Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer' (zdnet.com)

Posted by msmash on from the hold-my-beer dept.

Earlier this month, Microsoft said "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack," adding that "no known ransomware works against Windows 10 S." News outlet ZDNet asked a security researcher to see how good Microsoft's claims were. Turns out, not much. From the report: We asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system? It took him a little over three hours to bust the operating system's various layers of security, but he got there. "I'm honestly surprised it was this easy," he said in a call after his attack. "When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would've wanted more restrictions on trying to run privileged processes instead of it being such a short process."

2 of 125 comments (clear)

  1. Re:Meh by ledow · · Score: 5, Interesting

    You wish.

    I often run suspicious files through AV websites like TotalVirus.com

    You'd be AMAZED how much old stuff sitting in my inbox for 5 years won't be picked up by big-name anti-virus suites even with "heuristics".

    And if you tweak it by just one byte (e.g. javascript viruses and changing a code-path ever-so-slightly), it'll usually zoom through ALL of them.

    Sorry, but AV is just a constantly out-of-date database of things that MILLIONS of people have already caught, that is used as a lookup for every file access. In terms of protecting your computer, it's useless (or WannaCry wouldn't have happened, even on non-updated machines). In terms of doing so efficiently, it's absolutely atrocious.

  2. uh.... by circularWaffle · · Score: 5, Informative

    Does MS realize that infection/breach through macros is NOT a new/unknown/zero day thing? That's why the "Protected View" is in place in the first place..........Yes, the protection is in place....But it doesn't mean that a user isn't going to deliberately ignore any warnings just because, "idk I just thought it was a document from my friend and didn't think about it". That shit happens all the time! This is now a known exploit. I mean, seriously, go fix the issue MS.