No Known Ransomware Works Against Windows 10 S, Says Microsoft

An anonymous reader shares a report: According to Microsoft, "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack." That's great news for anyone running the latest version of the OS, and the software giant says it is working to ensure Windows 10 remains safe from other future attacks. However, if you want to guarantee your safety from ransomware, then Microsoft points out there's an even more secure option to consider -- Windows 10 S. The new, hardened Windows 10 variant only runs apps from the Windows Store, which means it can't run programs from outside Microsoft's ecosystem, and that includes malware. Which is why, as Microsoft says, "No known ransomware works against Windows 10 S."

Oh yeah

[ArchieBunker]

Jailbroken and rooted phones say otherwise.

Re:Oh yeah

[BozoForPresident]

They prolly said the same thing about unreleased XP.

Neither do the applications

None of the applications I regularly use are supported on Win10 S, so I guess it's as useless for me as it is for the ransomware developers.....

Re:Neither do the applications

The most secure system is one that nobody can access

Re:Neither do the applications

[Darinbob]

I have the most secure operating system ever. It does nothing but play minesweeper. Internet connections automatically fail to protect the system integrity. The OS and the single minesweeper application are stored in ROM and cannot be modified either with or without a password.

This is more secure than Windows 10 S and slightly more useless.

Re:Neither do the applications

[LostMyBeaver]

I'm with you on that... of course, I see this as a huge advantage. :)

Here's my evil plan!

1) Install Windows 10 S on the system
2) Install Hyper-V on Windows 10 S (hopefully this is allowed)
3) Configure RemoteFX graphics so I can run the Guest VM with good performance
4) Setup a SMB share with an ACL only accessible by the Guest VM on the host
5) Install Windows 10 Professional as the guest
6) Run Windows Update.
7) Install Office, Visual Studio, Docker, Linux Subsystem, some other crap as well.
8) Snapshop the VM
9) Configure Windows Backup and Restore to do "Time Machine" like backups of all my data to the host machine.

Using a similar approach on corporate laptops will be awesome too. :)

I already do 90% of my work over remote desktop anyway. My local PC is pretty much for nothing but entertainment. This way, the local machine is well protected and the "remote machine" is actually a local VM.

Re:Neither do the applications

[tigersha]

Back in the day when MacOS 9 was still non-multitasking the US Army ran their webserver on it with the assumption that if you can't log in to the machine remotely (the server did not support SSH, telnet or anything else) you can't hack it. Apparently it worked for them.

Re:Neither do the applications

[butzwonker]

Are you serious or joking? I honestly can't tell.

Re:Neither do the applications

[gtall]

And the most useless.

Re:Neither do the applications

[jvanber]

So you have absolutely no idea as to what your highest score was?

Re:Neither do the applications

[Flea+of+Pain]

I just assumed Microsoft deleted their database on known ransomware so they could claim that no KNOWN ransomware works.

Re:Neither do the applications

[BronsCon]

He's got a small amount of NVRAM for that.

Re:Neither do the applications

[tepples]

I have the most secure operating system ever. It does nothing but play minesweeper.

Let me guess: You run Luminesweeper.

Re:Neither do the applications

[Darinbob]

Actually no. But reading that page it does sound much more secure than Windows 10 S while still providing a safe walled garden.

Re:Neither do the applications

[Darinbob]

I write my high scores down on a pad of paper. To prevent others from reading it I regularly burn those papers and watch the smoke rise. I call this "synching with the cloud".

Re: Neither do the applications

[BronsCon]

This right here is the shit that keeps me coming back.

None?

[Carnildo]

I believe the correct response to this is "Challenge Accepted".

Re:None?

[Moheeheeko]

Seems to work for Apple just fine.

Re: None?

[UltraZelda64]

That would be easy enough. If it is ransomware the person writes, just get yourself infected by it and willfully pay the ransom.

Re:None?

[omnichad]

They didn't actually say "known to them," so if it's known by anyone I think it counts.

Re:None?

[Aighearach]

No known ransomware runs on my pet rock, either.

Re:None?

[dcollins117]

It's not much of a challenge. That's like betting someone you can buy a bag of chips from a vending machine.

Re: None?

[RotateLeftByte]

When MS makes Windows 10S the Only OS that OEM's can install on their kit (don't forget the pay $$ to upgrade to 10-Pro option) then just about everyone who buys a PC from the likes of Best-Buy, PC-World etc.

MS is aiming for a model where everyone pays for the upgrade and then pays daily/weekly/annually for updates and patches. Software rental is alive and kicking.

Re: None?

[BronsCon]

MS is aiming for a model where everyone pays for the upgrade and then pays daily/weekly/annually for updates and patches. Software rental is alive and kicking.

Well, that will certainly shut the "Macs cost more" crowd right the hell up, won't it?

Re: None?

[tepples]

When MS makes Windows 10S the Only OS that OEM's can install on their kit

"When"? Can you provide a source for announced or leaked plans to discontinue Home in favor of S?

Re: None?

[dl_sledding]

Introducing: Captain Obvious! ;)

Re: None?

[sound+vision]

Not unless the hardware manufacturers double their prices too.

Re: None?

[BronsCon]

Howso? You don't pay an ongoing fee to use your Mac once you buy it; if Microsoft starts charging a subscription fee for Windows, a PC will eventually (and quickly) become more expensive than a Mac. Hell, within a handful of years, while a top-end Mac might still be useful, a $300 bottom-of-the-barrel PC might end up costing more.

And that's precisely why I'm fairly certain Windows will never become a subscription "service".

Re: None?

[RotateLeftByte]

No link but isn't it the obvious move? Doing this will make more money for MS and that is what it is all about isn't it.

Re: None?

[sound+vision]

"How so" is that the cost of the initial purchase is an order of magnitude higher than what you'd pay for OS upgrades on either platform. While it's hard to predict an annual subscription fee that MS hasn't implemented yet, they'd be crazy to set it anywhere close to what they sell boxed OSes for. Something in the range of $20/year would be my wild guess. At that rate, it would take decades for you to break even on avoiding the Apple tax.

Re: None?

[BronsCon]

You really think Microsoft only wants $20/yr from Windows users? You're a funny guy, buddy.

Also....

[Groo+Wanderer]

Also, no known useful software works on Windows 10 S either. Quite the tradeoff.

Before you scoff at this as random trolling, think about what the odds are that Adobe, Autocad, and any real software packages are going to take a 30% haircut required by the MS store to run on this turkey. Sure MS programs will be there but Steam worn't be, nor will much else useful other than a sub-section of Windows Phone apps.

But no malware as of today will run. They said the same thing about Windows 8.x upon release. And Windows 7, and.....

Re:Also....

Photoshop Elements 15 is already available on there

Re:Also....

[rtb61]

Windows 10S is ransomware, why would it let other ransomware run. It's like kidnappers, allowing other people who claim to be the kidnappers, getting the ranson and make no mistake, M$ is kidnapping your digital life with windows 10$ and holding it to ransom, pay or lose it.

M$ knows most consumers dislike them, just buy their gear because of existing lock in and now seeing that it is their only source of customers, they are attempting to force more people into the XBox domain. Seriously gullible idiots, who are paying to hand over control of their computer and their digital life to one corruptly monopolistic corporation, how popular is M$, just look at the lose phone (calling a winphone would be a lie).

Yet the moronic fuckwits, rather than reforming and trying to become a better supplier and regain popularity, is simply trying to force more lock in, to extort it's customer base, either sign and pay for life or be cut off. It looks like people are preferring to be cut off.

Re:Also....

Windows 10 S sounds about as useless as the Windows surface RT that I was given, for free, as payment for work done. I sold it for $100. Had a lovely screen, great battery life, and just SO much potential. But, at the end of the day, the ONLY useful program on it was OneNote. And I already have that on my phone and other devices.

Useless. Useless. Useless. So much potential. Couldn't even run OpenVPN. Come on, Microsoft. You're trying to turn the world into a walled garden like iPhone and Android. The thing is, THEY actually have useful programs to run.

Re: Also....

I only have 30% of my hair left.
I can not afford that.
On the plus side, I wouldn't have any overhead.

Re:Also....

"M$ knows most consumers dislike them"
Consumers don't give MS a second thought. They don't care about the OS they are running. They actually use their computer to run applications. They don't sit around nitpicking every perceived flaw in the underlying OS. MS discontinued their phone development because they are making more money from the patent licensing fees they receive on every Android device sold. And now they are doing something that is going to piss off the crusading MS haters. They are in the process of merging open source toolsets and API's to integrate and administer both Windows and Linux platforms. In essence MS is adding multi platform services to their OS that do not require a VM.

Re:Also....

[thegarbz]

Irrelevant when your entire customer base suffers from Stockholm syndrome.

Re:Also....

[gl4ss]

Before you scoff at this as random trolling, think about what the odds are that Adobe, Autocad, and any real software packages are going to take a 30% haircut required by the MS store to run on this turkey. Sure MS programs will be there but Steam worn't be, nor will much else useful other than a sub-section of Windows Phone apps.

adobe and others already moved to subscription as a pre-emptive move during windows 8 launch. they saw it coming and did that.

and that did put a little damper on MS. it wasn't a secret that all the pushing of the unfinished win8 store and metro apps was fueled by the hope that they could get 30 percent of all desktop sw.

Re: Also....

[sound+vision]

What is stopping Microsoft from giving a special deal to Adobe et al.? They could let the big guys in free... Wouldn't even need to be all of them, just enough to jump start their app market. The little guys would often, I think, be willing to pay for the exposure, for access to that market. Why I think this hasn't happened is because stuff like Premier and AutoCAD isn't what the average computer runs. Those generally run on "workstations" in an office somewhere, where they are already paying MS directly for enterprise stuff. These guys arent going to go to an app store to get their CAD software. What MS wants to do is to bifurcate the PC ecosystem into business and consumer spheres. They already have businesses well-monetized, what they don't have is an app store where the masses can pay them for their digital baubles.

Re:Also....

[david_thornley]

Consumers will care when they can't run the same programs their friends are running.

To quote...

[l0n3s0m3phr34k]

"Challenge accepted!" -PLA Unit 61398, Fancy Bear, Bureau 121

Yeah but nobody wants to USE Windows 10 S!

[Chas]

Because the amount of software that works on Windows 10 S bites syphilitic camel wang.

Whatever

[swdave]

S for S*** Commodore 64 was not affected either.

Re:Whatever

[mccalli]

Not so - patch your kernals now!

well..

[fluffernutter]

No known ransomware works on a TURD, either.

Re:well..

[Darinbob]

Please submit 1 Bitcoin in order to get your shit back.

Re: well..

[UltraZelda64]

I only have five Shitcoins. What's the current exchange rate?

Yes there is

It's called Windows Update

Ba dum tish

[Neo-Rio-101]

No ransomware works on Windows 10S ...because nobody uses it.

Re:Ba dum tish

[thegarbz]

That was my first thought too. Linux has a fantastic protection scheme offered by the fact that it's different and that it is a small and not very valuable attack surface for desktop users.

Windows 10S currently is the same. Will it still be the same this time next year? Well I hope so because the idea of locked down OSes should fail and die, but if it does become popular let's see how long it stays malware free.

Key Word

[amiga3D]

Known is the key word here. It's not the problems you know about, it's the ones you don't that get you.

Re:Malware doesn't go through official channels

[Calydor]

Maybe we'll get lucky and the malware writers find a bunch of "Install Anything" exploits on Windows S.

So, let me get this straight...

[Anubis+IV]

If the S version is supposedly better, why offer a $50 "upgrade" to the less secure non-S version? You can't have it both ways. Either you own your walled garden or you accept your open platform. You can't offer an upgrade to a version you're claiming is superior.

Moreover, they're basically arguing that their software is more secure because it's hobbled by design. A rock is similarly secure against WannaCry, but that doesn't mean it's actually useful for everyday computing tasks.

Re:So, let me get this straight...

[aliquis]

A rock is similarly secure against WannaCry

Just as any liberal is secure against any counter-arguments, because <BLOCKED>

Re:So, let me get this straight...

[thegarbz]

You can't offer an upgrade to a version you're claiming is superior

Aside from the typo in that sentence, of course you can. "Superior" is not an absolute for an entire package. It depends highly on a use case. The most secure OS in the world can be free and I still won't consider it superior most likely because I won't be able to do anything with it.

Yeah right...

[JoeDuncan]

... this is like Alberta claiming they "don't have any rats" LOL

the other shoe drops

[beckett]

Windows 10S is the ransomware.

No Known Software Works In Windows 10 S

[Heir+Of+The+Mess]

That's easy when No Known Software Works In Windows 10 S. Time will tell. However if no malware breaks into Windows 10 S in the future, will this end up being the most secure OS to run on the desktop?

No known malware cleaner works either

[drinkypoo]

I tried to convert back to Windows 7, but none of the tools would do that for me.

Just kidding. I never changed to Windows 10 in the first place

No ransomware for...

[The+Grim+Reefer]

I've yet to encounter any ransomware on my stone tablets either. And the charge lasts a damn long time. I'm not sure when they were plugged in last, it was before I was born and I haven't had to charge them yet. They are kind of old, so a little dim to use in in the dark, but I never have issues with them being washed out in the sun, and there's never any glare on the screen. Plus they are fairly durable. I dropped large plate of spaghetti with tomato sauce on one, so I powered it down and put it in the dishwasher on light wash and it was as good as new the next day.

Re:No ransomware for...

[dl_sledding]

Clever...

10S, a push to education, doomed to fail??

[labnet]

Windows 10 S is clearly a push into the education market: but google has has had Chrome For Education for several years now: and the big advantage of Chrome Management Console (CMC) is it being active directory in the cloud done right. CMC makes it super easy to lock down, manage and update education targeted computers (it's also great for digital signage)
I haven't used Azure AD, so it would be interesting if any /.ers have a comparison of the two systems.

Apple had an awesome opportunity here after they created a whole new locked to a store OS niche, but never capitalised on it by giving schools the tools to manage the platform.

Now the only reason PC's are still selling, are office and legacy programs. Think custom business programs written in .NET and specialised CAD/CAM software. MS have lost the first mover advantage to chrome, and I doubt this move will get it back.

Re:10S, a push to education, doomed to fail??

[roc97007]

I regularly use exactly two programs for which I still need Windows. (I don't consider Apple a contender because of hardware lock-in and boutique pricing.) Neither of them are Office -- there are already reasonable alternatives for that. The moment Lightroom and Photoshop are available on Chrome or Mint, Microsoft has seen the last of me. (There are things called "lightroom" and "photoshop" on Android, but they're still mostly toys.) Apple saw the last of me some years ago, when I finally retired the G4.

Re:10S, a push to education, doomed to fail??

[roc97007]

I'm aware of that, thanks. I have a laptop running Mint on a silicon drive, and it's really fast and reliable. I wanted to get Lightroom working under Wine so I could have something handy in the field for post-processing. But there's something wrong with the way it does transparencies under Wine, making it generally unusable. This was version 5. I've read elsewhere that there are additional issues with Lightroom CC under Wine that Adobe has flatly refused to fix. So for now, I'm stuck with Windows.

"no known ransomware"...

[roc97007]

"No known ransomware works against Windows 10 S."

Until the moment ransomware gets snuck into the Windows Store. Which, if it hasn't happened already, will probably be next Thursday.

Re:S is for...

[DontBeAMoran]

Surely you mean the Windows (S)hit Store?

Promise made and it will be kept.

[140Mandak262Jamuna]

Microsoft has invested in technology to avoid knowing any thing about malware, ransomware etc. So it will not know any ransomware ever. So, for ever, it can honestly say, "No ransomware known to me will work in Windows 10"

All it would take is a weakening of anti-trust law

[rsilvergun]

to change everybody's mind.

hey microsoft, dont worry

[FudRucker]

i am sure some clever hacker will make you eat those words, and win_10 will be dinner for the black_hats until you make a fix, but like with all your 20+ years of history with windows software it is always playing catch-up with the latest vulnerability

Re:There is no barrier for Steam

[0123456]

Of course, all it takes is a change to the terms and conditions, and suddenly they're not allowed any more.

This is Microsoft, FFS. You'd be safer sticking your head in a grizzly bear's mouth than trusting Microsoft not to kick you out of their ecosystem once they've hooked everyone into it.

Re:in other news

[Actually,+I+do+RTFA]

Macs can dual boot. I'm sure there is at least one mac user who had WannaCry hit their Windows version, and it encrypted the data files on their OSX partition.

Re:Two ways this is believable

[gl4ss]

W10 S.

not windows 10.. the whole point is that it can only run sw from the appstore.

unless you jailbreak it or whatever. or just write malware for the browser.

And?

[Frosty+Piss]

Jailbroken and rooted phones say otherwise.

But jail-breaking and rooting, that's not "ransomwear".

In any case there are significant differences between the phone OS and the desktop OS, just because they both share the same basic name doesn't mean one hack works on the other

Translation:

[Zanadou]

"No known ransomware works against Windows 10 S."

Read: "No one can compete with us on our home turf."

Re:ummmmm

[ArmoredDragon]

Microsoft also stupidly assumes that no zero-day exploit could ever rootkit the OS, whereupon it can execute any program it wants. Why do I say stupidly? Because in the last year alone, four exploits have done exactly this with Edge, which runs on Windows 10 S.

Throwing down the gauntlet

[tigersha]

MS likes to invite trouble??!!

No Known *Software* Works on Windows 10 S

[p91paul]

FTFY

Arrogance....

[ogdenk]

"Challenge accepted" ....said the 12 year old Lithuanian kid in his mom's basement. Expect ReallyWannaCry S Edition in weeks.

Known vs unknown

[Waccoon]

Pretty much by default, if software is known to be ransomware, Microsoft will remove it from the store. Thus, no known ransomware is on the store.

It's the unknown stuff that's the problem. It won't be known until after the timebomb has been released and the damage is done.

Gotta love word salad and technicalities.

Of course not

[Opportunist]

Malware is a business. For the same reason there is no malware working on some obscure NeXT clone OS, it doesn't work on Windows 10S: Why bother writing malware for a system nobody uses?

Re:Granular permissions

[Opportunist]

With other malware I'd agree, with ransomware this isn't the case. Ransomware doesn't actually require any elevated permissions, that's what makes it so successful. What does ransomware want to access? Local files in the user storage space. I.e. exactly the files that the user needs to be able to manipulate in his every day business. It needn't install a service, it needn't create files in non-user spaces, it has no reason to write into the registry.

What ransomware needs to do, and I agree with you on that ground, is to run software from an "odd" place, like the download directory, the temp directory or the user directory, i.e. from places where there should be no executable file in a normal work environment. That can be dealt with via software policies and execution prevention of software from places other than whitelisted directories where executables are stored.

At least as long as you don't have some harebrained copy protection mechanism that does some unpacking to /tmp to run from there.

Re:Two ways this is believable

[Opportunist]

Or just get their appstore to do the malware distribution for you.

Or do you really think MS will check more about your software than whether its revenue stream is flowing?

can't run programs outside store?

[sad_]

you can browse the web right? because it has the edge browser (you know, the most secure browser of the big 3).
sure, edge might run in a container or something similar, and those are secure, right?
better read up on the last pwn2own - https://arstechnica.com/securi...

of course it doesn't

[ilsaloving]

They made sure that no known *software* will run on Windows 10 S, so obviously Wannacry won't run.

The next generation of Wannacry though, is another story. Someone just has to use a fraudulent code signing certificate or whatever else Microsoft does with their store apps, or somehow masquerades as another application, and we're back to status quo.

Yet game console lockdown succeeded

[tepples]

Having an operating system that just works with applications that they pre-approved, and nothing else is a terrible idea. They tried this with Windows RT, look where they are now?

Microsoft tried this successfully with Xbox, Xbox 360, and Xbox One. Apple tried this successfully with iPod classic 5, iPhone 3G, iPod touch 2, and iPad. Sony tried this successfully with PlayStation, PlayStation 2, PlayStation 3, and PlayStation 4. Nintendo tried this successfully with NES, Super NES, Nintendo 64, Nintendo GameCube, Wii, and (so far) Nintendo Switch. Nintendo also tried it with Wii U, but that platform was less successful for reasons other than the lockdown.

So how did these other locked down platforms succeed where Windows Phone 7, Windows Phone 8, and Windows RT failed?

Re:Yet game console lockdown succeeded

[david_thornley]

As examples, you named iOS devices and a bunch of gaming devices. Most people buy their game consoles for the purpose of running games that are released for that console. If they also want a computer, they typically buy a computer.

iOS works because there's so many and so varied apps in the App Store that it isn't a practical problem for the most part.

RT may have failed partly because Microsoft had no idea how to market it. Calling something Windows RT suggests that it will run Windows programs. It may also have failed because there weren't enough apps, and because it was something of a latecomer. The Surfaces that run real Windows are at least moderate successes.

UWP enforces file-level permissions

[tepples]

What does ransomware want to access? Local files in the user storage space. I.e. exactly the files that the user needs to be able to manipulate in his every day business.

The user's everyday business needs to access files that the user chose through the operating system's file chooser form. Ransomware, by contrast, needs to access the user's entire home directory. This is why modern sandboxed environments, such as OLPC Bitfrost, the Mac App Store Sandbox, and UWP, lock applications out of any file or directory that the user hasn't chosen through a file chooser form requested by that application.

What ransomware needs to do, and I agree with you on that ground, is to run software from an "odd" place, like the download directory, the temp directory or the user directory, i.e. from places where there should be no executable file in a normal work environment. That can be dealt with via software policies and execution prevention of software from places other than whitelisted directories where executables are stored.

Then watch ransomware install itself to Visual Studio's temporary directory, where executables are supposed to be stored during the normal course of operation. This is why Microsoft won't be able to bring Visual Studio to Windows 10 S.

Re:Malware doesn't go through official channels

[tepples]

The old wipe-and-Linux won't work if Windows 10 S devices come with Restricted Boot, which means UEFI Secure Boot that a device's owner cannot reconfigure. Microsoft licensed Windows RT only to OEMs who promised to configure all Windows RT devices with Restricted Boot.

Even without Restricted Boot, wipe-and-Linux will fail if manufacturers of components of said devices fail to cooperate with driver developers. You'll likely end up with unaccelerated graphics, no audio, no network, and no suspend.

"According to Microsoft"

[dl_sledding]

Whichever M$ employee who wrote that press release will be looking for a new job when the "Challenge accepted" group goes berserk to prove him wrong. And they give the reason that M$ needed to be taught a lesson (again).

Anyone looking for a cheap ex-M$ marketing person?

Re:No ransomware

[tepples]

Does Chromium, the build of Chrome with all non-free parts stripped out, also log keys?

Re:ummmmm

[david_thornley]

Of course, Microsoft doesn't know right now of existing malware that exploits an Edge vulnerability and works as ransomware, so they're correct in saying no known ransomware works.

I'd be worried about unknown ransomware, but that's me.

Re:ummmmm

[ArmoredDragon]

TFA isn't clear on whether this is a Microsoft statement, or their own, but it seems to say that ransomware won't work simply because it won't run on the OS without being signed.

Re:ummmmm

[david_thornley]

Assuming that Microsoft is perfect in keeping malware out of their store,and there's no other way to get executable code in, this is true.

Re:ummmmm

[ArmoredDragon]

But there is another way to get executable code in, namely through exploits like the SMBv1 vulnerability that wannacrypt used, or the three Edge exploits found at the last pwn2own event.

If you get executable code in that way, then signing is irrelevant, and so is the MS store. Sure, wannacrypt was written like shit and had to download its own executable separately, but a good hacker should be able to inject a proper malware payload.