOS App Store is likely VAST compared with the WIndows 10 App Store. That makes a VAST difference.
2. People who own iPhones/iPads understand the reasoning behind, and are used to, the App Store Restriction (which really isn't a restriction anymore, since iOS 8).
contact censorship should not be part of an app st (Score:2)
contact censorship should not be part of an app store if any thing apple can have an adults only one and and an open politics ones
Re: (Score:2)
contact censorship should not be part of an app store if any thing apple can have an adults only one and and an open politics ones
In Your Not So Humble Opinion, of course.
Which part of "People who own iPhones/iPads understand the reasoning behind, and are used to, the App Store Restriction" didn't you understand?
Question: Doesn't "Freedom of Choice" INCLUDE the "right" to join a "Members Only" Club? Afterall, no one FORCES you to buy an iPhone/iPad.
Re: (Score:3)
I don't use my iPhone or my Android tablet as general-purpose computing devices. I use my laptop and desktop for those, and those had better run arbitrary software or they're of little use to me.
Re: (Score:2)
Apple gear is expensive. MS is going for the people too cheap to buy Apple iCrap, and too stupid to realize how much smaller the MS software store is.
Also, Android and iOS are for phones and tablets, not laptops. Of course, MS's crappy Win10S laptop really isn't *that* different from a tablet with a BT keyboard, but still, it is larger and has a real keyboard, and for people who buy into the MS ecosystem (namely Office) it might seem sensible to them.
Re: (Score:2)
My honest guess is that Microsoft wants a similar environment with Windows, which will not end well.
I don't think it takes a genius to see that's exactly what MS wants. They envy the success of iOS and Android that way, and it's been pretty obvious how sore they are that they never got far in the mobile space. They had WinCE smartphones for *years* before iPhone came out, remember, but they never got much adoption (esp. outside of corporate markets), and then suddenly iPhone popped onto the scene and ever
does windows 10 S let intel / amd / nvidia / other (Score:2)
does windows 10 S let intel / amd / nvidia / others run there non app store drivers?
Windows HLK (Score:4, Informative)
Drivers for Windows 10 S must meet these requirements [microsoft.com]. I imagine that participants in a public driver beta test would use Windows 10 Pro instead of Windows 10 S.
how they know (Score:1)
"We can tell because Windows 10 runs tons of snoopware."
Echoes of Steve Job's boast (Score:3)
Back in the days of Mac OS8, he proclaimed that the MacOS was virus-proof.
Big mistake.
By the end of the week at least a dozen or so viriii were released into the wild and Jobs had to eat humble pie.
Re: (Score:2)
For quite a few years, there were very few viruses available for the Mac. It was a much safer environment because of that.
Re: (Score:3)
Steve Jobs eating humble pie? You must be talking about another Steve Jobs.
Re: viriii (Score:2)
Re: (Score:2)
Have to call BS on this. I was actually working for Apple during this period.
There was always the ubiquitous nVir and a number of other nasties floating around.
The only implication in Apple's advertising is that the risk of data loss or loss of functionality was less. And it was.
Of the 10 or 15 meaningful malwares that infected the old 68000 OS, there were only two or three which could do serious damage. And most infections were cleaned up quite nicely with no data loss.
I love it when someone who never set
Re: (Score:2)
Yeah, I thought the WDEF virus was ingenious. Unfortunately, it wasn't properly tested for the MacOS version that came out after it was released (go figure), and could do some serious harm there. Fortunately, by that time I carried around a Disinfectant disk as a matter of habit.
Echoes of a slashdot liar (Score:1)
This particular lie bothered me because I remembered reading something a long time ago that implied the opposite. I will admit it took me the better part of an hour to find this article. It is about how the U.S. Army had switched to Mac OS in 1999 for their web page, since they were si
Re: (Score:2)
Back in the days of Mac OS8, he proclaimed that the MacOS was virus-proof. [citation needed]
Big mistake.
By the end of the week at least a dozen or so viriii were released into the wild[citation needed] and Jobs had to eat humble pie.
Re: (Score:2)
ONLY apps can app apps!
How so? Microsoft bans anything remotely similar to Visual Studio on Windows 10 S. "Prepare to package an app (Desktop Bridge)" [microsoft.com] lists the following as an issue that must be addressed before packaging an app:
Re: (Score:2)
In fairness to Microsoft, if you want to run real programs, then you should get something that runs a real operating system.
Windows 10S is not a general purpose OS, it is an appliance OS. Expecting it to be anything else is unrealistic.
Silliness (Score:3)
Then again... (Score:2)
Even if it was impossible to get ransomware in there, is there any value to it? You know, it's also impossible to run ransomware on my cheap calculator, and that one at least has a following. :P
Re: (Score:1)
The real reason is to get an extra $50 from poor students. Notice how it's marketed only to students but students often need to run custom software for their courses so they end up paying the $50 ransom or return it for a real laptop.
Too much security... (Score:1)
... would make it harder for state actors to compromise. State actors want a compromiseable OS.
Re: (Score:2)
Not to worry, there is no chance that any version of Windows will have too much security. No special effort is needed to ensure that.
Real Security isn't Cheap (Score:5, Interesting)
Windows 10S is nothing more than a play to walled garden Windows, by appealing to consumers fears, all while the customer pays for the pleasure. Hopefully someone will file a class action for false advertising (since actually hacking the OS was a trivial 3 hours for someone who knew what they were doing).
It is high time that companies take cyber security seriously, before someone hacks a windows computer running some critical system and causes a major accident (oh wait, that has happened multiple times already). For far too long companies have played fast and loose with the word secure.
Is it possible for MS to make a hardened version of Windows? Probably, but it would require a fundamental re-thinking of how windows runs, and there would be a performance hit. MS would have to spend real resources on the security aspect, and that would take resources away from developing the shiny interface tweaks that no one gives a shit about but the MBAs think is critical...
Re: (Score:2)
First, you need to define "hardened", You're not going to get exploit-free on something as complex as a modern OS with changing applications that run scripts. Second, Microsoft has. Sometime in the mid 200?s they decided to make things more secure, and did a pretty decent job of it.
Re: (Score:2)
I agree that they have made progress towards making Windows more secure, but there is still a lot more that can be done. Hardening is about all we can ever hope for, since hacking a system is by definition always possible given enough time and resources (which is why real security in combination with air-gap and Faraday cages is used for hardware that really has to be secure; think NSA/classified military designs/etc.) The goal of hardening is to make large scale attacks infeasible. You will never elimin
uh.... (Score:5, Informative)
Re: (Score:2)
Yeah it's the DLL injection in a closed OS that is the news here
Re: (Score:2)
Apparently not that abnormal:
Hickey created a malicious, macro-based Word document on his own computer that when opened would allow him to carry out a reflective DLL injection attack, allowing him to bypass the app store restrictions by injecting code into an existing, authorized process. In this case, Word was opened with administrative privileges through Windows' Task Manager, a straightforward process given the offline user account by default has administrative privileges.
Though I am a little confused by that "Word was opened with administrative privileges through Windows' Task Manager"?
XP Was pretty unnafected. (Score:2)
Are they suggesting that the less capable the operating system, the more virus proof it is?
I think I can dig out a set of WfW floppies...
Statements (Score:2)
Thank you slashdot (Score:1)
"I'm pretty sure my last words are going to be 'Hold my beer and watch this'"
Re: (Score:2)
"I'm honestly surprised it was this easy" (Score:1)
He had to download Word via the app store, create a malicious macro to run it after starting it explicitly with admin privileges, mount a network drive to place the macro (because Word won't run downloaded ones), use the macro from there _and_ explicitly ignore a warning that said it was insecure.
Who calls that easy? This would require a good amount of social engineering, which will always be capable of being used to install and run something arbitrary. Normal users, even with admin rights, don't start Word
Admin Privileges!? (Score:3)
Isn't this essentially cheating? If Word is opened by a user, it's only opened at standard user privileges, even if that user is a member of the admin group.
The use of a macro is clever enough. But if it hinges on Word running as Admin, then I have to question whether this is anything more than a publicity stunt.
Re: (Score:1)
Office macros essentially allow you to run arbitrary code, so I expect a privilege escalation exploit could be used from the macro instead. I think the researcher was just going for the easiest way to do it. Getting the user to bypass the setting preventing macros downloaded from the internet from running would be harder.
Of course (Score:2)
Read it (Score:3)
So they were probably right. (Score:1)
Fact is, it didn't work out of the box. So none of the 10S machines were infected by Wannacry. Fair enough. However the whole big deal of 10S is that it's supposed to be fricking hard, like Linux/Unix hard to break it since they eliminated all of the buggy 32 bit API calls. Looks like it's the same old crap. They didn't fix the OS. It's like the 16-32 bit transition all over again.
TBH... (Score:2)
Also, no known useful software runs on 10 s (Score:2)
So they aren't wrong!
Where do you draw the line? (Score:2)
5. User had shitty password
6. User left device logged in for someone else to access
7. etc
There's a point where it's vulnerable just through software or it's not. I think you can say its more vulnerable than you'd want, at least because it was an actual software vulnerability and didn't require it to be hooked up to some forensic analysis hardware.
Re: (Score:2)
5. User had shitty password
6. User left device logged in for someone else to access
If I can log onto your system as you, I can destroy everything of value to you accessible from that system. "Vulnerable through software" doesn't enter into it. Every OS has a list of unpatched privilege escalation exploits, so I can also destroy everything else on that system.
Talk about reaching ...
Re: (Score:2)
I think what was meant is that you simply walking off while still logged in lets me do more to the system than send messages as you & post places as you about the astounding, phenomenal, and utterly impressive bagginess of 'my' pants--not that I have your password, but that it doesn't even ask if I have your password when I do something like tell it to reformat the hard drive the OS is on.
Re: (Score:2)
Sure, but you could also smash it with a hammer. How many machines have more than one user these days? 1%? 0.01%? Ransomware doesn't need to affect OS files to be effective - the user's files are what's valuable.
Re: (Score:2)
A computer left logged out, even if it's only got one user, will at best let you at a guest account. I typically leave mine set to only let you see the lock screen when I might be leaving it booted somewhere where it'll be easy for other people to access it--and it doesn't log itself in on boot.
If you take a hammer to it, though, I will not have that much trouble getting the cops to do something, especially compared to ransomware.
Re: (Score:2)
Based on the comments so far, perhaps four or five people actually read the article
It appears that War4peace is one of these, and so far he is the only person to make a post directly addressing the problems with the linked article based on the technology.
And he got marked down to -1.
WTF Slashdot people.
Re: (Score:2)
Two hours before your comment I was at +5... I guess the Microsoft-hating crowd woke up :)
No matter though, I admit I read the article to figure out what the hell did Microsoft fuck up this time, but I couldn't find it. So I thought it would be good to call this specific hate as bullshit, because we all should aim at being objective at least when analyzing hard data.
I pissed off the wrong people, it seems :)
Re: (Score:2)
You're new to this whole Microsoft thing, aint'cha?