Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • whattochoose
    • By whattochoose 12th May 17, 8:18 PM
    • 268Posts
    • 72Thanks
    whattochoose
    Ransomware defense.
    • #1
    • 12th May 17, 8:18 PM
    Ransomware defense. 12th May 17 at 8:18 PM
    In view of the NHS ransomware attacks today, which I believe have also affected many other organisations in the world, can members recommend the best defense when guarding one's own PC?
    I have Kaspersky Internet Security and use Malwarebytes (free version) randomly, but is this enough?
    Thank you.
Page 3
    • Tarambor
    • By Tarambor 15th May 17, 8:51 PM
    • 767 Posts
    • 489 Thanks
    Tarambor
    Linux is not secure. Linux distros contain software packages that have their own wide gaping hole sized vulnerabilities and with vulnerabilities like this and the one disclosed by Google the other week, would be most unlikely to be fixed as quick as Microsoft did. Microsoft have a very good track record for fixing exploits and those who got hit by the one in the news did so because they didn't keep their software up to date as Microsoft released a fix through Windows Update 2 months ago.

    Difference is few Linux desktops get exploited because it isn't as profitable due to the small market share. You'd be as secure as Linux running Windows 98.
    • DavidP24
    • By DavidP24 16th May 17, 9:55 AM
    • 1,751 Posts
    • 1,065 Thanks
    DavidP24
    I think questions need to be asked about the involvement of the security services here.

    They discovered the vulnerability but did not report it, instead they wrote an exploit called Blue Thunder on which the WannaCrtypt exploit is based.

    In fact it was only discovered that they did this because of leaks.

    Microsoft issued fix on March 14th along with two other Critical issues fixes.
    Thanks, don't you just hate people with sigs !
    • AndyPix
    • By AndyPix 16th May 17, 9:57 AM
    • 2,385 Posts
    • 1,556 Thanks
    AndyPix
    We are all kidding ourselves if we think they dont have rooks more of these exploits shelved for when they need them ..


    Remember Stuxnet, clearly state sponsored - That utilised 3 , yes 3 !! zero day exploits ..
    • psychic teabag
    • By psychic teabag 16th May 17, 10:07 AM
    • 2,573 Posts
    • 1,520 Thanks
    psychic teabag
    Linux is not secure. Linux distros contain software packages that have their own wide gaping hole sized vulnerabilities and with vulnerabilities like this and the one disclosed by Google the other week, would be most unlikely to be fixed as quick as Microsoft did. Microsoft have a very good track record for fixing exploits and those who got hit by the one in the news did so because they didn't keep their software up to date as Microsoft released a fix through Windows Update 2 months ago.

    Difference is few Linux desktops get exploited because it isn't as profitable due to the small market share. You'd be as secure as Linux running Windows 98.
    Originally posted by Tarambor
    I was thinking about this the other day (in context of the NHS thing). One big difference is that Linus is very insistent on keeping kernel interfaces backwards-compatible. One reason cited for not updating from Windows XP is that custom programs may no longer run. But with linux, it should be possible in principle to upgrade to the very latest kernel without touching any of the user-mode stuff at all. (I don't know if works like that in practise, but that's the theory. Obviously custom drivers may have to be updated from time to time as the internal kernel interfaces change, but that should be well documented, and it should be possible to speak to the kernel specialists directly for help. And if a new kernel doesn't work, you can trivially boot into an older one until issues can be resolved.)

    Also, the user-mode packages generally don't need root access. And network daemons and services typically run with their own uid/gid, so if they're compromised, they have limited scope to trash the entire system. Obviously a compromise to a program you're running in your own account, such as a browser, can trash all your personal data - bit harder to mitigate against that.

    I'm not entirely convinced that MS are better than the free software community at fixing flaws, but not taking that one on. It's partly down to whether the problems are discovered by the good guys (developers notified before going public) or the bad guys (exploit happens first).
    • Tarambor
    • By Tarambor 16th May 17, 9:15 PM
    • 767 Posts
    • 489 Thanks
    Tarambor
    Unfortunately the kernel is the least of your worries. More of a problem is the graphical server and the desktop manager, other packages which your application may rely on which have been regressed and configuration file relocations in newer versions of Linux distros. Even some CLI bash commands commonly used a few years ago can no longer be found in some distros. An example would be ifconfig which is one I recently came across in Arch Linux that no longer exists because the distro dropped it as a default part of the distribution quite some time ago.
    • esuhl
    • By esuhl 16th May 17, 9:34 PM
    • 7,303 Posts
    • 5,191 Thanks
    esuhl
    Unfortunately the kernel is the least of your worries. More of a problem is the graphical server and the desktop manager, other packages which your application may rely on which have been regressed and configuration file relocations in newer versions of Linux distros. Even some CLI bash commands commonly used a few years ago can no longer be found in some distros. An example would be ifconfig which is one I recently came across in Arch Linux that no longer exists because the distro dropped it as a default part of the distribution quite some time ago.
    Originally posted by Tarambor
    That's just down to the distribution using different packages by default. You can use net-tools (which contains ifconfig) instead of iproute2 if you want. They're available in the Core repository:

    https://www.archlinux.org/packages/?q=net-tools

    If the NHS were going to use GNU/Linux, they'd develop their own custom distro. So it would be up to them if they wanted to stick with one package or migrate to another.
    • eset12345
    • By eset12345 16th May 17, 10:29 PM
    • 585 Posts
    • 931 Thanks
    eset12345
    1) Use common sense. Don't open email attachments from Great Aunt Mary that you have any doubt over whatsoever.

    2) Use common sense. Don't click "yes" on everything that comes up on screen no matter how good the "deal" is.

    3) Use common sense. If in doubt, don't. You don't cross the road without looking, why click on stuff without reading?

    4) Use common sense.

    Did I mention use common sense?
    Originally posted by Neil Jones
    obviously you don't drive.

    not a day goes by that some lemming doesn't attempt to commit suicide.

    common sense, that thing that's not all that common.
    • wingates
    • By wingates 16th May 17, 10:45 PM
    • 122 Posts
    • 38 Thanks
    wingates
    Vista
    I run Vista and have been told there is a patch even though it is no longer supported. I have update checking but it just hangs at "checking for updates". Any advice?
    A watched pot always boils.
    • I have spoken
    • By I have spoken 16th May 17, 11:05 PM
    • 4,782 Posts
    • 9,503 Thanks
    I have spoken
    http://www.catalog.update.microsoft.com/Search.aspx?q=MS17-010
    • Neil Jones
    • By Neil Jones 17th May 17, 8:50 AM
    • 528 Posts
    • 269 Thanks
    Neil Jones
    obviously you don't drive.

    not a day goes by that some lemming doesn't attempt to commit suicide.

    common sense, that thing that's not all that common.
    Originally posted by eset12345
    I do drive actually but that wasn't my point. And anyway if somebody wants to commit suicide by being run over they'll have to look for a car coming anyway. Pointless jumping out into the middle of the road and then not getting squashed or hit, really.
    • anotheruser
    • By anotheruser 17th May 17, 8:57 AM
    • 2,481 Posts
    • 1,486 Thanks
    anotheruser
    Depends what sort of user you are.

    Most people will load their PC up with all sorts of protection, which eventually slow down and kill the PC.

    I, personally, simply keep my system updated and use Microsoft's in-built options.

    I use Chrome with an Ad-block, which generally works okay.

    I don't click on any links I'm not sure about.

    I NEVER click on links in emails (although hover over the link and near the bottom of the screen, it should give you the link).

    Keep your personal files updated regularly.
    I don't use "Documents" or "Music" or the default folders Microsoft suggest. All mine are stored on a separate hard drive so, while they could still get encrypted, it's so much easier to back it up automatically.


    I almost wonder how people manage to infect themselves. I'd struggle on the sites I usually visit.
    • AndyPix
    • By AndyPix 17th May 17, 9:05 AM
    • 2,385 Posts
    • 1,556 Thanks
    AndyPix
    <snip> Any advice?
    Originally posted by wingates

    Ditch Vista
    • psychic teabag
    • By psychic teabag 17th May 17, 11:03 AM
    • 2,573 Posts
    • 1,520 Thanks
    psychic teabag
    Unfortunately the kernel is the least of your worries. More of a problem is the graphical server and the desktop manager, other packages which your application may rely on which have been regressed and configuration file relocations in newer versions of Linux distros. Even some CLI bash commands commonly used a few years ago can no longer be found in some distros. An example would be ifconfig which is one I recently came across in Arch Linux that no longer exists because the distro dropped it as a default part of the distribution quite some time ago.
    Originally posted by Tarambor
    That was entirely my point : you can upgrade the kernel to fix security flaws at that level without touching the usermode stuff at all. Because of the backwards compatilbitly of the kernel interfaces, all the old user-mode software should (ideally) continue to run just fine.

    yes, there can also be flaws in the user-mode stuff, but they *tend* not to be able to do systemic damage.
    • psychic teabag
    • By psychic teabag 17th May 17, 11:07 AM
    • 2,573 Posts
    • 1,520 Thanks
    psychic teabag
    If the NHS were going to use GNU/Linux, they'd develop their own custom distro. So it would be up to them if they wanted to stick with one package or migrate to another.
    Originally posted by esuhl
    Hmm - I had heard that one of the big problems is "the NHS" is now just a loose collection of independent trusts who do their own thing. Each was now responsible for making its own arrangements with MS for XP support, for example.

    Is there still a central bit of NHS that could make their own linux distro. (With the trusts as clients all with different demands - some demanding that nothing change, others wanting the latest and greatest of everything.)

    EDIT: this should probably be in the specific NHS security thread, rather generic thread about ransomware.
    • 50Twuncle
    • By 50Twuncle 18th May 17, 10:13 AM
    • 7,510 Posts
    • 1,737 Thanks
    50Twuncle
    Does this ENCRYPTION software, make your HDD a placemat (ie is it non-recoverable - by formatting and reinstalling Windows) ? Nope !!
    THEN BACK UP REGULARLY !!
    If you are hit - it should be a simple job to recover your data
    Or try a VIRTUALBOX virtual disk - if that gets hit - your main partition is safe - you simply delete the Virtual Disk and start again !
    • Jivesinger
    • By Jivesinger 18th May 17, 1:00 PM
    • 1,161 Posts
    • 691 Thanks
    Jivesinger
    Or try a VIRTUALBOX virtual disk - if that gets hit - your main partition is safe - you simply delete the Virtual Disk and start again !
    Originally posted by 50Twuncle
    I wouldn't bank on it - you can access the IP address of the host computer from within a VirtualBox session, and the worm which caused the fuss this week uses IP addresses to spread itself to any networked computer without the patch.

    Once a computer on the network is infected, any networked computer can be infected - no-one needs to click on an infected email or link or similar.

    It's possible that VirtualBox has some technology to stop this sort of SMB1 traffic, but as I said, I wouldn't bank on it.
    • AndyPix
    • By AndyPix 18th May 17, 1:09 PM
    • 2,385 Posts
    • 1,556 Thanks
    AndyPix
    It is trivial to disable SMBv1 with a 2 line batch file
    • novirus
    • By novirus 18th May 17, 4:29 PM
    • 2 Posts
    • 3 Thanks
    novirus
    this is not for you home PC
    In a company setting you need to get rid of everyone group, enable restore points, enable dfs and publish all your shares to DFS, never use the share name, but use the dfs name. Yes it may not catch everything

    for you home PC
    On a very separate PCs, one being virtual and one could be linux. no network connection between the two. every day do a snapshot on the vm
    • jshm2
    • By jshm2 18th May 17, 5:09 PM
    • 255 Posts
    • 115 Thanks
    jshm2
    The quickest way to stop 90% of ransomware/malware is to have group policy setup to stop programs running in your working app directories.

    This way, nothing runs in "drive by" or in attachments until you actually save it elsewhere and load it. There are many people dumb enough to click attachments and links they don't know. At least this way no code runs with them doing so.

    The NHS (like most multi site corporate networks) has the end users as "admins" by default on the machines and no group policies setup. Hence an infection on one is going to spread pretty quick. Rather ironic than it would happen to an organisation which should know a lot about infection vectors and containment.
    • AndyPix
    • By AndyPix 19th May 17, 8:48 AM
    • 2,385 Posts
    • 1,556 Thanks
    AndyPix
    The NHS (like most multi site corporate networks) has the end users as "admins" by default on the machines and no group policies setup. Hence an infection on one is going to spread pretty quick.
    Originally posted by jshm2

    No, no they dont . Not atall. Not one little bit.
    Neither the NHS or ANY multisite corperate network !!


    You may get the odd remote VPN worker set up as admin but thats it ..



    No group policy ???? What networks have you been looking at ? that is crazy
    Where on earth did you get that from ??


    FYI this ransomware didnt need the user to be admin to spread, it exploited a flaw in SMBv1.
    Sheesh
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

175Posts Today

1,423Users online

Martin's Twitter