Slashdot Mirror
Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer' (zdnet.com)
Earlier this month, Microsoft said "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack," adding
that "no known ransomware works against Windows 10 S." News outlet ZDNet asked a security researcher to see how good Microsoft's claims were. Turns out, not much. From the report: We asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system? It took him a little over three hours to bust the operating system's various layers of security, but he got there. "I'm honestly surprised it was this easy," he said in a call after his attack. "When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would've wanted more restrictions on trying to run privileged processes instead of it being such a short process."
i know nothing...Sgt Schultz
I'm usually a fan of MS, but that is some bull if I ever heard it. Maybe there is not a known ransomware because no one thought to make one yet, I didn't even really realize that OS was even out yet.
MS can't possibly know all the ransomware out there, however, I think MS does a terrible job at fixing anything. I had a friend who bought a MS product but in working with it he found a bug. He calls MS support. They research it but they say with his level of support, they can't go any further without premium support. So he pays for premium support. Premium support confirms that it is a bug. He asks when a fix is possible. They say they are not going to fix it. He asks why the heck did his premium support money do? For the privilege of telling him that it was a bug apparently.
Well, there's spam egg sausage and spam, that's not got much spam in it.
What's interesting is that Windows 10 S is supposed to only run apps from the store. So by finding a way for it to run ransomware, they have also found a way for it to run basically any other piece of software. Personally, I don't know why MS thinks it's a good idea to limit the software that runs on a machine. Windows RT failed for a reason. People want to be able to run whatever software they like.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
"We can tell because Windows 10 runs tons of snoopware."
Table-ized A.I.
Back in the days of Mac OS8, he proclaimed that the MacOS was virus-proof.
Big mistake.
By the end of the week at least a dozen or so viriii were released into the wild and Jobs had to eat humble pie.
First rule of holes; When in one, stop digging.
does windows 10 S let intel / amd / nvidia / others run there non app store drivers?
I think this is always silly when a company claims something like this, and I think everyone in the industry understands that. However, it gets headlines, and will be used for marketing. All the normal users though will never see this article explaining why it's bull, but they'll remember 'Hmm Windows S doesn't get ransomware'. Now maybe some of the marketing people really believe this statement, however I highly doubt any of the devs or engineering team truly thought 'ah ha! We've done it!'
I will shred my adversaries. Pull their eyes out just enough to turn them towards their mewing, mutilated faces. Illyria
Even if it was impossible to get ransomware in there, is there any value to it? You know, it's also impossible to run ransomware on my cheap calculator, and that one at least has a following. :P
contact censorship should not be part of an app store if any thing apple can have an adults only one and and an open politics ones
You wish.
I often run suspicious files through AV websites like TotalVirus.com
You'd be AMAZED how much old stuff sitting in my inbox for 5 years won't be picked up by big-name anti-virus suites even with "heuristics".
And if you tweak it by just one byte (e.g. javascript viruses and changing a code-path ever-so-slightly), it'll usually zoom through ALL of them.
Sorry, but AV is just a constantly out-of-date database of things that MILLIONS of people have already caught, that is used as a lookup for every file access. In terms of protecting your computer, it's useless (or WannaCry wouldn't have happened, even on non-updated machines). In terms of doing so efficiently, it's absolutely atrocious.
... would make it harder for state actors to compromise. State actors want a compromiseable OS.
Windows 10S is nothing more than a play to walled garden Windows, by appealing to consumers fears, all while the customer pays for the pleasure. Hopefully someone will file a class action for false advertising (since actually hacking the OS was a trivial 3 hours for someone who knew what they were doing).
It is high time that companies take cyber security seriously, before someone hacks a windows computer running some critical system and causes a major accident (oh wait, that has happened multiple times already). For far too long companies have played fast and loose with the word secure.
Is it possible for MS to make a hardened version of Windows? Probably, but it would require a fundamental re-thinking of how windows runs, and there would be a performance hit. MS would have to spend real resources on the security aspect, and that would take resources away from developing the shiny interface tweaks that no one gives a shit about but the MBAs think is critical...
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
The real reason is to get an extra $50 from poor students. Notice how it's marketed only to students but students often need to run custom software for their courses so they end up paying the $50 ransom or return it for a real laptop.
Does MS realize that infection/breach through macros is NOT a new/unknown/zero day thing? That's why the "Protected View" is in place in the first place..........Yes, the protection is in place....But it doesn't mean that a user isn't going to deliberately ignore any warnings just because, "idk I just thought it was a document from my friend and didn't think about it". That shit happens all the time! This is now a known exploit. I mean, seriously, go fix the issue MS.
Are they suggesting that the less capable the operating system, the more virus proof it is?
I think I can dig out a set of WfW floppies...
I'll see your Constitution and raise you a Queen.
5. User had shitty password
6. User left device logged in for someone else to access
7. etc
There's a point where it's vulnerable just through software or it's not. I think you can say its more vulnerable than you'd want, at least because it was an actual software vulnerability and didn't require it to be hooked up to some forensic analysis hardware.
No known ransomware is running on my Windows 7 system either.
Seven puppies were harmed during the making of this post.
Drivers for Windows 10 S must meet these requirements. I imagine that participants in a public driver beta test would use Windows 10 Pro instead of Windows 10 S.
I needed a good laugh today.
"I'm pretty sure my last words are going to be 'Hold my beer and watch this'"
Calvin:Do you believe in the devil? Hobbes:I'm not sure man needs the help.
ONLY apps can app apps!
How so? Microsoft bans anything remotely similar to Visual Studio on Windows 10 S. "Prepare to package an app (Desktop Bridge)" lists the following as an issue that must be addressed before packaging an app:
or WannaCry wouldn't have happened, even on non-updated machines
That's a good point. A known vulnerability is surely one of the easiest heuristics to catch.
"First they came for the slanderers and i said nothing."
contact censorship should not be part of an app store if any thing apple can have an adults only one and and an open politics ones
In Your Not So Humble Opinion, of course.
Which part of "People who own iPhones/iPads understand the reasoning behind, and are used to, the App Store Restriction" didn't you understand?
Question: Doesn't "Freedom of Choice" INCLUDE the "right" to join a "Members Only" Club? Afterall, no one FORCES you to buy an iPhone/iPad.
I think you meant virustotal.com
Minimum threshold fixed. Thanks!
You're new to this whole Microsoft thing, aint'cha?
Editor, A1-AAA AmeriCaptions
He had to download Word via the app store, create a malicious macro to run it after starting it explicitly with admin privileges, mount a network drive to place the macro (because Word won't run downloaded ones), use the macro from there _and_ explicitly ignore a warning that said it was insecure.
Who calls that easy? This would require a good amount of social engineering, which will always be capable of being used to install and run something arbitrary. Normal users, even with admin rights, don't start Word with administrative privileges. They also would not be able to install the macro in a convenient location just so that it could run. Finally, you would have to convince them to click "Enable" to avoid the security warning, which is probably the easiest part.
How is that any different from running Linux and being tricked to run as root to execute an unknown shell script. Ordinarily the OS is not susceptible to it, but if you force it to be then you can always make it so. It would be just as "easy" to convince the user to let you takeover their desktop via remote desktop, with admin rights, and then you can proceed to pillage their computer.
English is such a logical and regular language! No wonder it is the language of exchange between peoples.
Linux is for people who don't mind RTFM.
Based on the comments so far, perhaps four or five people actually read the article
It appears that War4peace is one of these, and so far he is the only person to make a post directly addressing the problems with the linked article based on the technology.
And he got marked down to -1.
WTF Slashdot people.
Two hours before your comment I was at +5... I guess the Microsoft-hating crowd woke up :)
No matter though, I admit I read the article to figure out what the hell did Microsoft fuck up this time, but I couldn't find it. So I thought it would be good to call this specific hate as bullshit, because we all should aim at being objective at least when analyzing hard data.
I pissed off the wrong people, it seems :)
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
In typical modern slashdot fashion, a person is marked up because he made a "cool" sounding claim. This claim of course is unsupported, and is likely made up. But hey, don't let truth get in the way of a good story, right?
This particular lie bothered me because I remembered reading something a long time ago that implied the opposite. I will admit it took me the better part of an hour to find this article. It is about how the U.S. Army had switched to Mac OS in 1999 for their web page, since they were sick of having it defaced. (this is pre OS X).
https://tidbits.com/article/55...
I am beginning to wonder if the difference between a lawyer and the typical shashdot poster is that a lawyer makes a fast based argument, sometimes.
"Liberalism is a very noble idea, currently controlled by some very bad people. Be sure you do not get the two confused.
3 Hours! 3 Whole Hours! WOW. I am sure nobody on the planet who would write ransomware is going to invest THAT much time! idiot.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Isn't this essentially cheating? If Word is opened by a user, it's only opened at standard user privileges, even if that user is a member of the admin group.
The use of a macro is clever enough. But if it hinges on Word running as Admin, then I have to question whether this is anything more than a publicity stunt.
In fairness to Microsoft, if you want to run real programs, then you should get something that runs a real operating system.
Windows 10S is not a general purpose OS, it is an appliance OS. Expecting it to be anything else is unrealistic.
Because it's hard to have ransomware running on a shit toy gimped OS that very few people want to use and thus not in any kind of widespread use.
Read the whole story and think... Then you'll know this 'researcher' is just bullshitting. You already need to start word in admin-mode (first thing that makes ms their claim still stand), then you need to click on the activate macro's button, and in the end you still need to be able to install the malware which is not on the ms windows store and therefore cannot simply be installed, but that's something he doesn't even do claiming with some bullshit about not wanting his network to be infested.. no this is just a clickbait article by zdnet for triggering some extra ad revenue...
Fact is, it didn't work out of the box. So none of the 10S machines were infected by Wannacry. Fair enough. However the whole big deal of 10S is that it's supposed to be fricking hard, like Linux/Unix hard to break it since they eliminated all of the buggy 32 bit API calls. Looks like it's the same old crap. They didn't fix the OS. It's like the 16-32 bit transition all over again.
The researcher should be able to do it whilst holding his beer. Consider it a fair handicap for Windows.
So they aren't wrong!