"the antithesis of a strong and stable operating system"
Run for your lives, the body snatchers have claimed yet another victim.
Windows XP PCs infected by WannaCrypt can be decrypted without paying ransom by using a new utility dubbed Wannakey. Wannakey offers in-memory key recovery for Win XP machines infected by the infamous ransomware strain. The fix can be used to dump encryption keys from memory. This RSA private key, once recovered, can be used …
Run for your lives, the body snatchers have claimed yet another victim.
We have about 50 XP machines. None of them were hit. That sounds pretty strong and stable against the 10% of Win7 that have had to be reimaged.
Same here.. 20 XP machines and none hit due to port 445 being blocked in the windows firewall. We use them for tasks other than file sharing.
My feelings about windows lies somewhere between "despise" and "hate". Nonetheless the "antithesis.... " comment in the article is unsubstantiated nonsense. As a desktop OS it's uptime is comparable to Linux, if not quite as good. Of course, I am ruthless in minimizing changes on windows, regardless of version.
If you want true up-time, look no further than Windows 98 SE. We found a machine in our new office building that runs some proprietary software to control the air-conditioning systems across a suite of clean rooms. This thing has been running for 7 years since it's last reboot!!
That contained a bit of extraneous text:
XP is, of course, the antithesis of a strong and stable operating system even when it doesn't have a malware infection
There, fixed it for you.
I know there's a whole world out there that doesn't want to face the naked facts following the same sort of self delusion that got Trump elected, but fact is fact - even if you have spent the last, well, rough decade or so denying it. You can secure anything, but it takes a lot less effort if you don't start with a foundation of wet merengue.
The default settings were rubbish, both on Services and Network Interfaces. But that is true with EVERY version of windows.
Properly installed, decent drivers, no rogue apps and users as users, not admin, it's totally stable and fairly secure.
However MS has totally annoyed me with MS Office after 2003, then Win8 and Win10, so after 20 years of promoting and installing MS products, I don't care any more. Also using UNIX since 1985 and Linux since 1999, I now 100% use Linux Mint / Mate / Redmond theme on the laptop got last November, even though I paid Lenovo extra to have Win 7 pro.
My Windows machines generally stay up for about a month between Patch Tuesdays. My FreeBSD machines have been up since I turned the electricity off to replace a wall socket just before Christmas.
"TCP port 445 is used for direct TCP/IP MS Networking access without the need for a NetBIOS layer. This service is only implemented in the more recent verions of Windows (e.g. Windows 2K / XP). The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2K/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP, ports 137, 139 and 138/udp). In Windows 2K/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445."
ACK on FreeBSD stability. usually a crash in FBSD is hardware related, like bad RAM or aging video or possibly a BLOB driver that has a bug in it... [or messed up power supply, had that happen a couple of times]
@katrinab. I hope your downvote was for not having a proper UPS.
Can you tell me what a 'merengue' is please ?
I think it's a kind of dance.
Would adding a fresh boot disk and re-infection give the same key or a different one?
Hey at least the guy bothered. He's not asking for money for it either. If there's another similar outbreak then this tool might come in very useful for people if it can be adapted.
Maybe dumping memory contents to an external file asap on discovering an infection might become a thing.
Problem is, the next iteration will include a reboot after infection and there will be more versions of this. This looks like a version that was rushed to be put in place first. Other, more effective versions will follow as the vulns are exploited by more experienced individuals.
It sounds like they didn't overwrite the key in memory after sending it. This is easy to overlook, and being sure you've overwritten it might not even be possible in a heap-based language, or one that uses immutable strings.
Has the OP been listening to too many election speeches by Theresa May?
Haven't you got the message? These are the only adjectives which matter now. Use others at your peril.
How about the operating system of chaos?
XP: First 2 articles below helped shut down XP outstanding open ports fine. But 3rd article for Win7 didn't go anywhere. Overall, the built-in Win7 Firewall blocks apps fine, but Port blocking isn't working:
Port 445: (Tied into File-Sharing):
Win7-Box-1 - Success, but can't replicate it to 2 other boxes.
Win7-Box-2 - No joy even matching every WF.msc FS setting.
Win7-Box-3 - No joy even matching every WF.msc FS setting.
Port 135: (Tied into RPC):
Win7-1 Crashes in Default-Protocols. Default-Properties already UnTicked.
Win7-2 Default-Properties already UnTicked, no entries in Default-Protocols.
Win7-3 Can't access menu for either Default-Properties or Default-Protocols.
Or alternatively apply the Microsoft patch to stop Wannacrypt being able to use the exploit?
Or am I just being naive?
Trust Microsoft? Hm... Trust them that the patch fixes it properly, that is.
This update failed to install ...
Had a similar issue here. Ultimately, on the third try, it took from the command line right after a reboot.
Yep, no luck with the update so far etc.
Didn't want to overly rely on it anyhow...
fix it so ONLY the NSA can exploit you...
black helicopters! oh, NO!
If it relies on getting the data out of memory would this also be in the swap file if the PC hasn't been restarted? If so then there should be scope for recovering of the disk is taken out and mounted on another running system.
"If it relies on getting the data out of memory would this also be in the swap file if the PC hasn't been restarted? If so then there should be scope for recovering of the disk is taken out and mounted on another running system."
I suspect that this would only be true if the encrypting code had got swapped out of RAM before turning the machine off. Not that likely I guess.
It's possible to ask that memory not to be swapped, e.g. because you are going to store passwords. Whether the virus did this is another matter.
They start spreading ransomware while claiming it's an antidote?
Windows XP is, of course, the antithesis of a strong and stable operating system even when it doesn't have a malware infection
Seriously? For its day, nearly 20 years ago, it was a fine operating system. So good, in fact, that people stayed on it for as long as they have for one reason or another. Is it strong by today's standards? Of course not. But it got the job done for a lot of years for a lot of people. So ease off, eh? :)
I loved XP! Having started with MSDOS 2.x it was like the OS from the future. However it did have a few* problems.
1) XP did not seem to be able to free up memory after use. Photoshop was the worst culprit, it would grab all your memory and not release it when closing. (I know that memory use could be restricted in the Photoshop preferences).
2) Every bastard in the world wrote malware for it. XP became unusable. I ended up spending more time trying to keep it going than actually using it.
3)* other stuff :(
I abandoned Windows when Vista arrived, good luck to all of you who still need it.
When you look at how many computers are running Windows today, the percentage of people having any issues on modern versions of Windows that keep them updated is pretty damn low. The pocket pen protector crowd that gathers here are far from normal. I keep coming back for the comedy of watching geeks bitch and moan.
Agreed. As a PC user since MSDOS days, I've had generally positive experiences with W95 XP W7 and now W10 on many machines. If you're careful what you do, (don't click on everything in sight...), disable all privacy related options, use a good NAT router, (check all ports closed with Shields Up), along with a good software firewall, AV and anti-malware & keep everything updated you'll be fine. (My Avira AV and Malware Bytes anti-malware never detect anything). I also have Linux mint on another box I use mainly for sandbox purposes, but generally W10 is the preferred choice for everyday use.
From providing IT support, the nut on the keyboard is the most unreliable component whatever OS is used.
There are a lot that apparently didn't take up the free W10 upgrade offer and I suspect that they are now feeling a tad foolish & bitter about it... It was pretty obvious from the outset that W10 was a bit raw, (in effect still in early development), but it should also have been clear that W10 was the right path to take after the W8 debacle and that the path was an evolutionary one and needed some patience. I've enjoyed the ride and now think that W10 has the potential to be the best Windows version to date.
If it is not in the swap file, could it be recovered from hibernate? Just a thought. Although if faced with that situation, I might have hoped to recover the previous configuation from the existing hibernate file.
I thought XP one of the better incarnations, along with 2000, 98 SE and 7. Much less good were ME, Vista, and 8.0 which I luckily managed mostly to avoid. Relatively speaking, as always. And excluding current reality. In the day, I liked OS/2, but work required Win95.
I would imagine that most people - upon finding they're infected - leap for the power button immediately.
Biting the hand that feeds IT © 1998–2018