Welcome to WebmasterWorld Guest from 54.90.119.59

Forum Moderators: bill

Message Too Old, No Replies

Win10S doesn't appear to be as invulnerable to ransomware as claimed

     
12:18 am on Jun 24, 2017 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts: 15039
votes: 139


http://www.zdnet.com/article/microsoft-no-known-ransomware-windows-we-tried-to-hack-it/ [zdnet.com]

Microsoft says 'no known ransomware' runs on Windows 10 S -- so we tried to hack it

Microsoft claims "no known ransomware" runs on Windows 10 S, its newest, security-focused operating system.

The software giant announced the version of Windows earlier this year as the flagship student-focused operating system to ship with its newest Surface Laptop. Microsoft touted the operating system as being less susceptible to ransomware because of its locked-down configuration -- to the point where you can't run any apps outside the protective walled garden of its app store. In order to get an app approved, it has to go through rigorous testing to ensure its integrity. That's one of several mitigations that helps to protect the operating system to known file-encrypting malware.

We wanted to see if such a bold claim could hold up.

Spoiler alert: It didn't.
2:09 am on June 24, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10641
votes: 630


Here's how he did it.
Hickey created a malicious, macro-based Word document on his own computer that when opened would allow him to carry out a reflective DLL injection attack
Well that's different than downloading a malicious file that has to get through numerous anti-virus/malware/spyware filters. Zdnet can get a bit sensational at times.
2:53 am on June 24, 2017 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:3560
votes: 197


I was reading an article today (sorry, behind a paywall) that was describing an attack that leaves no tracks and a backdoor that can be exploited by just about anyone. It's based on the NSA's DoublePulsar and it may be on any network. The reason I mention it here is because the article referred to a blog post by Brad Smith [blogs.microsoft.com] who is Microsoft's President and Chief Legal Officer, calling for a collective action against cyber attacks of all kinds after they patched for WannaCry. As soon as they patch one, there's two more, each one worse.