Windows XP Computers Were Mostly Immune To WannaCry (theverge.com)

← Back to Stories (view on slashdot.org)

Windows XP Computers Were Mostly Immune To WannaCry (theverge.com)

Posted by BeauHD on Tuesday May 30, 2017 @10:40AM from the contrary-to-popular-belief dept.

An anonymous reader quotes a report from The Verge: Windows XP isn't as vulnerable to the WannaCry ransomware as many assumed, according to a new report from Kryptos research. The company's researchers found that XP computers hit with the most common WannaCry attack tended to simply crash without successfully installing or spreading the ransomware. If true, the result would undercut much of the early reporting on Windows XP's role in spreading the globe-spanning ransomware. The core of WannaCry is a vulnerability in a Windows file-sharing system called SMB, which allowed WannaCry to spread quickly across vulnerable systems with no user interaction. But when Kryptos researchers targeted an XP computer with the malware in a lab setting, they found that the computers either failed to install or exhibited a "blue screen of death," requiring a hard reset. It's still possible to manually install WannaCry on XP machines, but the program's particular method of breaking through security simply isn't effective against the older operating system. The worst-case scenario, and likely scenario," the Kryptos report reads, "is that WannaCry caused many unexplained blue-screen-of-death crashes." While they cut against much of the early analysis of WannaCry, Kryptos' findings are consistent with early research from Kaspersky Lab, which found that Windows XP accounted for an "insignificant" percentage of the total infections. Kaspersky found the bulk of infections on machines running Windows 7 or Windows Server 2008.

30 of 58 comments (clear)

Min score:

Reason:

Sort:

Who knew... by __aaclcg7560 · 2017-05-30 10:43 · Score: 4, Funny

That WinXP was reliable by crashing?
1. Re:Who knew... by Scarred+Intellect · 2017-05-30 10:52 · Score: 4, Funny
  
  That WinXP was reliable by crashing?
  We've been joking for years, saying BSOD was a feature and not a bug.
  I guess the joke's on us.
2. Re: Who knew... by slazzy · 2017-05-30 11:12 · Score: 1
  
  98 sp2 was okay, but 98 regular would sure crash alot.
  
  --
  Website Just Down For Me? Find out
3. Re:Who knew... by TWX · 2017-05-30 11:18 · Score: 1
  
  More like they found out.
  
  --
  Do not look into laser with remaining eye.
4. Re: Who knew... by TheOuterLinux · 2017-05-30 11:46 · Score: 1
  
  Eh... It's more likely that they either don't support XP or don't want to support XP anymore so they blame older systems because it's believable. Without a system that is susceptible to viruses, they are out of a job.
5. Re: Who knew... by sexconker · 2017-05-30 11:46 · Score: 2
  
  I think you mean Windows 98 SE.
6. Re:Who knew... by sims+2 · 2017-05-30 13:08 · Score: 1
  
  I've got a windows 10 system i'm working on now that won't install 1607 (AKA the anniversary update) just hangs at 93% or so.
  I've tried windows update, factory reset, windows 10 upgrade tool, factory reset, and now i'm trying the install from a windows 10 disc it doesn't seem to be working either it's been stuck at 32% since this morning.
  
  --
  Minimum threshold fixed. Thanks!
7. Re: Who knew... by slazzy · 2017-05-31 03:33 · Score: 1
  
  That was it. I remember getting a free copy of Windows NT with Visual Basic 5, and I waited a bit before switching as 98 SE was pretty solid.
  
  --
  Website Just Down For Me? Find out
8. Re: Who knew... by tepples · 2017-05-31 04:10 · Score: 1
  
  Windows 98 Second Edition was Windows 98 with the service pack slipstreamed in and a couple other goodies.
  One thing Windows 98 and Windows Vista had in common was they were unstable at launch but got a lot better after the service pack. Microsoft even briefly attempted to brand Windows Vista SP1 as "Mojave".
9. Re:Who knew... by swillden · 2017-05-31 05:39 · Score: 1
  
  That WinXP was reliable by crashing?
  I can see that's funny to most people not immersed in the world of computer security, but to those who are it's just business as usual. It's extremely common to write code that intentionally crashes in the face of attack. It's obviously better to build systems that are sufficiently resilient that they can shrug off an attack and continue functioning, but in many cases that's not feasible, and crashing is a completely legitimate and very often-used threat mitigation strategy.
  Intentionally crashing is mostly used in circumstances where the software can identify that something has gone horribly wrong, that it's gotten into a state that should be impossible because of some other defect, whether a security bug being exploited or an ordinary software bug. If you can't prove that it's possible to recover safely and correctly, then immediately crashing is the best possible response.
  I don't know if XP crashes intentionally or unintentionally in this case, but it wouldn't shock me if the crash was a deliberate response to identifying a state that should be impossible.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
10. Re:Who knew... by sims+2 · 2017-05-31 14:21 · Score: 1
  
  OEM factory install of windows 10 if it was given incompatible drivers it was given them at the factory. The way the font is glitching out on the update status looks like a ram error.
  Today I removed the aircard, half the ram and disabled everything that could be disabled in the bios.
  It had made it to 21% by the time I left work today so it might work. I doubt it though.
  
  --
  Minimum threshold fixed. Thanks!
11. Re:Who knew... by sims+2 · 2017-06-01 15:58 · Score: 1
  
  Update:
  Nope! Stuck at 91%. Running factory reset again.
  
  --
  Minimum threshold fixed. Thanks!
Just like Battlestar Galactica... by DidgetMaster · 2017-05-30 11:01 · Score: 4, Insightful

Old outdated technology is immune to the modern virus.
1. Re:Just like Battlestar Galactica... by interkin3tic · 2017-05-30 16:28 · Score: 1
  
  I dunno about immune. Just the bell curve of blackhat effort has passed it by. It's security through obscurity, not real security.
Re:Cool, but still not worth it by CaptainDork · 2017-05-30 11:12 · Score: 4, Informative

Use a registry hack to tell your XP that it's an embedded computer, much like an ATM or POS:

Windows XP registry hack keeps security updates rolling for the dead operating system

--
It little behooves the best of us to comment on the rest of us.
Re:Cool, but still not worth it by TWX · 2017-05-30 11:20 · Score: 1, Funny

Use a registry hack to tell your XP that it's an embedded computer, much like an ATM or POS:
But Windows XP was already known to be a POS.

--
Do not look into laser with remaining eye.
Win 3.1 by dohzer · 2017-05-30 11:29 · Score: 1

My Windows 3.1 PC was mostly immune too. Mostly.
World War Z by Anonymous Coward · 2017-05-30 11:36 · Score: 3, Funny

Immune like that kid who was already dying so all the zombies ran around him.
Re: XP mostly immune? Linux is completely immune. by TheOuterLinux · 2017-05-30 11:50 · Score: 1

I'm running a distro I made from OpenSUSE 13.2 on a 32-bit 9 year old MacBook. I even have a kernel 4.11 installed and working just fine and if WINE doesn't run it, then your better off buying a gaming console and save yourself some headache and privacy concerns.
It's a lack of installing updates. by viperidaenz · 2017-05-30 12:13 · Score: 4, Informative

The majority of the spread was caused by Windows 7 machines, several months after security updates were released.

In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Release March 14: Microsoft Security Bulletin MS17-010 - Critical
1. Re:It's a lack of installing updates. by Anonymous Coward · 2017-05-30 13:22 · Score: 1, Informative
  
  Found the Microsoft shill.
2. Re: It's a lack of installing updates. by Anonymous Coward · 2017-05-30 14:14 · Score: 1
  
  download the manual installer for july 2016 rollup update KB3172605, disconnect internet, turn off windows update. Run the installer, reboot, re-enable.
3. Re:It's a lack of installing updates. by BadDreamer · 2017-05-30 22:39 · Score: 2
  
  And the main reason people turn off updates on Windows 7 is - Microsoft's underhanded Windows 10 upgrade tactics.
  When they treat an automatic unattended unwanted upgrade as a critical update, they're teaching users to not accept critical updates.
  If they had handled the Windows 10 updates in a mature manner, the impact of WannaCry would have been much, much lesser.
4. Re:It's a lack of installing updates. by tepples · 2017-05-31 04:21 · Score: 1
  
  and I've not the monies to upgrade both the software and then the hardware to run Win10 to run the bloody software on.
  How did you acquire the software and hardware in the first place?
5. Re:It's a lack of installing updates. by tepples · 2017-05-31 05:21 · Score: 1
  
  How did you acquire the software and hardware in the first place?
  shopped at goodwill. What does that have to do with
  The implication is that someone would use the same means to acquire the replacement hardware that he used to acquire the old hardware, or that he would have used to acquire replacements for broken hardware. For example, has your local Goodwill store since stopped selling computers?
6. Re:It's a lack of installing updates. by toddestan · 2017-06-02 17:49 · Score: 1
  
  It's either that, or the massive amount of CPU and memory Windows Update consumes on Windows 7, something that's been an issue for something like 2 years now that Microsoft doesn't seem to care enough to actually fix.
Re:Cool, but still not worth it by CaptainDork · 2017-05-30 14:53 · Score: 1

I walked into that one. lol

--
It little behooves the best of us to comment on the rest of us.
So, Wired was lying by Antiocheian · 2017-05-30 17:53 · Score: 2

So what does that mean for Brian Barrett and the Wired ? Impunity in the mainstream is the main cause for Fake News. Wired should have apologized for publishing nonsense.
Nice by nospam007 · 2017-05-30 18:48 · Score: 2

My Windows 3.1 machine is safe as well, because it can't connect to the internet.
Re:Cool, but still not worth it by tepples · 2017-05-31 04:16 · Score: 1

On top of that, there's also a transparent http proxy on the network which scans content for malware as well.
Now that many sites have switched to HTTPS in order to avoid Firesheep-style cookie replay attacks, how does your proxy intercept HTTPS connections? Did you have to deploy an internal CA's root certificate to the XP boxes? I ask because I have a friend on another message board who is stuck behind harshly capped satellite Internet and has been looking for a decent home-scale HTTPS caching proxy.