tao Posted May 17, 2017 Share Posted May 17, 2017 The WannaCry ransomware has been a major news story over the last few days. It has infected hundreds of thousands of computers worldwide (mostly in Russia), including some well-known companies and institutions. All the programs in our public Main Test Series now detect the WannaCry malware samples by means of signatures, but we decided to find out which of these programs would have blocked the malware proactively, i.e. before the the outbreak started and the malware samples became known. We ran a proactive protection test, i.e. we used vulnerable Windows 7 systems with definitions prior to May 12th. A WannaCry malware sample was then executed on offline systems. The list below shows which of the tested programs would have protected the system, and which did not. < Table here in the original article not copied > [Note: Please do visit the article's webpage. ] As can be seen above, a majority of these products protected against this ransonware, but over 200,000 systems worldwide were compromised by it nonetheless. New variants might appear, and results for the next outbreak could look different. Users are advised to keep their systems patched, enable AV protection (i.e. do not disable features) and keep it up-to-date, as well as practising safe computing. Link to comment Share on other sites More sharing options...
tao Posted May 17, 2017 Author Share Posted May 17, 2017 Another informative, useful, document (PDF), a bit dated (2016): Protection test against ransomware threats. Synopsis: An objective of the test conducted by AVLab in October 2016 was to check a real protection provided by security software against threats of crypto-ransomware to home users and small and medium businesses. Results presented in this document reflect actual effectiveness of antivirus software, that by using all available protection components and correlated dynamic heuristic and behavioral methods, provide end users with comprehensive real-time protection, including a detection of unknown crypto-ransomware threats. Although, some tested security suites allow users to create a separate folder, where files are continuously monitored against modification by antivirus software, purpose of the test was to verify, if it handles modern and unknown threats of crypto-ransomware. This kind of malicious software is highly destructive — often causes a financial loss and affects a business productivity resulting in a standstill in a company. If interested, Please download and read the entire 15-page PDF document. Link to comment Share on other sites More sharing options...
Sylence Posted May 17, 2017 Share Posted May 17, 2017 This AV is good protection for it too https://padvish.com/index.php/en/ Link to comment Share on other sites More sharing options...
straycat19 Posted May 17, 2017 Share Posted May 17, 2017 The best protection against ransomware is not to do stupid things. Stupid things include clicking on a link in an email or downloading and opening an email attachment. Most people aren't smart enough to know how to check a link in an email to see where it is really going and no one should ever download an email attachment. Too bad most commercial ISPs don't take the steps that big business and government take on removing links and attachments in emails. If we want to send a link to someone we type it out in text only, like hxxp://google.com/nomalwarehere.html and everyone knows to copy and replace the x with t. Attachments are not allowed and contractors and other agencies know to upload any documents to our ftp server where they are scanned multiple times before being made available to the intended recipient. Everything that is being published now about protecting against WannaCry could have been done years ago if Microsoft hadn't kept the fact that SMB was vulnerable to itself. Now they want to blame it on the NSA for not telling them. Hell, they knew. How did I know to block the ports that it was using...because the SMB fault was well known, and those ports had been used by various malware for the last 18 years. I don't blame the NSA for not telling Microsoft, nor any other government agency, or even private security personnel who have found faults in the operating systems that can be utilized for the good of the nation. There are holes in Windows 10 you could drive a truck thru, and just like everything else Microsoft doesn't patch, these haven't been patched either. The most famous and unknown to 99.99999% of the world is a hole that has been there since Windows 3.1 and still not patched and can be used by anybody that knows where it is to take over another computer. I am sure the NSA, CIA, and FBI know about it, and probably other intelligence agencies in other countries. Microsoft has not been able to secure Windows in 35 years of trying so users need to take the steps necessary to secure themselves. All the patches and updates in the world are not going to protect you, they are only going to open up more vulnerabilities as the last 35 years has proven, otherwise we would have an ironclad operating system. Link to comment Share on other sites More sharing options...
tao Posted May 17, 2017 Author Share Posted May 17, 2017 1 hour ago, straycat19 said: ...Microsoft has not been able to secure Windows in 35 years of trying so ... Mankind has not not been able to secure themselves since their origination millions of years ago, eh. The only security is knowing that there is no 'perfect' security; insecurity is the other side of the same coin; they can't be separately had; and living this way -- without chasing the impossible -- is the only 'sane' way of living. Microsoft is doing a wonderful job with such a complex software, with a zillion components, a zillion third-party programs, a zillion permutations and combinations; and a zillion hackers -- and a zillion critics, always hollering. Isn't it a miracle that the damn thing works as much as it works, minute by minute, hour after hour, day after day, month after month, and year after year! Kudos to human creativity (both the so-called positive and the so-called negative; two sides of one coin.) Kudos to Microsoft! [And let's not forget our gratitude to Microsoft, whose bugs, processes, and procedures contribute to this forum's continued existence, eh. Let's be 'honesty' loyal to Microsoft. ] Link to comment Share on other sites More sharing options...
tao Posted May 17, 2017 Author Share Posted May 17, 2017 58 minutes ago, saeed_dc said: This AV is good protection for it too https://padvish.com/index.php/en/ (practical protection.) Keeping in mind (the caution): "What security is there for us here in her caravanserai when every moment camel bells cry, "Pack up the loads!"?" ~ Hafiz Sane Living: "Run from what's comfortable. Forget safety. Live where you fear to live. Destroy your reputation. Be notorious. I have tried prudent planning long enough. From now on I'll be mad.” ~ Rumi. Link to comment Share on other sites More sharing options...
Sylence Posted May 17, 2017 Share Posted May 17, 2017 1 hour ago, adi said: (practical protection.) Keeping in mind (the caution): "What security is there for us here in her caravanserai when every moment camel bells cry, "Pack up the loads!"?" ~ Hafiz Sane Living: "Run from what's comfortable. Forget safety. Live where you fear to live. Destroy your reputation. Be notorious. I have tried prudent planning long enough. From now on I'll be mad.” ~ Rumi. God of poems, Adi Link to comment Share on other sites More sharing options...
steven36 Posted May 17, 2017 Share Posted May 17, 2017 3 hours ago, straycat19 said: Microsoft has not been able to secure Windows in 35 years of trying so users need to take the steps necessary to secure themselves. All the patches and updates in the world are not going to protect you, they are only going to open up more vulnerabilities as the last 35 years has proven, otherwise we would have an ironclad operating system. Actually when windows 1st came out there were no windows updates at all they didn't even care. Windows Update was introduced as an Internet web site with the launch of Windows 95, 21 years ago , Still there security was crap even on fully patched systems up until like Windows 7 came out ,everybody that was using XP when it was still a pup use too have install 3rd party firewalls . 3rd party Antivirus , 3rd party anti spyware programs to try to even stay protected . One time on XP before SP2 came out I caught a Virus from Windows update website because I just had reformatted and had not installed a 3rd party firewall yet . Virus could get right by the old Windows XP firewall before SP2 . It's a joke over on the Linux forums that when you visit the Windows forums there always one user in every forum trying too be helpful telling you too install 5 of this 3 of that and 2 of this and that should fix it. 3 hours ago, straycat19 said: The best protection against ransomware is not to do stupid things. Stupid things include clicking on a link in an email or downloading and opening an email attachment. Most people aren't smart enough to know how to check a link in an email to see where it is really going and no one should ever download an email attachment. Too bad most commercial ISPs don't take the steps that big business and government take on removing links and attachments in emails. If we want to send a link to someone we type it out in text only, like hxxp://google.com/nomalwarehere.html and everyone knows to copy and replace the x with t. Attachments are not allowed and contractors and other agencies know to upload any documents to our ftp server where they are scanned multiple times before being made available to the intended recipient. This was a Windows Exploit I was reading over bleeping computer were there were some caught this and they didn't do nothing and they caught this . The stupid thing they done was not do windows updates . Quote Makpptfox My dedicated server have been hit by WannaDecryptor but i've done nothing that could have leaded to an infection of it, how is it possible ? (and by nothing, I mean litterally nothing, It was on a standby since 3 days, I've connected via the windows remote desktop sooner today and tonight I was infected) Quote Terrum Which Server OS version do you use? If it's Server 2008, it's probable that you haven't used Windows Update to fix the critical exploit that was deployed back in March to fix this. I'm guilty of this also - but I can't seem to find which KB fixes this exploit. Quote Terrum It's a Windows exploit, which is why Windows Updates exist - to fix these exploits. You didn't have to visit any dangerous sites and you didn't have to download any files. An exploit in Windows will let a hacker put files into your computer as they wish. Which is why it's always good to keep your computer up-to-date with Windows Update. https://www.bleepingcomputer.com/forums/t/646476/wannacry-wncry-wanacrypt0r-wana-decrypt0r-ransomware-help-support-topic/ These 3rd party programs are useless though because the flaw is already been patched in windows in March .. There has already been 2 or 3 new kinds of rasomware came out by now infecting people and site is posting about this one. Link to comment Share on other sites More sharing options...
tao Posted May 17, 2017 Author Share Posted May 17, 2017 13 minutes ago, saeed_dc said: God of poems, Adi (Banda) Servant. When enough is enough, What use is any more -- Baradar? Link to comment Share on other sites More sharing options...
steven36 Posted May 17, 2017 Share Posted May 17, 2017 5 minutes ago, 0bin said: https://www.cvedetails.com/vulnerability-list/cvssscoremin-9/cvssscoremax-10/vulnerabilities.html People have just been lucky for a lot of years now , new vulnerability come out in Windows and other OS every day and Microsoft has been very slack at patching them they have 3 mths before it gets reviled , but how smart is it for Google and others to post unpatched exploits too the public ? All it takes is some that have tools that can make the exploit spread as a worm or Virus and it can take out 1000s maybe millions in a few days before a patch can even be made ! Link to comment Share on other sites More sharing options...
steven36 Posted May 17, 2017 Share Posted May 17, 2017 6 minutes ago, 0bin said: Who tells if not already happen? It's just like on Linux the other day in Ubuntu they found were a hacker could exploit the Guest login they didn't wait 3 mths to do something they sent out a update to disable Guest logins tell they fixed it. On windows you have to wait anywhere from 3mths to a year to get a patch . Stuff like this needs too stop but posting exploits to the public is not the right way to get them fixed . Because there not fixed yet and vendors already know about them . They need too pass a law that if a vendor dont patch before 30 days they can be sued and that will get them on the ball. Link to comment Share on other sites More sharing options...
Sylence Posted May 17, 2017 Share Posted May 17, 2017 42 minutes ago, adi said: (Banda) Servant. When enough is enough, What use is any more -- Baradar? Are you by any chance Persian? Link to comment Share on other sites More sharing options...
steven36 Posted May 17, 2017 Share Posted May 17, 2017 27 minutes ago, 0bin said: Global speaking, no law, no one is ever agree with another, sometime only simpathy and on real stuff they s... like climate change that affect every robot breathing on planet Earth. Different approach, different results, the package approach of Linux is the winning one. About public or private, I don't know, no one wanna cry, right? There is no excuse $290 billion company like Microsoft who don't even pay there beta testers to not patch faster when open source witch mostly gets donations patches everything they find with in 1-3 days . They save enough on beta testing to pay researchers for better security and hire researchers. Look at how much money Google spend on it a year and they find a lot problems in Windows and other OS too ..If it not for Google research it would take years in some cases to get a patch. Microsoft don't have any new ideas anymore they buy them for all the money they spend on things that mostly fail and spend on lawyers because of things that's wrong with there products because there being drug in too court they could make a safer OS . People use to use the excuse that Windows has more users than anyone else is the reason they have more malware . But this year that excuse was proved to be just a invalid excuse .Because Android has more users than windows now and still they have less malware and Google is paying big money too stop what malware they do have. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted May 17, 2017 Administrator Share Posted May 17, 2017 As no one mentioned already, I will do, excellent posts, helpful and nice work posting them here. I do not know much about filesharing on WAN/LAN and I'm still learning, but I do know that almost all the computers with SMB and filesharing in the OS enabled are not necessarily hackable as long as their account are password protected, that is all I can say from my personal testing done. As for protection, I do believe companies are legally liable to protect their users as long as users use the updated and supported products I think. Link to comment Share on other sites More sharing options...
steven36 Posted May 17, 2017 Share Posted May 17, 2017 22 minutes ago, DKT27 said: As for protection, I do believe companies are legally liable to protect their users as long as users use the updated and supported products I think. I posted a article on this yesterday the experts will argue with you about this Microsoft has strong protection against this. WannaCry ransomware: Other companies can be sued for their lax cyber security, but not Microsoft http://tech.firstpost.com/news-analysis/wannacry-ransomware-other-companies-can-be-sued-for-their-lax-cyber-security-but-not-microsoft-say-experts-376402.html Microsoft's Rep is already damaged the only reason they care is they don't want too lose there user base too something else . They only patch to make the end user have a sense of security . If they were liable they could be sued for shunting off updates on OS that still have millions of users on them. and forcing people too buy new software and hardware.for there own profit Link to comment Share on other sites More sharing options...
tao Posted May 17, 2017 Author Share Posted May 17, 2017 32 minutes ago, saeed_dc said: Are you by any chance Persian? No, but, feel not that i'm not. Not Christian or Jew or Muslim, not Hindu ,Buddhist, Sufi, or Zen. Not any religion or cultural system. I am not from the East or the West, [...] I do not exist, [...] My place is placeless, [...] I belong to the beloved, [...] first, last, outer, inner, only thatbreath breathing human being. ~ Rumi To tie to the present technical article thread: Ransomware-proof -- without any protection. Completely vulnerable -- yet perfectly safe, Baradar! Link to comment Share on other sites More sharing options...
tao Posted May 17, 2017 Author Share Posted May 17, 2017 11 minutes ago, 0bin said: ... अद्रॊहम अविसंवादं परवर्तन्ते तदाश्रयाः ...dismiss all grounds of quarrel and uniting with one another ... An ancient Sanskrit Prayer (For ever and ever): ॐ सर्वे भवन्तु सुखिनः। सर्वे सन्तु निरामयाः। सर्वे भद्राणि पश्यन्तु। मा कश्चित् दुःख भाग्भवेत्॥ ॐ शान्तिः शान्तिः शान्तिः ॥ May all be happy! May all be healthy! May all see goodness! May none suffer! Peace! Link to comment Share on other sites More sharing options...
Sylence Posted May 17, 2017 Share Posted May 17, 2017 12 minutes ago, adi said: No, but, feel not that i'm not. Not Christian or Jew or Muslim, not Hindu ,Buddhist, Sufi, or Zen. Not any religion or cultural system. I am not from the East or the West, [...] I do not exist, [...] My place is placeless, [...] I belong to the beloved, [...] first, last, outer, inner, only thatbreath breathing human being. ~ Rumi To tie to the present technical article thread: Ransomware-proof -- without any protection. Completely vulnerable -- yet perfectly safe, Baradar! You sir are an Interesting human being Link to comment Share on other sites More sharing options...
tao Posted May 17, 2017 Author Share Posted May 17, 2017 3 minutes ago, saeed_dc said: You sir are an Interesting human being Please let me remain free of the burden of 'being interesting.' Just remaining a human is a 'complete job'. [If interested, please read Hafiz's "Being Human". ] Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted May 17, 2017 Administrator Share Posted May 17, 2017 @0bin and @adi: You guys are on a roll. Really, nice to see this, all of it. Link to comment Share on other sites More sharing options...
Sylence Posted May 21, 2017 Share Posted May 21, 2017 Link to comment Share on other sites More sharing options...
Recruit Posted May 21, 2017 Share Posted May 21, 2017 Which is the source for this fu*ki*g sh*t ? My country appears to chart but I haven't heard something concretely, only some isolated cases were shown to tv & press. While in the UK lots of computers only from NHS were compromised , not to talk about the others, the whole world heard about that, end even so, the UK is not into the chart. Link to comment Share on other sites More sharing options...
Sylence Posted May 21, 2017 Share Posted May 21, 2017 12 minutes ago, Recruit said: Which is the source for this fu*ki*g sh*t ? My country appears to chart but I haven't heard something concretely, only some isolated cases were shown to tv & press. While in the UK lots of computers only from NHS were compromised , not to talk about the others, the whole world heard about that, end even so, the UK is not into the chart. someone from Ukraine gave it to me Link to comment Share on other sites More sharing options...
steven36 Posted May 21, 2017 Share Posted May 21, 2017 1 hour ago, Recruit said: Which is the source for this fu*ki*g sh*t ? My country appears to chart but I haven't heard something concretely, only some isolated cases were shown to tv & press. While in the UK lots of computers only from NHS were compromised , not to talk about the others, the whole world heard about that, end even so, the UK is not into the chart. The source was kaspersky https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/ Link to comment Share on other sites More sharing options...
Recruit Posted May 21, 2017 Share Posted May 21, 2017 25 minutes ago, steven36 said: The source was kaspersky https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/ Yeah, I understood more now : the chart is from the beginning of the attack and it shows the situation for about 45000 computers and maybe a bit more. But until present more than 300000 were compromised so the chart is not so relevant for these days, considering that it does not show nor even half of them ...... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.