Almost All WannaCry Victims Were Running Windows 7

An anonymous reader quotes a report from The Verge: According to data released today by Kaspersky Lab, roughly 98 percent of the computers affected by the ransomware were running some version of Windows 7, with less than one in a thousand running Windows XP. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections. Windows 7 is still by far the most common version of Windows, running on roughly four times as many computers as Windows 10 worldwide. Since more recent versions of Windows aren't vulnerable to WannaCry, it makes sense that most of the infections would hit computers running 7. Still, the stark disparity emphasizes how small of a role Windows XP seems to have played in spreading the infection, despite early concerns about the outdated operating system. The new figures also bear on the debate over Microsoft's patching practices, which generated significant criticism in the wake of the attack. Microsoft had released a public patch for Windows 7 months before the attack, but the patch for Windows XP was only released as an emergency measure after the worst of the damage had been done. The patch was available earlier to paying Custom Support customers, but most XP users were left vulnerable, each unpatched computer a potential vector to spread the ransomware further. Still, Kaspersky's figures suggest that unpatched XP devices played a relatively small role in the spread of the ransomware.

Yea, but

[wizkid]

Since more recent versions of Windows aren't vulnerable to WannaCry, it makes sense that most of the infections would hit computers running 7. Still, the stark disparity emphasizes how small of a role Windows XP seems to have played in spreading the infection, despite early concerns about the outdated operating system.

Really old systems in Hospitals that only run winblows XP and were effecting the lives of patents were the main concerns on the XP front. Only a few getting infected with wcry and encrypting critical patent files can seriously effect how Medical Facilities are functioning. I don't doubt that Win 7 got hit hardest. When it gets behind the weak hospital firewall and starts killing that shit, XP boxes didn't have the available patch to stave it off.

Re: Yea, but

It's affect. And lose the italics.

Re: Yea, but

[Cipheron]

It's inappropriate to spell-check a quotation, you provide it as-is.

Re: Yea, but

It was a comment that was corrected, not a quotation. wizkid just fucked up the quote tags.

Win X Upgrade

If MS hadn't tried to force Win10 down Win7 user's throats maybe more would have been installing patches.

Re: Win X Upgrade

Lol that someone modded this insightful. Every single one of those people who took the upgrade we're secure. The heavy handed upgrade actually HELPED in probably every corner except /. neckbeards. This will only embolden them to force upgrades.

Re:Win X Upgrade

Haven't patched for over a year. Thanks to MS making windows feel more safe without updates.

Re: Win X Upgrade

[TWX]

You've obviously never worked enterprise IT. You don't roll-out new versions of anything until they're thoroughly tested, and sometimes you find that you can't roll-out a new version of some software because other mission-critical software is not compatible with whatever new thing you're trying.

Case in point, all of those ATMs and Point of Sale systems that are still running XP, that Microsoft is still supporting.

Windows 7 has more support for legacy applications than 8/8.1, and Windows 10 has even less support than 8/8.1. If those legacy applications provide the profit or are otherwise of primary importance to the organization then it does not make sense for the organization to change software. The operating system is merely a means to an end, not the end itself.

Re: Win X Upgrade

[jimtheowl]

Not all people will accept being forced to Windows 10, and that is why they are not patching their machines.

That is regardless of the fact that the ones that did update were secure.

Re: Win X Upgrade

[Billly+Gates]

You've obviously never worked enterprise IT. You don't roll-out new versions of anything until they're thoroughly tested, and sometimes you find that you can't roll-out a new version of some software because other mission-critical software is not compatible with whatever new thing you're trying.

Case in point, all of those ATMs and Point of Sale systems that are still running XP, that Microsoft is still supporting.

Windows 7 has more support for legacy applications than 8/8.1, and Windows 10 has even less support than 8/8.1. If those legacy applications provide the profit or are otherwise of primary importance to the organization then it does not make sense for the organization to change software. The operating system is merely a means to an end, not the end itself.

I most certainly work in I.T. and do test updates and regularly bring them out. I quit my last job as a result of them hanging on to legacy and broken old processes and servers with no support or rundancy as I did not want to get fired or that write up when ransomware would show up. Hell, we had one mission critical server 2003 EOL with a non working tape backup that we keep using old refurbished units! Gee no potential problem there I mean what could possibly happen?

If you do not roll out reguarly security updates to your clients you are incompetent PERIOD. This patch was released in March. What was your excuse?

Reactive management is a plague and not just in I.T. A good white collar professional is proactive on the latest and always has processes when shit hits the fan. If your employer doesn't want to listen a competent IT guy will find another one. ATMs are not applicable as they do not go on the internet and run custom software and installations so locked down that if you used the USB port for a mouse it would trigger an alarm and lock out. These are not the same as a client workstation that needs more flexibility.

My last employer uses IE 6 too today in 2017. BUT they use a custom citrix VM with no internet access and just the intranet app to use a secure connection to an up to date database all locked down tight. So do not use that as an excuse either to not update the rest of your infrastructure.

Re: Win X Upgrade

[TWX]

I was talking about remaining on Windows 7, not about patching the installbase of Windows 7 as updates come out. If you're th AC that I replied to, heaven help you.

Re: Win X Upgrade

[mea_culpa]

Microsoft broke Windows Update on Windows 7 soon after the Windows 10 Upgrade windows closed with some botched updates.
Windows 7 computers that didn't take the update were treated with a runaway svchost.exe processes that consumed 100% of a core and near a GB of RAM while halting future updates at the same time. The only way to get performance back was to disable Windows Update. Even reloading Windows 7 from scratch didn't solve the problem. Updates would never come, and svchost.exe was stuck at 100% and massive amounts of memory. Microsoft let this problem linger for months probably in the hopes that users would upgrade to 10. Others here have suggested that it was due to MS not releasing roll-up updates and letting the library grow beyond what Windows Update was able to process. Since the April 2017 security patch Microsoft has begun roll-up updates to solve this problem.

This is 100% Microsoft's fault.

Re: Win X Upgrade

Truth report! I know of some people who turned the Windows Update Service off and disabled it because it kept trying to install Windows 10, it wouldn't take and would then revert and only hours later could they use their computer. Microsoft brought this on themselves.

Re: Win X Upgrade

[guacamole]

Wait, are you saying Windows Update is now just as broke on Windows 7 as it always was on 10?

Re: Win X Upgrade

[dbIII]

You've obviously never worked enterprise IT.

I still laugh every time someone calls Microsoft's gaming OS gone wrong "enterprise". Still you have good points, but it has to be handled so carefully because it's a fragile piece of shit used in "enterprise" situations.

Windows 7 has more support for legacy applications

Because like everything else the backwards compatibility is fucked in MS Win10.

Re: Win X Upgrade

[dbIII]

I had a few where they would not update until I disabled all updates, rebooted, enabled updates and rebooted again.
The update software ended up being seriously broken at some point.

Re: Win X Upgrade

[Archtech]

You've obviously never worked enterprise IT.

It sounds to me as if you have never worked for Microsoft. Because...

You don't roll-out new versions of anything until they're thoroughly tested...

They do.

Re: Win X Upgrade

Enterprise IT doesn't take updates direct from Microsoft and I wasn't referring to them but since you bring it up... If a very high-profile security patches issued Enterprise it should be all over testing and releasing that in less than 3 months.

Re: Win X Upgrade

[Zero__Kelvin]

"Lol that someone modded this insightful. Every single one of those people who took the upgrade we're (sic)secure. "

Secure from whom? Their data certainly isn't secure from Microsoft anymore.

Re: Win X Upgrade

[GerryGilmore]

So, unless you totally wreck your existing system with W10, breaking your UI, requiring retraining of employees, re-validating all existing software, changing the entire model of software to a "subscription model" (cha-ching) and - dare I forget - giving MS access to your computer at their whim, you're a "neckbeard". Got it. Just how fat is your check from MS to shill for them? Fuck MS!

Re: Win X Upgrade

The Windows API has not changed in a great many years and all "properly written" applications work just perfectly on *any* version of Windows from at least NT 4.0 through to and including Windows 2016.

It takes a massive amount of work to deliberately write an application that does not work flawlessly on all versions of Windows (or it has to use other features outside of the standard API's to accomplish this grand feat).

I have a *HUGE* number of applications written in the mid to late 90's that work absolutely flawlessly on Windows 10 and Server 2016.

By the same token, I can write an application today that uses the Win32 API and it will run just swimmingly fine on NT 4.0.

Any application compatibility issues are deliberately created with malice aforethought by the vendors. It is not the natural state of affairs.

Re: Win X Upgrade

You will probably need a old version of visual studio, the crt in the last 5+ years uses stuff not available on nt4/2000. They also set the min version in the PE to 5.1 so you need to hack that even without crt.

Re: Win X Upgrade

Thank you for confirming this. On my Windows 7 laptop, I've been using Process Explorer to suspend TrustedInstaller.exe and makecab.exe as soon as they started, otherwise svchost.exe would soon consume a core until I rebooted. I had to login immediately after rebooting and watch and wait several minutes for the processes to start, and I had to do this for a year until I decided to risk Windows Update again recently and the problem went away.

How did you learn your info? Google searches were no help and it took me a lot of trial and error to figure this out.

Re: Win X Upgrade

My mother missed the forced Win10 upgrade because her computer (Win7) was stuck in update limbo due to a similar issue. It was several months before I could get to her computer and diagnose the issue. (She was complaining that the computer was unusably slow). I found that the windows update process was stuck hogging 100% CPU. By the time I got to it, the "free" Win 10 update period had passed. I guess Microsoft's incompetence worked against them in this case.

I finally found enough forum information to solve the problem. I think the answer was to delete the Windows Update cache completely and apply a KB something or another patch.

monocropping

[goombah99]

Monocropping leads to viruses whether agricultural or operating systems. Not much more to be said than that other than to point out Intels are the ultimate monocrop and they have a gigantic backdoor called the Management Engine.

In the age of global terrorism, one can expect engineered viruses for agriculture and computers to only increase till something we can't get past comes along. then we'll act in hindsight.

Pirated versions

Microsoft had released a public patch for Windows 7 months before the attack,...

What doesn't get reported often enough is that pirated versions of Windows cannot be patched and most of the infected computers were running pirated versions.

Re:Pirated versions

[F.Ultra]

Well I guess they have to pay a hefty Bitcoin license now then.

Re:Pirated versions

[ewhac]

...most of the infected computers were running pirated versions.

[Citation required]

Re:Pirated versions

What doesn't get reported often enough is that pirated versions of Windows cannot be patched

Actually, yes they can.

and most of the infected computers were running pirated versions.

Alright... you just completely made that up, didn't you?

Re:Pirated versions

[Zero__Kelvin]

They probably didn't report that second part of your statement because you pulled it out of your ass.

Re:Pirated versions

Alright... you just completely made that up, didn't you?

Of course, this is anecdotal, but from what I have read, there seems to be a segment of the population that believes the only reason to turn off updates is because you're using a pirated version of the software in question. This segment is referred to as "idiots," specifically idiots who want to pretend that updates are good and perfect anti-exploit solutions with no possible downsides because some guy who repairs computers for a living told them so, likely after they asked said repairman "Where's the any key?" a few times too many. As such, they stick their head in the sand over it and pretend they're hack-proof and obviously anyone who wouldn't accept this perfect security are inherently evil-doers.

That said, pirates are wise to turn off Windows Update, since Microsoft seems to think that people are dumb enough to run their anti-piracy software. That's a pretty strange situation in itself, if you think about it - literally the only thing that an anti-piracy update can do is hurt the user considerably. It can only do one of three things: find a pirated version and shut it down, mistake a legit version for a pirated version and shut it down anyway, and absolutely nothing. Probably ought to give people an idea of where their mindset has been with updates all along, and who they really intend to benefit with them.

Re: Pirated versions

Interestingly enough, i grew up with pirated windows all the way from 95 to xp. It always can be updated with no problem.(Exchange rate made it too expensive for the os price, think paying for any software x6 times with 1/2 the min wage. Literally.)

Now that i do have my whole household (parents included) on original win 7/8.1 (yes ms office too!) my Dad moved to ubuntu in early 2016 and i stopped patching mine since about then too.

Talk about irony.

Re:Pirated versions

Pirated versions of Windows 7 can look just like genuine versions if you use Daz's Windows Loader on them. It patches your BIOS at boot time to insert an appropriate SLIC to allow you to use an OEM license key (which it also provides for you). Windows can't tell the difference between that and an actual OEM licensed computer and considers it genuine.

I only use it for the odd testing VM, as it is less effort than resetting the 30 day activation period, and I don't want to reinstall every few months, especially given that it has been at least 6 months since I touched one of them.

I'll leave finding a copy of Daz's Windows Loader as an exercise for the interested reader.

I shut off Windows Update last year

So any Microsoft update patching this vulnerability is moot.

Re:0% of victims

[goombah99]

I run OSX. I don't gloat about it because I know it's not magical. Statistically however, it has been a really long run of safety and it's likely the most sensible choice for the future. It's fair to confidently say that you are far safer using macs now and in the foreseable future. But some of that immunity comes from the fact that it's less big of a target.

Conspiracy Theory

[dryriver]

MS wanted everybody on Windows 7 to upgrade to Win10 pronto - so they got someone to write Wannacry and release it into the wild. =)

Re:Conspiracy Theory

Windows 10 was actually just a ploy to get people so desperate to avoid being forcibly upgraded to Windows 10 that Windows 7 users would disable updates, thereby missing the update that made them immune the the vulnerability used by WannaCry and getting infected with Ransomware, hopefully resulting in them upgrading to Windows 10.

So fiendishly simple...

Re:Conspiracy Theory

[drinkypoo]

MS wanted everybody on Windows 7 to upgrade to Win10 pronto - so they got someone to write Wannacry and release it into the wild. =)

Not convoluted enough. M$ spying information goes straight to the feds, so they leaked this vulnerability to induce people to leave Windows 7 and go to Windows 10 so that they will be vulnerable to spying via telemetry.

I could take it well into fever dream territory but I have better things to do

Re:Conspiracy Theory

Given the comments researchers have made about the quality of the code, Microsoft probably got that library from NSA and wrote the rest of the code themselves.

Windows update flawed?

[edxwelch]

Supposing you have a machine that's hasn't been offline and not been updated for some time and then you connect to the internet and try to update it. Windows update is so slow and installs the updates in no special order - least important first, so Wannacry is going to get to you before Windows update has a chance to install that patch.

Re:Windows update flawed?

[The+MAZZTer]

Generally you are pwned in that way if you're connecting your PC directly to the internet with no hardware firewall or router which I suspect is pretty rare. Other than setting your router to DMZ mode (which might as well be called "PLEASE HACK ME" mode) as long as you have a router you generally don't get hacked that way. Typically the user has to initiate some action that gets them hacked, though it can be as innocent as opening an e-mail or loading a website they trust. I would say as long as you don't really start to use the internet until your patches are up to date the risk is pretty low.

That said you should keep up with patches in the first place. Windows does it for you and there's usually never a good reason to stop it.

Re:Windows update flawed?

Windows update is so slow and installs the updates in no special order...

It was basically criminal that they let the process of figuring out updates take so long. That is all solvable stuff, and I believed solved in newer windows versions. I think they deliberately let it get bad to make people want the new version of windows.

as far as updating of order. That may require special testing from microsoft. That being said, it may be worth it...

Re:Windows update flawed?

[misexistentialist]

Wuauserv probably silently stopped working on many older installations

Re:Windows update flawed?

[The+Grim+Reefer]

That said you should keep up with patches in the first place. Windows does it for you and there's usually never a good reason to stop it.

Until recently, I'd agree. But how many people turned off updates during the "free" Windows 10 thing? That in it's self damn near felt like there was a virus on your computer. Then there's the telemetry update that got added to Windows 7. Anyone who didn't want that also had to turn off automatic download and install of updates.

Re:Windows update flawed?

wuauserv or something else involved in windows update silently stops working on my win10 machine. First notice is that windows defender alerts me that it hasn't been able to update its definitions. Then maybe I'll try to install a program and the .msi will error out with a "durr hurr I'm too stupid to even include an error code to explain why I can't do shit". Likewise, attempting to uninstall a program will flash a popup that disappears immediately without uninstalling.

Then I reboot, windows defender updates, I can install .msi packages again, and uninstall works fine too. For a while.

Re:Windows update flawed?

[edxwelch]

Or even if you are installing a new machine.

Re: Windows update flawed?

Agreed. When it stops working most uses don't have a clue. I've seen many Windows 7 systems where the Windows Update feature just stops working and the end users doesn't notice until it's too late. The fix if they do happen to catch it? Multiple patches from Microsoft that you have to manually download and install.

Why they weren't wise enough to create a component that monitors the Windows Update subsystem and at a minimum alerts users when it stops working is beyond me. Ideally there would be another component or subsystem that does nothing but monitor Windows Update and makes sure that's it's functioning and that the Update engine is itself as up-to-date and warns the user if there's an issue with it.

I spent an hour and thirty minutes today helping a non techie friend who realized that no Windows 7 updates had been installed since 2015 even though they had auto updates turned on. They had the good sense to go into the Control Panel, check for installed updates, order them by date and saw the problem.

The solution? Manually downloading 4 Windows Updates that were a part of the 2016 Convinience Update package that fixes the Windows Update engine. After installing those 4 updates and then checking for more updates and installing all the remaining updates the system was finally fully patched and back to functioning properly. Thank God he didn't use IE p, had good AV software and was smart enough to know not to open shady email attachments.

Windows 7 going EOL in 2020 will be a disaster. I know a lot of people who hate 8, don't think 10 is much better from a Start Menu UI perspective (though they acknowledge it's better than 8's Start Screen) and don't want to go.

Microsoft needs to get its act together and bring back the same options with the Start Menu that were available in Windows 7 and give users a choice. Let them have the Start Screen for tablets or touch screens if they want it or revert to a fully functional Windows 7 style Start Menu if their a traditional desktop / laptop users.

Re:Windows update flawed?

Yep Exactly what i did on all my Win 7 and 8 machines.
No way that I was going to have that Win 10 Shit and its spying on my network.

I back up all my files using linux and with versioning, I do not care if the windows machines get fooked

K

Re:Windows update flawed?

That said you should keep up with patches in the first place. Windows does it for you and there's usually never a good reason to stop it.

Unless, of course, the automatic update would completely replace your operating system with another one built with extremely questionable motives, often installed by tricking the user, and has systems built in that would be classed as spyware if literally any other company on Earth had put them in.

But, hey, it's not like anyone would ever do that, right? Not like anyone would ever abuse their near-monopoly and try to force people into letting their computers be taken over so they can pay on a recurring basis and be controlled by the company. ...right?

Re:Windows update flawed?

[ayesnymous]

Supposing you have a machine that's hasn't been offline and not been updated for some time and then you connect to the internet and try to update it. Windows update is so slow and installs the updates in no special order - least important first, so Wannacry is going to get to you before Windows update has a chance to install that patch.

Not if you're behind a router and you don't open any suspicious emails while it's updating. From what I remember reading (I could be wrong), you only get infected from certain open ports or opening infected emails.

Of course...

[xlsior]

... Win7 easily allows the end user to disable updates, unlike win8/10 which will automatically re-enable them for you. A fully up to date win7 would also have received the patch in March that would have closed the vulnerability.

Re:Of course...

8 doesnt reenable the updates, just hit the option to make the win update process not start when the computer boots up and thats it, it wont run, it wont even let you scan for updates with the service off

Re:Of course...

[Zumbs]

Which was all nice and dandy until Microsoft decided to ram Windows 10 down everyones throats. I can fully understand the annoyed users who simply disabled Windows Update because of those nasty practices on the part of Microsoft. Trust is easily lost and hard to regain.

Isn't XP already end of life'd?

Why would you expect patches for an almost 2 decades old OS?
Using XP is like using leaches and blood letting to cure disease.

Re:Isn't XP already end of life'd?

Why would you expect patches for an almost 2 decades old OS?

Microsoft still creates XP patches for paid customers, and will keep doing so for years to come. It's not hard to get copies of the patch binaries. There's also a registry trick that will let you receive updates targeting XP Embedded, free of charge and without "borrowing" the patches from an extended support program customer.

Likely cause

Microsoft updates broke on Windows 7 several times over the last few years. Less technical users left it broken, now they've been broken into.

Re:Likely cause

[F.Ultra]

And after paying the ransom they are now also broke.

Re:Likely cause

[Rockoon]

I was thinking the same thing.

Wannacry gets 75% of a 4 core more machine, while Windows Update burns up the remaining 25% perpetually checking for updates...

It is the rare exception to the rule that actually fixed Windows Update on Win 7 machine since the last time around because they broke it literally right before the windows 10 trickery. Most of the people that noticed just disabled the service. Those that fixed the service were then later met with "Roll Ups" instead of patches and thus most of those eventually disabled the service anyways.

Of Course...

...because turning off windows update was the only way to stop ms from stuffing Windows10, Telemetry and other fuckups down our throat...

AMiGA

Didn't affect my AMiGA.

Here is a possible explanation

Windows updates stopped working on my Windows 7 machine about September last year and nothing except for a complete reinstall seems to get it working again - neither Microsoft repair tools, nor 3rd party tools, nothing. It just rolls back every update as failed for almost a year, and I guess I'm not the only one with this problem. So of course the latest patches are not installed.

Re:Here is a possible explanation

I had the same problem and I managed to get it fixed about 2 months ago by following some arcane sequence of actions, involving manually installing some updates with the machine offline and windows updates turned off. Then I had to wait for 3 hours for the whole process to complete.

Re:Here is a possible explanation

[Trogre]

Download the following patches and chuck them on a flash key, along with a batch file to disable wuauserv and apply each of them in turn:
kb3138612
kb3145739
kb3164033
kb3020369
kb3172605
kb3168965

Reboot once, then do it again.

I've done this on dozens of Windows 7 machines that were in the apparently eternal search for updates, and all of them got their updates about five minutes after installing the above.

Re:0% of victims

[goombah99]

But 90% of douchebags run something other than OSX or Windows.

DOS?

Re:0% of victims

But 90% of douchebags run something other than OSX or Windows.

DOS?

PC-DOS, MS-DOS, DR-DOS, FreeDOS, TRS-DOS, Apple DOS (3.2 or 3.3?), ProDOS, something else?

Re:0% of victims

[Cmdln+Daco]

DOS?

CP/M-86

Why not patched?

[viperidaenz]

If a patch was released months ago, why did so many people not install it?

Re:Why not patched?

[TimSSG]

Likely because MS trained them to turn off Windows Update because of the Windows 10 virus. Tim S.

If a patch was released months ago, why did so many people not install it?

Re:Why not patched?

[James+Carnley]

Same reasons as always. Lazy and incompetent IT staff at corporations, low knowledge techies that disable Windows Update, long beards who only install certain updates manually after reading the associated KB article and self-determining whether or not they need an update.

This is one of the reasons that Microsoft set Windows Update to be automatic in Windows 10. It makes the OS much safer and generally makes the internet safer as a whole.

Re:Why not patched?

[zephvark]

This is one of the reasons that Microsoft set Windows Update to be automatic in Windows 10. It makes the OS much safer and generally makes the internet safer as a whole.

Citation needed. I have seen many Windows updates that cause Windows to completely fail to start. This may mean you need to completely reinstall the OS, which is time-consuming and may leave you open to infection the whole time.

If you have used Windows for any length at all, you are quite familiar with the ritual of "download!" "reboot!" "download some more!" "reboot!" (repeat while cursing, gnashing your teeth, ripping your hair out and wailing).

Re:Why not patched?

[James+Carnley]

You need a citation that security updates make a computer safer?

Re:Why not patched?

[Kjella]

Same reasons as always. Lazy and incompetent IT staff at corporations, low knowledge techies that disable Windows Update, long beards who only install certain updates manually after reading the associated KB article and self-determining whether or not they need an update. This is one of the reasons that Microsoft set Windows Update to be automatic in Windows 10. It makes the OS much safer and generally makes the internet safer as a whole.

And if they put in a safe, encased the safe in concrete and dumped it at the bottom of the ocean it'd be even safer. Not very user-friendly though, neither is the force-feeding of random feature updates at inconvenient times. They could have had a category for "Security bulletins and critical updates" that contained only tiny, to-the-point patches for exploits and other big malfunctions, no feature upgrades, no license checks, no trivial extras just the absolute minimum no sane user should disable and 99% of this problem would go away. I'm happy running an OS from 2009. Before that I was running an OS from 2001. I don't need feature updates twice a year and particularly not GUI makeovers.

I realize though that having a zillion combination of patches might be a pain to support, so here's what I'd like to have seen:
1. Microsoft releases version A. You can either stay on stable branch A or get rolling updates A*.
2. After 4 years Microsoft takes the current setup, calls it B. You now have three supported configurations A, B, B*.
3. After 8 years Microsoft takes the current setup, calls it C. You now have four supported configurations A, B, C and C*.
4. After 10 years support for A ends, before that you should migrate to B, C or C*.
From there they'd just bounce between 3-4 supported configurations of N-2, N-1, N and N*.

Most importantly still regardless of when it's updated everything should come with an off switch. I don't mind if Microsoft asks for telemetry. I have a problem with Microsoft demanding telemetry. It's like my car dealer refusing to service the car unless I've kept a log of how I've used it. I could almost live with that if you had to find some obscure setting only 0.01% would turn off. But it's when you deny me that choice this smells really foul. Not that I expect Microsoft to do anything really ugly until most people are on Win10 and can't disable the updates.

Re: Why not patched?

Likely because of fud from assholes like TimS who frankly are comlpicit in naive people turning off updates out of sheer paranoia and lies and then getting hit. Nice job asshole. You should be buying Bitcoin and distributing to victims.

Re:Why not patched?

[malkavian]

You've never run a heterogenous enterprise setup, with hundreds of vendor systems in it?

Re:Why not patched?

[Ol+Olsoc]

Same reasons as always. Lazy and incompetent IT staff at corporations, low knowledge techies that disable Windows Update, long beards who only install certain updates manually after reading the associated KB article and self-determining whether or not they need an update.

This is one of the reasons that Microsoft set Windows Update to be automatic in Windows 10. It makes the OS much safer and generally makes the internet safer as a whole.

Thank you, you can pick up your check tomorrow.

Just don't be so rough on the assholes, they are going to catch on to us.

Re:Why not patched?

[Ol+Olsoc]

Citation needed. I have seen many Windows updates that cause Windows to completely fail to start.

That's the new Windows model - Security through inoperability.

Re:Why not patched?

I do. Patching is part of our monthly cycle for ALL SYSTEMS. If it isn't then you have incompetent IT.

Re:Why not patched?

[Ol+Olsoc]

You need a citation that security updates make a computer safer?

You can prove that there is less virus activity because of Windows 10.

All said, a lot of people turned off Windows 7 updates just because Microsoft loaded Windows 10 on their machines without permission. A lot of people got mysterious blank windows that would install Windows ten with a pretty tenuous definition of "permission".

Microsoft's insidious practice of trying to ram W10 down peoples gullets, with an interface they didn't like and telemetry they didn't want, and update and security they didn't want, and when the best way to avoid the assault on your property was to turn off updates....

Sorry, but a lot of us are of the opinion that Windows 10, rather than make the internet safe, when coupled with Microsoft's heavy handed intrusion on people - set up the situation of both disabling updates, and disabling migration to Windows 10.

Which in turn, helped enable this problem.

Re:Why not patched?

if the auto on would only apply security updates that would be fine, but it keeps wanting to download the "creators update" which hijacks my lousy 3mb/sec (yes) DSL connection, which is all I am currently able to get

Re:Why not patched?

[dbIII]

Bullshit.
I have some fairly important software on a previous version because very major features are broken by a new patch.
Test then deploy, not just deploy like a trained monkey.

Re: Why not patched?

By "hijacks" surely you mean uses it to download? How dare they?

Re:Why not patched?

[viperidaenz]

That's what WSUS is for. It gives you complete control of update installation. You can set up a testing group of machines to apply the updates to, test it, then deploy to the rest of the organisation.

Re:Why not patched?

[dbIII]

Indeed - you don't just blindly patch everything and be assumed incompetent if you don't blindly patch everything like the insulting AC above suggested.

Re: Why not patched?

The real asshole is a guy named APK.

Re: Why not patched?

The FUD was caused by Microsoft shoving Windows 10 down everyone's throat whether they consented or not.

MS Broke Windows 7 Updates

[chrisaj5]

This does not surprise me. I have two systems on which the update process was broken on Windows 7. With auto-updates set for automatic mode, updates would not install. If you manually force the system to check for updates, it gets stuck in an endless loop showing a moving progress indicator. This is the best link I found to deal with the issue: http://www.askvg.com/fix-windows-7-keeps-checking-for-updates-for-hours/

If the process is broken and there's no notification, then all of these systems are vulnerable.

Re:MS Broke Windows 7 Updates

[sniper86]

Someone wrote an automated tool to install all KB's to fix Windows Update for Win 7:

https://answers.microsoft.com/...

Worked on all 3 machines I used it on, in various WU states (endless loop, failing to install).

 

I had W7 updates turned off.

[dwywit]

For 2 reasons:

1. MS pushing telemetry as updates.
2. W7 updates stuck at "Downloading 0%" for hours and hours, then failing.

So now I use wsusoffline every time a periodic "quality and security rollup" is released. It's not as convenient, but it works. I still have to check for telemetry.

P.S. problem # 2 was actually solved by stopping wuauserv, deleting the contents of %windows%\SoftwareDistribution\datastore and %windows%\SoftwareDistribution\downloads, and starting wuauserv again.

Re:I had W7 updates turned off.

KB3172605. You can find various instructions, but get that installed and the vast majority of these cases go away.

Download the manual installer.
Turn off Windows Update.(no checks)
disconnect internet.
run the installer.
reboot, and re-enable net+updates.

If you get an error, you are missing either SP1 or KB3020369. If so, do the same thing, same way for those first.

Re:0% of victims

[The+Grim+Reefer]

Team OS/2!

Bullshit!

[Gravis+Zero]

I'll wait for the Linux port. ;)

Re:Bullshit!

[ChunderDownunder]

Someone demonstrated a proof of concept that infection was possible in Wine.

Re:Bullshit!

I don't use Wine.
I use Linux only.
No SMB stuff, just NFS.

Depends on who you ask I bet.

The title of this post is: Almost All WannaCry Victims Were Running Windows 7

It should read Almost all WannaCry Victims using Kaspersky were running Windows 7.

Using for gauging how many XP machines were impacted out there, is likely not accurate.

Re:0% of victims

[elistan]

The company I work for is, like most companies, a Windows shop. However, in the case that there's a major issue with Windows the admins have MacBooks as their mobile device. That there will always be something that can access switches and other non-MS devices, and start the rebuilding process.

AC has a question

I run Win7x64 with updates disabled ever since the backported telemetry from MS started happening, so I haven't applied the recent patch.
I *have* added the two registry entries related to SMB and used the console commands to disable the client side stuff.

Is there -ANYTHING ELSE- that I need to do to avoid the current gen ransomware, aside from not clicking on shady attachments?

I tried looking this up a few days ago but since everyone was still in freakout mode I never found a straight answer

Re: AC has a question

There is one other thing you should do. Turn the f****** updates back on. You probably don't give a damn that Google actually spies on you and profits from you. But when Microsoft wants some telemetry to make sure systems are secure and the system is running well suddenly we get all private.

Re: AC has a question

I don't use google, and have a typical loadout of tracker/ad/beacon blocking crap installed as well as noscript and a couple other things. Quit making assumptions.

Micro$oft uses security issues to scare people

"Upgrade to Window$ 10; it's safer." Yeah...sure. (Rolling eyes).

Re: Micro$oft uses security issues to scare people

The article shows how many users we're affected by version. Windows 10 had zero. So yeah, the we're correct.

Re:0% of victims

But 90% of douchebags run something other than OSX or Windows.

DOS?

We run OpenBSD.

Re: 0% of victims

Nonsense...
Everything Apple make or does is magical and works because of magical rainbows... Have you never Seen a commercial?

Re: More surprising statistics

Donald?

Class Action Suit in the wings

[CraigCruden]

I expect a class action suit to be filed alleging that a majority of those that were infected were put in that position by unethical behaviour of Microsoft forcing Windows 10 upgrades -- which forced those that wanted to stay on Windows 7 longer to turn off automatic patching of the operating system.

Not mine (how & why in ps)... apk

From MS - SMB Ports 445/139 (TCP) & 137/138 (UDP) protection via:

Disable SMBv1 on the SERVER, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1

REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Default: 1 = Enabled

Enable SMBv2 on the SERVER, configure the following registry key:

Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2

REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Default: 1 = Enabled

---

Disable SMBv1 on the CLIENT, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi

sc.exe config mrxsmb10 start= disabled

Enable SMBv2 & SMBv3 on the CLIENT, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi

sc.exe config mrxsmb20 start= auto

---

* The above is per https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012/

APK

P.S.=> Lastly, per my subject above: For a SINGLE 'standalone' non-networked PC (no home network/LAN but TCP/IP connected online) turn off Server & Workstation services.

That shuts off any "handles" (port 445) this thing propogates thru + turn off NetBIOS over TCP/IP in your internet connection & uncheck/disable Client for Microsoft Networks + File and Print Sharing. Port 139 & 445 always pop up issues over time. It also makes your packet trains smaller (no encapsulation of LanMan)

I covered all this 11++ yrs. ago in a security guide I wrote for users with a single system & apparently, its advice STILL STANDS THE "TEST OF TIME" https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Google+Search&gbv=1/ vs. even today's threats like this one.

* This effectively makes this threat a non-issue + saves you CPU cycles/RAM & other I/O wasted on services you don't NEED as a single PC user only... & you don't. They're just wastes with a single PC really. Many services are (covered in guide above based on CIS Tool guidance (who took fixes to their ware from "yours truly" too, no less)) & again, no more encapsulated packet bulk.

AND?

Don't be STUPID & click on attachments in bogus malicious emails this thing propogates thru also (Chrome/Opera/Webkit users - BEWARE of the ShellControlFile issue that just popped up (.scf file) noted here-> http://www.theregister.co.uk/2017/05/17/chrome_on_windows_has_credential_theft_bug/ ) ... apk

Re: Not mine (how & why in ps)... apk

This why there should have been a "real" Windows for home/soe version,with all non essential services missing and a "real" version for pros,with everything included but needing turning on as needed,it's what folk pay I.t specialists for I thought..
Me,I was lucky,I had access to good software shop that had a version of xp that had vast chunks ripped out,it was a gutted version of xp embeded,you had to actively engage even the most basic connections,ran like a dream,it was just so fast,then ms noticed and got snotty,even though it was licenced..
My next machine will run on os2,the new version just released this week..
Bugger ms, they started with a criminal act of theft and have carried on in the same vein ever since..

Re:Not mine (how & why in ps)... apk

Not a clear cut instruction. Is it really SMB1 or SMB2 as the NAME of the entry? Or the entry is SMB and the dword VALUE of that entry is set to 1. Or is the value left as NULL (left alone empty which means it really is SMB1) ?
Instruction should be something like this, create a new DWORD VALUE as SMB, then double click [or right-click then chose modify] that new entry and enter the value 1 (or 2 for SMB 1 and SMB 2). Can you clarify?

Re:Not mine (how & why in ps)... apk

[Shimbo]

Not a clear cut instruction. Is it really SMB1 or SMB2 as the NAME of the entry?

Yes.

Its worse than you think

Productivity losses from this worn will likely be significant enough to impact Q2 2017 financial results for many organizations. Short-sell stocks at your own peril and may $DEITY have mercy upon you.

Windows Server 2003 by default

Windows Server 2003 by default installs as Pro/Workstation minus things like IIS etc. (you would have liked it I infer from your words) but was full featured (for far more than just IIS) if you elected to install more, as needed.

APK

P.S.=> I ran OS/2 2.0 - 3.0 Warp circa 1992-1996 - I liked it even on a 486 Dx/4 133mhz 486 w/ 32mb of RAM on ISA hardware & a SVGA card (Diamond Stealth 64 'windows accelerator w/ drivers for OS/2 on VLB (vesa local bus)) & dual Western Digital 200mb harddrives of IDE 5400rpm via a Promise Technology 16mb 4 way set-associative write-back/through caching controller also on VLB & modem/soundcard on ISA bus (good machine for it's time)...

I'd like to see Modern Windows or even Linux do it on that old iron. I know NT 3.51 did on same equipment simultaneously to boot from - I selected them @ boot as to which to boot - they were in IBM bootmanager initiated... apk

Re:0% of victims

AOS/VS!

Re:0% of victims

[Zero__Kelvin]

You have a 100% inability to do basic math :-)

Tutorial to patch Win7 without adding telemetry?

[KWTm]

I'd like to draw on the collective wisdom of my fellow Slashdotters:

If I am one of those people who turned off Win7 updates to avoid being forcibly upgraded to Win10, can anyone recommend a good website that will guide me through updating Win7 to patch the WannaCry flaw, without adding the telemetry or other unwanted pieces of the upgrade?

I am more familiar with Linux but am forced to use Windows at work, but I insist on avoiding Windows n where n>7.

SMB2/SMB1 = entry names of DWORD type

SMB2/SMB1 = entry names & their data will be of DWORD type. Refer to Microsoft link @ the end though, not I.

APK

P.S.=> It'll be that though 1= on/true & 0 = off/false (it's the typical structure in the registry - examine others near it in regedit.exe to see what I mean) ... apk

It could have been worse

The numbers for Windows 7 are so bad because not even WannaCry can run right on Windows 8/8.1/10 apparently! :)

Re:Tutorial to patch Win7 without adding telemetry

https://superuser.com/questions/1209909/how-to-protect-my-window-from-wanna-cry-wanna-crypt-ransomware-attack/1209910

Re:Tutorial to patch Win7 without adding telemetry

Users of the Ask Woody site have collaborated to publish what they call AWKB 2000003: Ongoing list of "Group B" monthly updates for Win7 and 8.1. "Group B" in Ask Woody lingo are those of us who have decided to remain on 7, disable all automatic updates, and only install security related patches. The linked article tracks all of the security-only updates since October, when Microsoft changed their patching behavior to push monthly "roll ups" via Windows Update.

So much for faulting XP holdouts!

And I think Windows 10 might actually be worse than being a WannaCry victim!