Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows XP Computers Were Mostly Immune To WannaCry (theverge.com)

Posted by BeauHD on from the contrary-to-popular-belief dept.

An anonymous reader quotes a report from The Verge: Windows XP isn't as vulnerable to the WannaCry ransomware as many assumed, according to a new report from Kryptos research. The company's researchers found that XP computers hit with the most common WannaCry attack tended to simply crash without successfully installing or spreading the ransomware. If true, the result would undercut much of the early reporting on Windows XP's role in spreading the globe-spanning ransomware. The core of WannaCry is a vulnerability in a Windows file-sharing system called SMB, which allowed WannaCry to spread quickly across vulnerable systems with no user interaction. But when Kryptos researchers targeted an XP computer with the malware in a lab setting, they found that the computers either failed to install or exhibited a "blue screen of death," requiring a hard reset. It's still possible to manually install WannaCry on XP machines, but the program's particular method of breaking through security simply isn't effective against the older operating system. The worst-case scenario, and likely scenario," the Kryptos report reads, "is that WannaCry caused many unexplained blue-screen-of-death crashes." While they cut against much of the early analysis of WannaCry, Kryptos' findings are consistent with early research from Kaspersky Lab, which found that Windows XP accounted for an "insignificant" percentage of the total infections. Kaspersky found the bulk of infections on machines running Windows 7 or Windows Server 2008.

58 comments

  1. Who knew... by __aaclcg7560 · · Score: 4, Funny

    That WinXP was reliable by crashing?

    1. Re:Who knew... by Scarred+Intellect · · Score: 4, Funny

      That WinXP was reliable by crashing?

      We've been joking for years, saying BSOD was a feature and not a bug.

      I guess the joke's on us.

    2. Re:Who knew... by Anonymous Coward · · Score: 0

      Not me. The last Windows system I had that would reliable crash was Win95. My Win7's reliably fail to update. My Win10's reliably phone home. But for reliable crashes, you have go back to Win95.

      WinXP was simply reliable.

    3. Re:Who knew... by Anonymous Coward · · Score: 0

      Who knew? Kryptos research and Kaspersky Labs, apparently.

      It's right there in the summary, you know.

    4. Re:Who knew... by Anonymous Coward · · Score: 0

      win98 was the crashing champion in my experience. win95 was a model of reliability by comparison!

      And win xp: if microsoft put out a minimal update for xp (fix the known security holes) but left everything else basically unchanged then I'd probably buy it. That OS was the last version of windows that felt - I don't know - stable? Predictable? Reliable? Knowable? Discoverable? Like a real OS and not a toy?

    5. Re: Who knew... by slazzy · · Score: 1

      98 sp2 was okay, but 98 regular would sure crash alot.

      --
      Website Just Down For Me? Find out
    6. Re:Who knew... by TWX · · Score: 1

      More like they found out.

      --
      Do not look into laser with remaining eye.
    7. Re: Who knew... by TheOuterLinux · · Score: 1

      Eh... It's more likely that they either don't support XP or don't want to support XP anymore so they blame older systems because it's believable. Without a system that is susceptible to viruses, they are out of a job.

    8. Re: Who knew... by sexconker · · Score: 2

      I think you mean Windows 98 SE.

    9. Re:Who knew... by sims+2 · · Score: 1

      I've got a windows 10 system i'm working on now that won't install 1607 (AKA the anniversary update) just hangs at 93% or so.

      I've tried windows update, factory reset, windows 10 upgrade tool, factory reset, and now i'm trying the install from a windows 10 disc it doesn't seem to be working either it's been stuck at 32% since this morning.

      --
      Minimum threshold fixed. Thanks!
    10. Re:Who knew... by Anonymous Coward · · Score: 0

      Windows XP was the last Windows where you are actually i control of your machine. If the 64 bit version would also reliably run all the 32 bit drivers/apps I'd go back to using it in a heartbeat.

      Since XP Windows has got steadily worse, Windows Explorer (not Internet Explorer) is shit from 7 onwards ("Libraries ? WTF ? Uterrly confusing for non technical people... Not able to select the path in the address bar by tabbing into it ? WTF ?) and 10 is now user hostile spyware. I won't even allow a Windows 10 machine to use my guest Wi Fi.

    11. Re:Who knew... by Anonymous Coward · · Score: 0

      generally this is a decent sign you either have a faulty piece of hardware or an incompatible driver (though most of those are detected before install).

    12. Re: Who knew... by slazzy · · Score: 1

      That was it. I remember getting a free copy of Windows NT with Visual Basic 5, and I waited a bit before switching as 98 SE was pretty solid.

      --
      Website Just Down For Me? Find out
    13. Re: Who knew... by tepples · · Score: 1

      Windows 98 Second Edition was Windows 98 with the service pack slipstreamed in and a couple other goodies.

      One thing Windows 98 and Windows Vista had in common was they were unstable at launch but got a lot better after the service pack. Microsoft even briefly attempted to brand Windows Vista SP1 as "Mojave".

    14. Re:Who knew... by Anonymous Coward · · Score: 0

      Yes yes, blame the hardware or the drivers for Microsoft pushing a broken OS.

      If you force update people with a patch that fails to install for ANY REASON. Its your fault.

    15. Re:Who knew... by swillden · · Score: 1

      That WinXP was reliable by crashing?

      I can see that's funny to most people not immersed in the world of computer security, but to those who are it's just business as usual. It's extremely common to write code that intentionally crashes in the face of attack. It's obviously better to build systems that are sufficiently resilient that they can shrug off an attack and continue functioning, but in many cases that's not feasible, and crashing is a completely legitimate and very often-used threat mitigation strategy.

      Intentionally crashing is mostly used in circumstances where the software can identify that something has gone horribly wrong, that it's gotten into a state that should be impossible because of some other defect, whether a security bug being exploited or an ordinary software bug. If you can't prove that it's possible to recover safely and correctly, then immediately crashing is the best possible response.

      I don't know if XP crashes intentionally or unintentionally in this case, but it wouldn't shock me if the crash was a deliberate response to identifying a state that should be impossible.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    16. Re:Who knew... by Anonymous Coward · · Score: 0

      My desktop winxp machine NEVER crashes, despite running tons of stuff and being on 24/7. Why? It has ECC memory, and I don't install 3rd party drivers for junk peripherals, and mainly because of the ECC memory.

      My winxp laptop crashes a lot, despite hardly running anything at all. Why? It does not have ECC memory, and (b) the drivers are junk written by Lenovo.

    17. Re:Who knew... by Anonymous Coward · · Score: 0

      I've had endless problems like this on my win10 laptop. Updates that stall mid download. Updates that hang at whatever % (sometimes consistent, sometimes not). Tried all the usual reinstalls, resets, updates, driver shuffling etc to no avail. Can't find anything online apart from the occasional fellow victim shouting into the void and receiving the standard boilerplate "have you tried (insert that thing you just described trying that didn't work) yet?" response. I'd give up and install linux but its meant to be a shared laptop and the wife is adamant she wants windows, so the pain continues.

    18. Re:Who knew... by sims+2 · · Score: 1

      OEM factory install of windows 10 if it was given incompatible drivers it was given them at the factory. The way the font is glitching out on the update status looks like a ram error.

      Today I removed the aircard, half the ram and disabled everything that could be disabled in the bios.
      It had made it to 21% by the time I left work today so it might work. I doubt it though.

      --
      Minimum threshold fixed. Thanks!
    19. Re:Who knew... by sims+2 · · Score: 1

      Update:
      Nope! Stuck at 91%. Running factory reset again.

      --
      Minimum threshold fixed. Thanks!
  2. Just like Battlestar Galactica... by DidgetMaster · · Score: 4, Insightful

    Old outdated technology is immune to the modern virus.

    1. Re:Just like Battlestar Galactica... by Anonymous Coward · · Score: 0

      Art was imitating life, you vogon.

    2. Re:Just like Battlestar Galactica... by interkin3tic · · Score: 1

      I dunno about immune. Just the bell curve of blackhat effort has passed it by. It's security through obscurity, not real security.

  3. Cool, but still not worth it by Anonymous Coward · · Score: 0

    This is good to know and all, but I'm still not going to let my old xp laptop back online anytime soon. I really like that laptop and would like to keep it operating as is, and it hasn't been allowed to access a network since the early 2000s.

    1. Re:Cool, but still not worth it by CaptainDork · · Score: 4, Informative

      Use a registry hack to tell your XP that it's an embedded computer, much like an ATM or POS:

      Windows XP registry hack keeps security updates rolling for the dead operating system

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:Cool, but still not worth it by TWX · · Score: 1, Funny

      Use a registry hack to tell your XP that it's an embedded computer, much like an ATM or POS:

      But Windows XP was already known to be a POS.

      --
      Do not look into laser with remaining eye.
    3. Re:Cool, but still not worth it by CaptainDork · · Score: 1

      I walked into that one. lol

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:Cool, but still not worth it by Anonymous Coward · · Score: 0

      This is good to know and all, but I'm still not going to let my old xp laptop back online anytime soon. I really like that laptop and would like to keep it operating as is, and it hasn't been allowed to access a network since the early 2000s.

      Looks around room...there's two XP boxes sitting right here, both allowed online, both running local firewalls and AV, both behind a rather 'fascistic' boundary firewall with all sorts of fun IDS stuff going on.

      All software bound for them (and all the other windows boxes) gets downloaded first to either the Linux server, or to the primary Linux desktop, it then gets scanned for viruses there with one package, gets scanned on a read-only share by one of the Win7 boxes using another package, any ambiguities, then virustotal gets checked. On top of that, there's also a transparent http proxy on the network which scans content for malware as well.

      Number of problems with these XP boxes: 0

    5. Re:Cool, but still not worth it by Anonymous Coward · · Score: 0

      Good show !

      I do pretty much the same thing. 2 XP boxes running like champs to power my audio/MIDI hardware... which don't have drivers post XP but earn my living running a successful recording studio.

      If you know it's deficiencies XP is a great operating system, there is some excellent .software that runs on it and it doesn't phone home every 30 seconds.

      Put it behind some good defences and it's still the best MS O/S.

    6. Re:Cool, but still not worth it by tepples · · Score: 1

      On top of that, there's also a transparent http proxy on the network which scans content for malware as well.

      Now that many sites have switched to HTTPS in order to avoid Firesheep-style cookie replay attacks, how does your proxy intercept HTTPS connections? Did you have to deploy an internal CA's root certificate to the XP boxes? I ask because I have a friend on another message board who is stuck behind harshly capped satellite Internet and has been looking for a decent home-scale HTTPS caching proxy.

  4. My boss was laughing when I put XP on the Internet by Anonymous Coward · · Score: 0

    who's laughing now?

  5. "Were"? by Anonymous Coward · · Score: 0

    I bet they still are...

  6. Win 3.1 by dohzer · · Score: 1

    My Windows 3.1 PC was mostly immune too. Mostly.

  7. World War Z by Anonymous Coward · · Score: 3, Funny

    Immune like that kid who was already dying so all the zombies ran around him.

  8. XP mostly immune? Linux is completely immune. by erapert · · Score: 0

    Apparently you can manually aim at your own foot and mostly miss if you use WINE to install the wannacry .exe... But really, Linux is unaffected.

    The distro I'm using is also much more modern than a fifteen year old abandoned OS from M$.

    1. Re: XP mostly immune? Linux is completely immune. by TheOuterLinux · · Score: 1

      I'm running a distro I made from OpenSUSE 13.2 on a 32-bit 9 year old MacBook. I even have a kernel 4.11 installed and working just fine and if WINE doesn't run it, then your better off buying a gaming console and save yourself some headache and privacy concerns.

  9. Of course the media got it wrong by Anonymous Coward · · Score: 0

    They manage to get just about everything wrong within the first 24-48 hours of a story breaking. There is zero fact checking anymore until long after the story has blown over. The entertainment press just wants to get your eyeballs on the story on their website and news channels. But what people remember is the first story, the first impression they receive, even years later.

    Everyone remember Columbine? Whatever you think you know about that story is probably wrong. There's some well written accounts of that one years later that completely debunked nearly everything the media wrote about that crime. The press got it wrong from the outset and doubled down every day. Only later when sober minded people looked at what happened did the real story finally come out.

  10. It's a lack of installing updates. by viperidaenz · · Score: 4, Informative

    The majority of the spread was caused by Windows 7 machines, several months after security updates were released.

    In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

    https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

    Release March 14: Microsoft Security Bulletin MS17-010 - Critical

    1. Re: It's a lack of installing updates. by Anonymous Coward · · Score: 0

      Windows Update on Windows 7 hasn't worked for over a year so IDK how I'm supposed to get an update from March.

    2. Re:It's a lack of installing updates. by Anonymous Coward · · Score: 1, Informative

      Found the Microsoft shill.

    3. Re: It's a lack of installing updates. by Anonymous Coward · · Score: 1

      download the manual installer for july 2016 rollup update KB3172605, disconnect internet, turn off windows update. Run the installer, reboot, re-enable.

    4. Re:It's a lack of installing updates. by Anonymous Coward · · Score: 0

      This means the next time someone's telling us not to upgrade past Win7, it's not because they're an expert. It's because they have an axe to grind and we should ignore them in order to make rational decisions based on real, actual impact analysis

      No, actually.
      Read this carefully.
      Our fucking current CAM software@work won't work on Windows 10. period. No manufacturer support.
      The majority of my fucking DAW software@home wont work reliably on anything > Windows XP..and I've not the monies to upgrade both the software and then the hardware to run Win10 to run the bloody software on.

      .

      "MS gets yer datas!" low impact

      Maybe you think it's 'low impact', a lot of us disagree.

      "You'll suffer old vulnerabilities that have been long since fixed leading to viruses, lost data, identity theft, hijacked computers and more!" high impact.

      Always stay current.

      Hah,
      Want to hear the story about the 0-day worm which went through our 'fully-patched' network@work like a dose of the salts causing fucktons of fun for one and all?
      Want to hear the fact that it was the 'heuristic' scanner on one of the Linux Samba servers (running an old copy of Slackware) which picked up the fact that something was trying to modify a large number of files on a public rw share?

      No matter how current, or shiny, a POS is still a POS...

    5. Re: It's a lack of installing updates. by Anonymous Coward · · Score: 0

      Strictly speaking, Windows Update on a fresh install of Windows 7 won't work without the manual rollup update. If you've been dutifully installing updates as they arrive, your system will have already got the per-requisites for Windows Update to keep working as normal.

      Still a pretty shitty situation but it does again show the importance of regular updates.

    6. Re:It's a lack of installing updates. by BadDreamer · · Score: 2

      And the main reason people turn off updates on Windows 7 is - Microsoft's underhanded Windows 10 upgrade tactics.

      When they treat an automatic unattended unwanted upgrade as a critical update, they're teaching users to not accept critical updates.

      If they had handled the Windows 10 updates in a mature manner, the impact of WannaCry would have been much, much lesser.

    7. Re:It's a lack of installing updates. by tepples · · Score: 1

      and I've not the monies to upgrade both the software and then the hardware to run Win10 to run the bloody software on.

      How did you acquire the software and hardware in the first place?

    8. Re:It's a lack of installing updates. by Anonymous Coward · · Score: 0

      Won the lottery, dug it out of a dumpster and shopped at goodwill. What does that have to do with the price of tea in china champ.

    9. Re:It's a lack of installing updates. by tepples · · Score: 1

      How did you acquire the software and hardware in the first place?

      shopped at goodwill. What does that have to do with

      The implication is that someone would use the same means to acquire the replacement hardware that he used to acquire the old hardware, or that he would have used to acquire replacements for broken hardware. For example, has your local Goodwill store since stopped selling computers?

    10. Re:It's a lack of installing updates. by Anonymous Coward · · Score: 0

      I set a registry key sometime after I got a flag-like icon into the system tray, telling me to try Windows 10.

      Icon disappeared, never bothered me again. Though to be certain, I went ahead and uninstalled and blacklisted some relevant KBs too.

      (I think the damn thing managed to download several GBs of Win10 onto my C: drive before that though...)

      This was on Windows 8.1.

    11. Re:It's a lack of installing updates. by toddestan · · Score: 1

      It's either that, or the massive amount of CPU and memory Windows Update consumes on Windows 7, something that's been an issue for something like 2 years now that Microsoft doesn't seem to care enough to actually fix.

  11. Re: who can forget the shift to quadraphonic? by Anonymous Coward · · Score: 0

    Who the fuck complains about Q Sound?

  12. Analogies by Anonymous Coward · · Score: 0

    It's like how a dumpster fire is immune to AIDS.

  13. Were the immune systems IA-32? by Anonymous Coward · · Score: 0

    I wonder, were the XP machines that just crashed IA-32? Perhaps the exploit payload was 64 bit only?

  14. So, Wired was lying by Antiocheian · · Score: 2

    So what does that mean for Brian Barrett and the Wired ? Impunity in the mainstream is the main cause for Fake News. Wired should have apologized for publishing nonsense.

  15. Spoiler alert ! by Anonymous Coward · · Score: 0

    Linux was too.

  16. Nice by nospam007 · · Score: 2

    My Windows 3.1 machine is safe as well, because it can't connect to the internet.

    1. Re:Nice by Anonymous Coward · · Score: 0

      It could with third-party software. Plus Microsoft released a tcp/ip networking package for Windows for Workgroups 3.11