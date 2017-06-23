Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
Microsoft Security Windows

Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer' (zdnet.com) 45

Posted by msmash from the hold-my-beer dept.
Earlier this month, Microsoft said "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack," adding that "no known ransomware works against Windows 10 S." News outlet ZDNet asked a security researcher to see how good Microsoft's claims were. Turns out, not much. From the report: We asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system? It took him a little over three hours to bust the operating system's various layers of security, but he got there. "I'm honestly surprised it was this easy," he said in a call after his attack. "When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would've wanted more restrictions on trying to run privileged processes instead of it being such a short process."

Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer' More | Reply

Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer'

Comments Filter:

  • Known to MS (Score:3)

    by turkeydance ( 1266624 ) on Friday June 23, 2017 @12:03PM (#54676027)
    i know nothing...Sgt Schultz
  • I'm usually a fan of MS, but that is some bull if I ever heard it. Maybe there is not a known ransomware because no one thought to make one yet, I didn't even really realize that OS was even out yet.
  • MS can't possibly know all the ransomware out there, however, I think MS does a terrible job at fixing anything. I had a friend who bought a MS product but in working with it he found a bug. He calls MS support. They research it but they say with his level of support, they can't go any further without premium support. So he pays for premium support. Premium support confirms that it is a bug. He asks when a fix is possible. They say they are not going to fix it. He asks why the heck did his premium support m

    • Re: (Score:1)

      by Anonymous Coward

      that's not how bugs are reported to Microsoft and certainly not how they are actioned.

      Your friend is a liar or you are. Typically when someone starts off by saying "I had a friend" all I can think is no you didn't, you just think that's an easy way to spout bullshit without being called on it because your response will always be: 'my friend, I'll ask him'

    • Microsoft will refund all funds if they agree that there is a bug in their software.
    • You obviously don't work in software. Any major software project has hundreds to thousands of know bugs, including Apple products, Microsoft products, even Linux based products. All of those bugs have to be prioritized and weighed. Is this something that most customers need fixed? Will it cause more problems to fix it than to leave it? Is it better to put our efforts toward moving toward the next version, which automatically fixes this problem, instead of trying to fix it in this version, which will be obso
      • The same is true in every industry, from airplanes to credit card processing to medicine. Doctors always have to decide if there is greater harm done to a patient's overall life health chances by fixing a problem than to leave the problem and help the patient adjust to it.

    • Re: (Score:2)

      by swb ( 14022 )

      I've had Microsoft refund support charges for known bugs and in a couple of cases for situations that could have easily been called user error if they were being hard about it.

  • What's interesting is that Windows 10 S is supposed to only run apps from the store. So by finding a way for it to run ransomware, they have also found a way for it to run basically any other piece of software. Personally, I don't know why MS thinks it's a good idea to limit the software that runs on a machine. Windows RT failed for a reason. People want to be able to run whatever software they like.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      People want to be able to run whatever software they like.

      Some people obviously do. But iOS is also highly successful.

      • People want to be able to run whatever software they like.

        Some people obviously do. But iOS is also highly successful.

        But, there's a difference. Actually two:

        1. the iOS App Store is likely VAST compared with the WIndows 10 App Store. That makes a VAST difference.

        2. People who own iPhones/iPads understand the reasoning behind, and are used to, the App Store Restriction (which really isn't a restriction anymore, since iOS 8).

    • does windows 10 S let intel / amd / nvidia / others run there non app store drivers?

  • "We can tell because Windows 10 runs tons of snoopware."

  • Back in the days of Mac OS8, he proclaimed that the MacOS was virus-proof.

    Big mistake.

    By the end of the week at least a dozen or so viriii were released into the wild and Jobs had to eat humble pie.

  • Silliness (Score:3)

    by Thyamine ( 531612 ) <thyamine@noSpAm.ofdragons.com> on Friday June 23, 2017 @12:30PM (#54676189) Homepage Journal
    I think this is always silly when a company claims something like this, and I think everyone in the industry understands that. However, it gets headlines, and will be used for marketing. All the normal users though will never see this article explaining why it's bull, but they'll remember 'Hmm Windows S doesn't get ransomware'. Now maybe some of the marketing people really believe this statement, however I highly doubt any of the devs or engineering team truly thought 'ah ha! We've done it!'

  • Even if it was impossible to get ransomware in there, is there any value to it? You know, it's also impossible to run ransomware on my cheap calculator, and that one at least has a following. :P

  • Too much security... (Score:1)

    by Anonymous Coward

    ... would make it harder for state actors to compromise. State actors want a compromiseable OS.

  • Windows 10S is nothing more than a play to walled garden Windows, by appealing to consumers fears, all while the customer pays for the pleasure. Hopefully someone will file a class action for false advertising (since actually hacking the OS was a trivial 3 hours for someone who knew what they were doing).

    It is high time that companies take cyber security seriously, before someone hacks a windows computer running some critical system and causes a major accident (oh wait, that has happened multiple times al

  • The security researcher did NOT use the vulnerability that Wannacry used to install the software. The author and researcher are disingenuous in there characterization.

  • Bullshit (Score:5, Informative)

    by war4peace ( 1628283 ) on Friday June 23, 2017 @12:49PM (#54676353)

    What a load of bullshit.
    Sensationalism at its best.

    1. The attack vector wasn't Windows, it was Word. This means the attacked PC must have Word installed.
    2. Word must be ran with Administrative privileges by the user.
    3. The malicious code must be made available and downloaded through a trusted network share.
    4. The yellow warning bar must be clicked on and the dangers of using macros must be accepted for the macro to run.

    Even TFA says:

    This hack may not have been the prettiest or easiest to launch. You could argue that the hack took too many steps that wouldn't be replicated in the real world, and that this case would rely on either social engineering or physical access to a device, rather than a weaponized file to launch on a double-click. That said, hackers aren't known to give up after a little over three hours probing vulnerabilities.
     

    But hey, with this being Slashdot, people happily guzzle watered-down shit that editors throw their way and are more than happy to foam at the mouth saying "Windows sucks". I agree that it's way less than perfect as an OS, but TFA does NOT prove it.

    • 5. User had shitty password
      6. User left device logged in for someone else to access
      7. etc

      There's a point where it's vulnerable just through software or it's not. I think you can say its more vulnerable than you'd want, at least because it was an actual software vulnerability and didn't require it to be hooked up to some forensic analysis hardware.

  • uh.... (Score:4, Informative)

    by circularWaffle ( 4839643 ) on Friday June 23, 2017 @12:50PM (#54676363)
    Does MS realize that infection/breach through macros is NOT a new/unknown/zero day thing? That's why the "Protected View" is in place in the first place..........Yes, the protection is in place....But it doesn't mean that a user isn't going to deliberately ignore any warnings just because, "idk I just thought it was a document from my friend and didn't think about it". That shit happens all the time! This is now a known exploit. I mean, seriously, go fix the issue MS.

  • Are they suggesting that the less capable the operating system, the more virus proof it is?

    I think I can dig out a set of WfW floppies...

  • No known ransomware is running on my Windows 7 system either.

Slashdot Top Deals

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Close