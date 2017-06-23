Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer' (zdnet.com) 42
Earlier this month, Microsoft said "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack," adding that "no known ransomware works against Windows 10 S." News outlet ZDNet asked a security researcher to see how good Microsoft's claims were. Turns out, not much. From the report: We asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system? It took him a little over three hours to bust the operating system's various layers of security, but he got there. "I'm honestly surprised it was this easy," he said in a call after his attack. "When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would've wanted more restrictions on trying to run privileged processes instead of it being such a short process."
that's not how bugs are reported to Microsoft and certainly not how they are actioned.
Your friend is a liar or you are. Typically when someone starts off by saying "I had a friend" all I can think is no you didn't, you just think that's an easy way to spout bullshit without being called on it because your response will always be: 'my friend, I'll ask him'
Re:Meh (Score:5, Interesting)
I often run suspicious files through AV websites like TotalVirus.com
You'd be AMAZED how much old stuff sitting in my inbox for 5 years won't be picked up by big-name anti-virus suites even with "heuristics".
And if you tweak it by just one byte (e.g. javascript viruses and changing a code-path ever-so-slightly), it'll usually zoom through ALL of them.
Sorry, but AV is just a constantly out-of-date database of things that MILLIONS of people have already caught, that is used as a lookup for every file access. In terms of protecting your computer, it's useless (or WannaCry wouldn't have happened, even on non-updated machines). In terms of doing so efficiently, it's absolutely atrocious.
What's interesting is that Windows 10 S is supposed to only run apps from the store. So by finding a way for it to run ransomware, they have also found a way for it to run basically any other piece of software. Personally, I don't know why MS thinks it's a good idea to limit the software that runs on a machine. Windows RT failed for a reason. People want to be able to run whatever software they like.
People want to be able to run whatever software they like.
Some people obviously do. But iOS is also highly successful.
People want to be able to run whatever software they like.
Some people obviously do. But iOS is also highly successful.
But, there's a difference. Actually two:
1. the iOS App Store is likely VAST compared with the WIndows 10 App Store. That makes a VAST difference.
2. People who own iPhones/iPads understand the reasoning behind, and are used to, the App Store Restriction (which really isn't a restriction anymore, since iOS 8).
contact censorship should not be part of an app store if any thing apple can have an adults only one and and an open politics ones
does windows 10 S let intel / amd / nvidia / others run there non app store drivers?
"We can tell because Windows 10 runs tons of snoopware."
Back in the days of Mac OS8, he proclaimed that the MacOS was virus-proof.
Big mistake.
By the end of the week at least a dozen or so viriii were released into the wild and Jobs had to eat humble pie.
Steve Jobs eating humble pie? You must be talking about another Steve Jobs.
Silliness (Score:3)
Even if it was impossible to get ransomware in there, is there any value to it? You know, it's also impossible to run ransomware on my cheap calculator, and that one at least has a following.
:P
The real reason is to get an extra $50 from poor students. Notice how it's marketed only to students but students often need to run custom software for their courses so they end up paying the $50 ransom or return it for a real laptop.
... would make it harder for state actors to compromise. State actors want a compromiseable OS.
Windows 10S is nothing more than a play to walled garden Windows, by appealing to consumers fears, all while the customer pays for the pleasure. Hopefully someone will file a class action for false advertising (since actually hacking the OS was a trivial 3 hours for someone who knew what they were doing).
It is high time that companies take cyber security seriously, before someone hacks a windows computer running some critical system and causes a major accident (oh wait, that has happened multiple times al
Bullshit (Score:5, Informative)
What a load of bullshit.
Sensationalism at its best.
1. The attack vector wasn't Windows, it was Word. This means the attacked PC must have Word installed.
2. Word must be ran with Administrative privileges by the user.
3. The malicious code must be made available and downloaded through a trusted network share.
4. The yellow warning bar must be clicked on and the dangers of using macros must be accepted for the macro to run.
Even TFA says:
This hack may not have been the prettiest or easiest to launch. You could argue that the hack took too many steps that wouldn't be replicated in the real world, and that this case would rely on either social engineering or physical access to a device, rather than a weaponized file to launch on a double-click. That said, hackers aren't known to give up after a little over three hours probing vulnerabilities.
But hey, with this being Slashdot, people happily guzzle watered-down shit that editors throw their way and are more than happy to foam at the mouth saying "Windows sucks". I agree that it's way less than perfect as an OS, but TFA does NOT prove it.
5. User had shitty password
6. User left device logged in for someone else to access
7. etc
There's a point where it's vulnerable just through software or it's not. I think you can say its more vulnerable than you'd want, at least because it was an actual software vulnerability and didn't require it to be hooked up to some forensic analysis hardware.
Are they suggesting that the less capable the operating system, the more virus proof it is?
I think I can dig out a set of WfW floppies...