Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer'

Earlier this month, Microsoft said "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack," adding that "no known ransomware works against Windows 10 S." News outlet ZDNet asked a security researcher to see how good Microsoft's claims were. Turns out, not much. From the report: We asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system? It took him a little over three hours to bust the operating system's various layers of security, but he got there. "I'm honestly surprised it was this easy," he said in a call after his attack. "When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would've wanted more restrictions on trying to run privileged processes instead of it being such a short process."

HA HA

[Higaran]

I'm usually a fan of MS, but that is some bull if I ever heard it. Maybe there is not a known ransomware because no one thought to make one yet, I didn't even really realize that OS was even out yet.

Re:Interesting

People want to be able to run whatever software they like.

Some people obviously do. But iOS is also highly successful.

Re:"Known" is the keyword

[NicknameUnavailable]

MS can't possibly know all the ransomware out there, however, I think MS does a terrible job at fixing anything.

Are you suggesting MS doesn't actively develop malware for their older systems to encourage people to upgrade? Because that would be a stupid suggestion.

Re:Meh

[ledow]

You wish.

I often run suspicious files through AV websites like TotalVirus.com

You'd be AMAZED how much old stuff sitting in my inbox for 5 years won't be picked up by big-name anti-virus suites even with "heuristics".

And if you tweak it by just one byte (e.g. javascript viruses and changing a code-path ever-so-slightly), it'll usually zoom through ALL of them.

Sorry, but AV is just a constantly out-of-date database of things that MILLIONS of people have already caught, that is used as a lookup for every file access. In terms of protecting your computer, it's useless (or WannaCry wouldn't have happened, even on non-updated machines). In terms of doing so efficiently, it's absolutely atrocious.

Real Security isn't Cheap

[LeftCoastThinker]

Windows 10S is nothing more than a play to walled garden Windows, by appealing to consumers fears, all while the customer pays for the pleasure. Hopefully someone will file a class action for false advertising (since actually hacking the OS was a trivial 3 hours for someone who knew what they were doing).

It is high time that companies take cyber security seriously, before someone hacks a windows computer running some critical system and causes a major accident (oh wait, that has happened multiple times already). For far too long companies have played fast and loose with the word secure.

Is it possible for MS to make a hardened version of Windows? Probably, but it would require a fundamental re-thinking of how windows runs, and there would be a performance hit. MS would have to spend real resources on the security aspect, and that would take resources away from developing the shiny interface tweaks that no one gives a shit about but the MBAs think is critical...