Slashdot Mirror

← Back to Stories (view on slashdot.org)

Almost All WannaCry Victims Were Running Windows 7 (theverge.com)

Posted by BeauHD on from the full-of-surprises dept.

An anonymous reader quotes a report from The Verge: According to data released today by Kaspersky Lab, roughly 98 percent of the computers affected by the ransomware were running some version of Windows 7, with less than one in a thousand running Windows XP. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections. Windows 7 is still by far the most common version of Windows, running on roughly four times as many computers as Windows 10 worldwide. Since more recent versions of Windows aren't vulnerable to WannaCry, it makes sense that most of the infections would hit computers running 7. Still, the stark disparity emphasizes how small of a role Windows XP seems to have played in spreading the infection, despite early concerns about the outdated operating system. The new figures also bear on the debate over Microsoft's patching practices, which generated significant criticism in the wake of the attack. Microsoft had released a public patch for Windows 7 months before the attack, but the patch for Windows XP was only released as an emergency measure after the worst of the damage had been done. The patch was available earlier to paying Custom Support customers, but most XP users were left vulnerable, each unpatched computer a potential vector to spread the ransomware further. Still, Kaspersky's figures suggest that unpatched XP devices played a relatively small role in the spread of the ransomware.

63 of 123 comments (clear)

  1. Yea, but by wizkid · · Score: 1

    Since more recent versions of Windows aren't vulnerable to WannaCry, it makes sense that most of the infections would hit computers running 7. Still, the stark disparity emphasizes how small of a role Windows XP seems to have played in spreading the infection, despite early concerns about the outdated operating system.

    Really old systems in Hospitals that only run winblows XP and were effecting the lives of patents were the main concerns on the XP front. Only a few getting infected with wcry and encrypting critical patent files can seriously effect how Medical Facilities are functioning. I don't doubt that Win 7 got hit hardest. When it gets behind the weak hospital firewall and starts killing that shit, XP boxes didn't have the available patch to stave it off.

    --
    I take no responsibility for what I say. Even though I'm never wrong :)
    1. Re: Yea, but by Cipheron · · Score: 1

      It's inappropriate to spell-check a quotation, you provide it as-is.

  2. Win X Upgrade by Anonymous Coward · · Score: 5, Insightful

    If MS hadn't tried to force Win10 down Win7 user's throats maybe more would have been installing patches.

    1. Re: Win X Upgrade by TWX · · Score: 4, Insightful

      You've obviously never worked enterprise IT. You don't roll-out new versions of anything until they're thoroughly tested, and sometimes you find that you can't roll-out a new version of some software because other mission-critical software is not compatible with whatever new thing you're trying.

      Case in point, all of those ATMs and Point of Sale systems that are still running XP, that Microsoft is still supporting.

      Windows 7 has more support for legacy applications than 8/8.1, and Windows 10 has even less support than 8/8.1. If those legacy applications provide the profit or are otherwise of primary importance to the organization then it does not make sense for the organization to change software. The operating system is merely a means to an end, not the end itself.

      --
      Do not look into laser with remaining eye.
    2. Re: Win X Upgrade by jimtheowl · · Score: 3, Insightful

      Not all people will accept being forced to Windows 10, and that is why they are not patching their machines.

      That is regardless of the fact that the ones that did update were secure.

    3. Re: Win X Upgrade by TWX · · Score: 1

      I was talking about remaining on Windows 7, not about patching the installbase of Windows 7 as updates come out. If you're th AC that I replied to, heaven help you.

      --
      Do not look into laser with remaining eye.
    4. Re: Win X Upgrade by mea_culpa · · Score: 4, Informative

      Microsoft broke Windows Update on Windows 7 soon after the Windows 10 Upgrade windows closed with some botched updates.
      Windows 7 computers that didn't take the update were treated with a runaway svchost.exe processes that consumed 100% of a core and near a GB of RAM while halting future updates at the same time. The only way to get performance back was to disable Windows Update. Even reloading Windows 7 from scratch didn't solve the problem. Updates would never come, and svchost.exe was stuck at 100% and massive amounts of memory. Microsoft let this problem linger for months probably in the hopes that users would upgrade to 10. Others here have suggested that it was due to MS not releasing roll-up updates and letting the library grow beyond what Windows Update was able to process. Since the April 2017 security patch Microsoft has begun roll-up updates to solve this problem.

      This is 100% Microsoft's fault.

    5. Re: Win X Upgrade by guacamole · · Score: 1

      Wait, are you saying Windows Update is now just as broke on Windows 7 as it always was on 10?

    6. Re: Win X Upgrade by dbIII · · Score: 1

      You've obviously never worked enterprise IT.

      I still laugh every time someone calls Microsoft's gaming OS gone wrong "enterprise". Still you have good points, but it has to be handled so carefully because it's a fragile piece of shit used in "enterprise" situations.

      Windows 7 has more support for legacy applications

      Because like everything else the backwards compatibility is fucked in MS Win10.

    7. Re: Win X Upgrade by dbIII · · Score: 1

      I had a few where they would not update until I disabled all updates, rebooted, enabled updates and rebooted again.
      The update software ended up being seriously broken at some point.

    8. Re: Win X Upgrade by Archtech · · Score: 1

      You've obviously never worked enterprise IT.

      It sounds to me as if you have never worked for Microsoft. Because...

      You don't roll-out new versions of anything until they're thoroughly tested...

      They do.

      --
      I am sure that there are many other solipsists out there.
    9. Re: Win X Upgrade by Zero__Kelvin · · Score: 3, Insightful

      "Lol that someone modded this insightful. Every single one of those people who took the upgrade we're (sic)secure. "

      Secure from whom? Their data certainly isn't secure from Microsoft anymore.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    10. Re: Win X Upgrade by GerryGilmore · · Score: 1

      So, unless you totally wreck your existing system with W10, breaking your UI, requiring retraining of employees, re-validating all existing software, changing the entire model of software to a "subscription model" (cha-ching) and - dare I forget - giving MS access to your computer at their whim, you're a "neckbeard". Got it. Just how fat is your check from MS to shill for them? Fuck MS!

  3. monocropping by goombah99 · · Score: 4, Insightful

    Monocropping leads to viruses whether agricultural or operating systems. Not much more to be said than that other than to point out Intels are the ultimate monocrop and they have a gigantic backdoor called the Management Engine.

    In the age of global terrorism, one can expect engineered viruses for agriculture and computers to only increase till something we can't get past comes along. then we'll act in hindsight.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  4. I shut off Windows Update last year by Anonymous Coward · · Score: 1

    So any Microsoft update patching this vulnerability is moot.

  5. Conspiracy Theory by dryriver · · Score: 2, Insightful

    MS wanted everybody on Windows 7 to upgrade to Win10 pronto - so they got someone to write Wannacry and release it into the wild. =)

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
    1. Re:Conspiracy Theory by Anonymous Coward · · Score: 1

      Windows 10 was actually just a ploy to get people so desperate to avoid being forcibly upgraded to Windows 10 that Windows 7 users would disable updates, thereby missing the update that made them immune the the vulnerability used by WannaCry and getting infected with Ransomware, hopefully resulting in them upgrading to Windows 10.

      So fiendishly simple...

    2. Re:Conspiracy Theory by drinkypoo · · Score: 1

      MS wanted everybody on Windows 7 to upgrade to Win10 pronto - so they got someone to write Wannacry and release it into the wild. =)

      Not convoluted enough. M$ spying information goes straight to the feds, so they leaked this vulnerability to induce people to leave Windows 7 and go to Windows 10 so that they will be vulnerable to spying via telemetry.

      I could take it well into fever dream territory but I have better things to do

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  6. Windows update flawed? by edxwelch · · Score: 1

    Supposing you have a machine that's hasn't been offline and not been updated for some time and then you connect to the internet and try to update it. Windows update is so slow and installs the updates in no special order - least important first, so Wannacry is going to get to you before Windows update has a chance to install that patch.

    1. Re:Windows update flawed? by The+MAZZTer · · Score: 3, Insightful

      Generally you are pwned in that way if you're connecting your PC directly to the internet with no hardware firewall or router which I suspect is pretty rare. Other than setting your router to DMZ mode (which might as well be called "PLEASE HACK ME" mode) as long as you have a router you generally don't get hacked that way. Typically the user has to initiate some action that gets them hacked, though it can be as innocent as opening an e-mail or loading a website they trust. I would say as long as you don't really start to use the internet until your patches are up to date the risk is pretty low.

      That said you should keep up with patches in the first place. Windows does it for you and there's usually never a good reason to stop it.

    2. Re:Windows update flawed? by misexistentialist · · Score: 1

      Wuauserv probably silently stopped working on many older installations

    3. Re:Windows update flawed? by The+Grim+Reefer · · Score: 3, Insightful

      That said you should keep up with patches in the first place. Windows does it for you and there's usually never a good reason to stop it.

      Until recently, I'd agree. But how many people turned off updates during the "free" Windows 10 thing? That in it's self damn near felt like there was a virus on your computer. Then there's the telemetry update that got added to Windows 7. Anyone who didn't want that also had to turn off automatic download and install of updates.

    4. Re:Windows update flawed? by edxwelch · · Score: 1

      Or even if you are installing a new machine.

    5. Re:Windows update flawed? by ayesnymous · · Score: 1

      Supposing you have a machine that's hasn't been offline and not been updated for some time and then you connect to the internet and try to update it. Windows update is so slow and installs the updates in no special order - least important first, so Wannacry is going to get to you before Windows update has a chance to install that patch.

      Not if you're behind a router and you don't open any suspicious emails while it's updating. From what I remember reading (I could be wrong), you only get infected from certain open ports or opening infected emails.

  7. Of course... by xlsior · · Score: 1

    ... Win7 easily allows the end user to disable updates, unlike win8/10 which will automatically re-enable them for you. A fully up to date win7 would also have received the patch in March that would have closed the vulnerability.

    1. Re:Of course... by Zumbs · · Score: 4, Insightful

      Which was all nice and dandy until Microsoft decided to ram Windows 10 down everyones throats. I can fully understand the annoyed users who simply disabled Windows Update because of those nasty practices on the part of Microsoft. Trust is easily lost and hard to regain.

      --
      The truth may be out there, but lies are inside your head
  8. Of Course... by Anonymous Coward · · Score: 1

    ...because turning off windows update was the only way to stop ms from stuffing Windows10, Telemetry and other fuckups down our throat...

  9. AMiGA by Anonymous Coward · · Score: 1

    Didn't affect my AMiGA.

  10. Here is a possible explanation by Anonymous Coward · · Score: 5, Interesting

    Windows updates stopped working on my Windows 7 machine about September last year and nothing except for a complete reinstall seems to get it working again - neither Microsoft repair tools, nor 3rd party tools, nothing. It just rolls back every update as failed for almost a year, and I guess I'm not the only one with this problem. So of course the latest patches are not installed.

    1. Re:Here is a possible explanation by Anonymous Coward · · Score: 1

      I had the same problem and I managed to get it fixed about 2 months ago by following some arcane sequence of actions, involving manually installing some updates with the machine offline and windows updates turned off. Then I had to wait for 3 hours for the whole process to complete.

    2. Re:Here is a possible explanation by Trogre · · Score: 2

      Download the following patches and chuck them on a flash key, along with a batch file to disable wuauserv and apply each of them in turn:
      kb3138612
      kb3145739
      kb3164033
      kb3020369
      kb3172605
      kb3168965

      Reboot once, then do it again.

      I've done this on dozens of Windows 7 machines that were in the apparently eternal search for updates, and all of them got their updates about five minutes after installing the above.

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  11. Re:0% of victims by goombah99 · · Score: 2

    But 90% of douchebags run something other than OSX or Windows.

    DOS?

    --
    Some drink at the fountain of knowledge. Others just gargle.
  12. Re:Pirated versions by F.Ultra · · Score: 1

    Well I guess they have to pay a hefty Bitcoin license now then.

  13. Re:0% of victims by Cmdln+Daco · · Score: 1

    DOS?

    CP/M-86

  14. Why not patched? by viperidaenz · · Score: 1

    If a patch was released months ago, why did so many people not install it?

    1. Re:Why not patched? by TimSSG · · Score: 3, Informative
      Likely because MS trained them to turn off Windows Update because of the Windows 10 virus. Tim S.

      If a patch was released months ago, why did so many people not install it?

    2. Re:Why not patched? by James+Carnley · · Score: 1

      Same reasons as always. Lazy and incompetent IT staff at corporations, low knowledge techies that disable Windows Update, long beards who only install certain updates manually after reading the associated KB article and self-determining whether or not they need an update.

      This is one of the reasons that Microsoft set Windows Update to be automatic in Windows 10. It makes the OS much safer and generally makes the internet safer as a whole.

    3. Re:Why not patched? by zephvark · · Score: 3

      This is one of the reasons that Microsoft set Windows Update to be automatic in Windows 10. It makes the OS much safer and generally makes the internet safer as a whole.

      Citation needed. I have seen many Windows updates that cause Windows to completely fail to start. This may mean you need to completely reinstall the OS, which is time-consuming and may leave you open to infection the whole time.

      If you have used Windows for any length at all, you are quite familiar with the ritual of "download!" "reboot!" "download some more!" "reboot!" (repeat while cursing, gnashing your teeth, ripping your hair out and wailing).

    4. Re:Why not patched? by James+Carnley · · Score: 1

      You need a citation that security updates make a computer safer?

    5. Re:Why not patched? by Kjella · · Score: 4

      Same reasons as always. Lazy and incompetent IT staff at corporations, low knowledge techies that disable Windows Update, long beards who only install certain updates manually after reading the associated KB article and self-determining whether or not they need an update. This is one of the reasons that Microsoft set Windows Update to be automatic in Windows 10. It makes the OS much safer and generally makes the internet safer as a whole.

      And if they put in a safe, encased the safe in concrete and dumped it at the bottom of the ocean it'd be even safer. Not very user-friendly though, neither is the force-feeding of random feature updates at inconvenient times. They could have had a category for "Security bulletins and critical updates" that contained only tiny, to-the-point patches for exploits and other big malfunctions, no feature upgrades, no license checks, no trivial extras just the absolute minimum no sane user should disable and 99% of this problem would go away. I'm happy running an OS from 2009. Before that I was running an OS from 2001. I don't need feature updates twice a year and particularly not GUI makeovers.

      I realize though that having a zillion combination of patches might be a pain to support, so here's what I'd like to have seen:
      1. Microsoft releases version A. You can either stay on stable branch A or get rolling updates A*.
      2. After 4 years Microsoft takes the current setup, calls it B. You now have three supported configurations A, B, B*.
      3. After 8 years Microsoft takes the current setup, calls it C. You now have four supported configurations A, B, C and C*.
      4. After 10 years support for A ends, before that you should migrate to B, C or C*.
      From there they'd just bounce between 3-4 supported configurations of N-2, N-1, N and N*.

      Most importantly still regardless of when it's updated everything should come with an off switch. I don't mind if Microsoft asks for telemetry. I have a problem with Microsoft demanding telemetry. It's like my car dealer refusing to service the car unless I've kept a log of how I've used it. I could almost live with that if you had to find some obscure setting only 0.01% would turn off. But it's when you deny me that choice this smells really foul. Not that I expect Microsoft to do anything really ugly until most people are on Win10 and can't disable the updates.

      --
      Live today, because you never know what tomorrow brings
    6. Re:Why not patched? by malkavian · · Score: 1

      You've never run a heterogenous enterprise setup, with hundreds of vendor systems in it?

    7. Re:Why not patched? by Ol+Olsoc · · Score: 1

      Same reasons as always. Lazy and incompetent IT staff at corporations, low knowledge techies that disable Windows Update, long beards who only install certain updates manually after reading the associated KB article and self-determining whether or not they need an update.

      This is one of the reasons that Microsoft set Windows Update to be automatic in Windows 10. It makes the OS much safer and generally makes the internet safer as a whole.

      Thank you, you can pick up your check tomorrow.

      Just don't be so rough on the assholes, they are going to catch on to us.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    8. Re:Why not patched? by Ol+Olsoc · · Score: 1

      Citation needed. I have seen many Windows updates that cause Windows to completely fail to start.

      That's the new Windows model - Security through inoperability.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    9. Re:Why not patched? by Ol+Olsoc · · Score: 3, Insightful

      You need a citation that security updates make a computer safer?

      You can prove that there is less virus activity because of Windows 10.

      All said, a lot of people turned off Windows 7 updates just because Microsoft loaded Windows 10 on their machines without permission. A lot of people got mysterious blank windows that would install Windows ten with a pretty tenuous definition of "permission".

      Microsoft's insidious practice of trying to ram W10 down peoples gullets, with an interface they didn't like and telemetry they didn't want, and update and security they didn't want, and when the best way to avoid the assault on your property was to turn off updates....

      Sorry, but a lot of us are of the opinion that Windows 10, rather than make the internet safe, when coupled with Microsoft's heavy handed intrusion on people - set up the situation of both disabling updates, and disabling migration to Windows 10.

      Which in turn, helped enable this problem.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    10. Re:Why not patched? by dbIII · · Score: 1

      Bullshit.
      I have some fairly important software on a previous version because very major features are broken by a new patch.
      Test then deploy, not just deploy like a trained monkey.

    11. Re:Why not patched? by viperidaenz · · Score: 1

      That's what WSUS is for. It gives you complete control of update installation. You can set up a testing group of machines to apply the updates to, test it, then deploy to the rest of the organisation.

    12. Re:Why not patched? by dbIII · · Score: 1

      Indeed - you don't just blindly patch everything and be assumed incompetent if you don't blindly patch everything like the insulting AC above suggested.

  15. Re:Likely cause by F.Ultra · · Score: 1

    And after paying the ransom they are now also broke.

  16. Re:Pirated versions by ewhac · · Score: 4, Insightful

    ...most of the infected computers were running pirated versions.

    [Citation required]

    --
    Editor, A1-AAA AmeriCaptions
  17. MS Broke Windows 7 Updates by chrisaj5 · · Score: 2

    This does not surprise me. I have two systems on which the update process was broken on Windows 7. With auto-updates set for automatic mode, updates would not install. If you manually force the system to check for updates, it gets stuck in an endless loop showing a moving progress indicator. This is the best link I found to deal with the issue: http://www.askvg.com/fix-windows-7-keeps-checking-for-updates-for-hours/

    If the process is broken and there's no notification, then all of these systems are vulnerable.

    1. Re:MS Broke Windows 7 Updates by sniper86 · · Score: 5, Informative

      Someone wrote an automated tool to install all KB's to fix Windows Update for Win 7:

      https://answers.microsoft.com/...

      Worked on all 3 machines I used it on, in various WU states (endless loop, failing to install).

       

  18. I had W7 updates turned off. by dwywit · · Score: 1

    For 2 reasons:

    1. MS pushing telemetry as updates.
    2. W7 updates stuck at "Downloading 0%" for hours and hours, then failing.

    So now I use wsusoffline every time a periodic "quality and security rollup" is released. It's not as convenient, but it works. I still have to check for telemetry.

    P.S. problem # 2 was actually solved by stopping wuauserv, deleting the contents of %windows%\SoftwareDistribution\datastore and %windows%\SoftwareDistribution\downloads, and starting wuauserv again.

    --
    They sentenced me to twenty years of boredom
  19. Re:Pirated versions by Anonymous Coward · · Score: 4, Interesting

    What doesn't get reported often enough is that pirated versions of Windows cannot be patched

    Actually, yes they can.

    and most of the infected computers were running pirated versions.

    Alright... you just completely made that up, didn't you?

  20. Re:0% of victims by The+Grim+Reefer · · Score: 2

    Team OS/2!

  21. Bullshit! by Gravis+Zero · · Score: 1

    I'll wait for the Linux port. ;)

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Bullshit! by ChunderDownunder · · Score: 1

      Someone demonstrated a proof of concept that infection was possible in Wine.

  22. Re:0% of victims by elistan · · Score: 1

    The company I work for is, like most companies, a Windows shop. However, in the case that there's a major issue with Windows the admins have MacBooks as their mobile device. That there will always be something that can access switches and other non-MS devices, and start the rebuilding process.

  23. Re:Likely cause by Rockoon · · Score: 1

    I was thinking the same thing.

    Wannacry gets 75% of a 4 core more machine, while Windows Update burns up the remaining 25% perpetually checking for updates...

    It is the rare exception to the rule that actually fixed Windows Update on Win 7 machine since the last time around because they broke it literally right before the windows 10 trickery. Most of the people that noticed just disabled the service. Those that fixed the service were then later met with "Roll Ups" instead of patches and thus most of those eventually disabled the service anyways.

    --
    "His name was James Damore."
  24. Class Action Suit in the wings by CraigCruden · · Score: 1

    I expect a class action suit to be filed alleging that a majority of those that were infected were put in that position by unethical behaviour of Microsoft forcing Windows 10 upgrades -- which forced those that wanted to stay on Windows 7 longer to turn off automatic patching of the operating system.

  25. Re:0% of victims by Zero__Kelvin · · Score: 1

    You have a 100% inability to do basic math :-)

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  26. Re:Pirated versions by Zero__Kelvin · · Score: 1

    They probably didn't report that second part of your statement because you pulled it out of your ass.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  27. Re:Not mine (how & why in ps)... apk by Shimbo · · Score: 1

    Not a clear cut instruction. Is it really SMB1 or SMB2 as the NAME of the entry?

    Yes.

  28. Tutorial to patch Win7 without adding telemetry? by KWTm · · Score: 2

    I'd like to draw on the collective wisdom of my fellow Slashdotters:

    If I am one of those people who turned off Win7 updates to avoid being forcibly upgraded to Win10, can anyone recommend a good website that will guide me through updating Win7 to patch the WannaCry flaw, without adding the telemetry or other unwanted pieces of the upgrade?

    I am more familiar with Linux but am forced to use Windows at work, but I insist on avoiding Windows n where n>7.

    --
    404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
    [GPG key in journal]