Win 7 was main victim of WannaCry (97%)

Impetus

https://arstechnica.com/security/2017/05/windows-7-not-xp-was-the-reason-last-weeks-wcry-worm-spread-so-widely/

Windows 7 rather than XP was the main victim of WannaCry.

MS was supposed to have patched Win 7 in March against this worm/malware. As they appear to have done with Win 10.

Did the patches not work on Win 7?

Or is it part of a plan to make everybody move to Win 10 - to make life easy for MS?

Is it not time for an end to exclusion clauses in software vendor ("shrink wrap") agreements by law? In the EU, while food packaging has to disclose ingredients etc, wine, spirits etc are exempt from ingredient disclosure on labels. It is the same stuff - it all goes into the human body. Do they (the drinks industry) pay a big bribe for this concession to the EU or EU commissioners or what? And is it the same for software developers?

Jayd0g

Impetus wrote: »

https://arstechnica.com/security/2017/05/windows-7-not-xp-was-the-reason-last-weeks-wcry-worm-spread-so-widely/

Windows 7 rather than XP was the main victim of WannaCry.

MS was supposed to have patched Win 7 in March against this worm/malware. As they appear to have done with Win 10.

Did the patches not work on Win 7?

Or is it part of a plan to make everybody move to Win 10 - to make life easy for MS?

Is it not time for an end to exclusion clauses in software vendor ("shrink wrap") agreements by law? In the EU, while food packaging has to disclose ingredients etc, wine, spirits etc are exempt from ingredient disclosure on labels. It is the same stuff - it all goes into the human body. Do they (the drinks industry) pay a big bribe for this concession to the EU or EU commissioners or what? And is it the same for software developers?

From the article linked:

"Instead, it now appears, the leading contributor to the virally spreading infection were Windows 7 machines that hadn't installed a critical security patch Microsoft issued in March".

Blowfish

Impetus wrote: »

https://arstechnica.com/security/2017/05/windows-7-not-xp-was-the-reason-last-weeks-wcry-worm-spread-so-widely/

Windows 7 rather than XP was the main victim of WannaCry.

MS was supposed to have patched Win 7 in March against this worm/malware. As they appear to have done with Win 10.

Did the patches not work on Win 7?

Or is it part of a plan to make everybody move to Win 10 - to make life easy for MS?

I'm by no means the biggest fan of some of Microsofts antics, but you are seriously bordering on conspiracy sillyness with this. Microsoft was informed of the issue and patched it correctly for all their versions of their OS. In fact, 6 months prior to any of this happening, they were urging people to stop using SMBv1. If people had actually listened, none of this would have happened.

If anything, you should be giving out about the NSA, they were the ones who discovered it, didn't disclose it to Microsoft, ended up compromised and then had their source code released on how to exploit it.

B00MSTICK

I love when Impetus starts a new thread!

It's not really surprising - I imagine the vast majority of firms have moved on from XP at this stage, I'm not saying they aren't there but in my experience its its certainly the exception rather than the rule.

Plenty of workstations would be running 7 and if the patch management processes are a bit lax then...

Bacchus

B00MSTICK wrote: »

I love when Impetus starts a new thread!

It's not really surprising - I imagine the vast majority of firms have moved on from XP at this stage, I'm not saying they aren't there but in my experience its its certainly the exception rather than the rule.

Plenty of workstations would be running 7 and if the patch management processes are a bit lax then...

Not to mention the number of VMs out there that probably have no patch process in place at all.

Impetus

B00MSTICK wrote: »

Plenty of workstations would be running 7 and if the patch management processes are a bit lax then...

I don't want to do business with any entity where patch management 'is a bit lax'

Your casualness to computer security is alarming.

I know there are many instances of Windows 7 running. There are many instances of Win 10 too. How is it that so few Win 10 instances were involved with Wannacry compared with Win 7?

At the moment some 45% of PCs run Win 7 and 34% run Win 10. The incidence of Wannacryization within Win 7 land compared with Win 10 land does not stack up. Something smells about it.

ifah

Impetus wrote: »

I don't want to do business with any entity where patch management 'is a bit lax'

Your casualness to computer security is alarming.

I know there are many instances of Windows 7 running. There are many instances of Win 10 too. How is it that so few Win 10 instances were involved with Wannacry compared with Win 7?

At the moment some 45% of PCs run Win 7 and 34% run Win 10. The incidence of Wannacryization within Win 7 land compared with Win 10 land does not stack up. Something smells about it.

Can you post your links to stats on numbers of win 7 versus win 10 computers ?

I've only been on 1 site recently who are in pilot for win 10. All others win 7 or others.

ItHurtsWhenIP

ifah wrote: »

Can you post your links to stats on numbers of win 7 versus win 10 computers ?

I've only been on 1 site recently who are in pilot for win 10. All others win 7 or others.

The stats from here show Win7 @ 48.5% and Win10 @ 26.3% and XP is still more prevalent than 8.1 :rolleyes:.

Bacchus

Impetus wrote: »

I don't want to do business with any entity where patch management 'is a bit lax'

Your casualness to computer security is alarming.

BOOMSTICK only pointed out that there are plenty of organisations with lax patch management. That's not a reflection on his approach to security, it's just an observation he made to provide context as to why Windows 7 system might have been so badly affected when there was a patch available 2 months ago.

Impetus wrote: »

I know there are many instances of Windows 7 running. There are many instances of Win 10 too. How is it that so few Win 10 instances were involved with Wannacry compared with Win 7?

At the moment some 45% of PCs run Win 7 and 34% run Win 10. The incidence of Wannacryization within Win 7 land compared with Win 10 land does not stack up. Something smells about it.

I did a little searching there and Windows 10 wasn't vulnerable to WannaCry. So it's as simple as that. No conspiracy, just a newer OS that did not have the vulnerability that existed in older versions of Windows.

nate.drake

It's a continuing mystery to me why people neither update nor backup regularly. Hopefully hearts and minds will change one day.

Bacchus

nate.drake wrote: »

It's a continuing mystery to me why people neither update nor backup regularly. Hopefully hearts and minds will change one day.

Cost. The simple sad truth. Security is always one of the last things to be done, and first things to be compromised on when businesses look to cut their operating cost. To roll out a proper patch management process for an SME requires a dedicate system admin to manage it. That's simply not something many companies can afford. As companies grow too, security gets left behind until something happens to trigger them into action. It's a huge problem. You also have a similar issue in sensitive industries such as health care that 1) also don't have the budget to support proper IT security practices, and 2) have a lot of red tape to get around to refresh their infrastructure.

nate.drake

Good point Bacchus. I know NHS in UK have a lot of custom software for Windows XP, they'd need to pay Developers to create new versions most probably. Such a shame they didn't use Linux from day one!

spaceHopper

Had a look at my laptop it's running W7 Home edition, it hadn't run an up date since the middle of 2016, turn out a lot of w7 machines are broken an update broke well the auto updates! There is a utility to fix it from MS but you have to know to look for it. Didn't get chance to finish updating mine. I'll report back soon

Impetus

ifah wrote: »

Can you post your links to stats on numbers of win 7 versus win 10 computers ?

I've only been on 1 site recently who are in pilot for win 10. All others win 7 or others.

I found the numbers with a google search - which I should have posted the link to - some US PC mag website from memory. Can't find the same reference again. However I find this summary, which is not a million km apart

https://www.google.com/search?q=computers+using+windows+7+and+windows+10&ie=utf-8&oe=utf-8&client=firefox-b-ab#q=market+share+Windows+7+Windows+10

Impetus

nate.drake wrote: »

It's a continuing mystery to me why people neither update nor backup regularly. Hopefully hearts and minds will change one day.

Agreed. With multiple backups, ideally using different technologies, as well as real-time online backup - with multiple generations allowing one to turn the clock back incrementally.

I woke up this morning, and my fiber internet was down. Fortunately I had a slower (100 Mbits/sec) cable internet as backup (which comes with the TV service), and if both of those were down I had 4G+ tethering to fall back on. Using different carrier platforms.

DOCSIS3 internet is slow mainly because the bandwidth has to be shared with hundreds of TV and movie channels. I live in an apartment and the regulations do not allow satellite dishes. Cable TV is not brilliant on a 4K set. When I am in Ireland, I have a house with a dish pointed at Astra 1 constellation (which covers all of Europe) - which I plan moving to Fransat when 4K HDR (mainly French) TV becomes available. HDR does more for a picture than 4k. Whatever it is in life, one always needs a plan B and ideally plan C too. Hence the need for backups.

Impetus

Bacchus wrote: »

Cost. The simple sad truth. Security is always one of the last things to be done, and first things to be compromised on when businesses look to cut their operating cost. To roll out a proper patch management process for an SME requires a dedicate system admin to manage it. That's simply not something many companies can afford. As companies grow too, security gets left behind until something happens to trigger them into action. It's a huge problem. You also have a similar issue in sensitive industries such as health care that 1) also don't have the budget to support proper IT security practices, and 2) have a lot of red tape to get around to refresh their infrastructure.

I have friends who have businesses, and the software they use for mission critical stuff in written for them. I emailed one of them suggesting that they update to Server 2016 (because his system is not air gaped from the internet). He bought a new server box and a copy of the operating system to test the application on, and his 'home brew' software didn't work. So they will have to spend €€€€€€€€€ to update the applications they created before using the latest Microsoft server. It is probably cheaper to have a separate network and two PCs on every desk - one for internet/email and the other for secure in-house stuff - rather than updating custom software! Superglu the USB ports on one of the networks.

B00MSTICK

Bacchus wrote: »

Impetus wrote:

I don't want to do business with any entity where patch management 'is a bit lax'

Your casualness to computer security is alarming.

BOOMSTICK only pointed out that there are plenty of organisations with lax patch management. That's not a reflection on his approach to security, it's just an observation he made to provide context as to why Windows 7 system might have been so badly affected when there was a patch available 2 months ago.

Thank you Bacchus.

Unlike some people I do not post sensationalist nonsense which is usually just based on the headline of news stories without even trying to include a bit of rational thinking...

In general I base my posts on knowledge and experience of IT security in general as well as being able to give first hand insight into the many corporate environments I have actually performed testing in. Like many here, I also understand how these technical issues are viewed by the business.

Impetus wrote:

I found the numbers with a google search - which I should have posted the link to - some US PC mag website from memory. Can't find the same reference again. However I find this summary, which is not a million km apart

I'd argue that the difference between 34% and 26% is a million km apart.
Especially when Window 10 is available on many other devices.

So you got your data from "some US mag"? I wonder where they got their stats from? Maybe from the US?
You do realise that the vast vast majority of infections were in Russia, Ukraine, India and Asia in general right? The same Russia that hates US companies and last I heard had actually wanted to ban MS products from Government systems? Can't see them upgrading to Win 10 anytime soon (or paying for it at least)


The 2nd result in the google link you provided (such research. wow.) even says "Windows 7 market share rises at the expense of Windows 10"!


"casualness to computer security" indeed!

ifah

Impetus wrote: »

I have friends who have businesses, and the software they use for mission critical stuff in written for them. I emailed one of them suggesting that they update to Server 2016 (because his system is not air gaped from the internet). He bought a new server box and a copy of the operating system to test the application on, and his 'home brew' software didn't work. So they will have to spend ????????? to update the applications they created before using the latest Microsoft server. It is probably cheaper to have a separate network and two PCs on every desk - one for internet/email and the other for secure in-house stuff - rather than updating custom software! Superglu the USB ports on one of the networks.

Why advise they upgrade to Server 2016 ? Was this just an arbitrary recommendation or did you do any due diligence or research on software compatibility to support your proposal ?

Based on the experience he had, you just wasted his time / money.