We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Nhs network security
Comments
-
The worm exploits a buffer overrun in the SMB1 protocol.
This exists in all instances of windows (XP, vista, 7 8 and 10)
It got patched a month or so ago for W10 users, and M$ have even taken the unprecendented step of releasing a patch for XP (unsupported OS)
The problem is NOT XP computers.
By the by, it is a myth that most of the NHS runs on XP machines.
That "figure" came from research where 10 trusts were polled and 90% of them had at least ONE machine running XP.
So that could be as little as 9 machines running XP (although the real figure is going to be more)0 -
Think the actual figures for XP usage in NHS England and Wales is around the 4.8% mark.Laters
Sol
"Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"0 -
Think the actual figures for XP usage in NHS England and Wales is around the 4.8% mark.
Don't think you're far out.
On this evenings 6 o' clock news on Radio 4, thought I heard that they (whoever they?) had reduced the percentage of XP from 20% to 5% in last 18 mths.Move along, nothing to see.0 -
Think the actual figures for XP usage in NHS England and Wales is around the 4.8% mark.
Worryingly, one of the main reasons for XP is IE6. If people were running XP with a more modern browser, the risks would be bad enough, but at least transition would be easier. But XP with IE6 is a disaster area for security _and_ is hard to move off, because IE6. You can run most XP applications on Windows 7 or later, as there's pretty good support for legacy binaries, but you can't run IE6 without using a full-blown XP VM, which brings all the XP risks along with it (I'd welcome corrections on that: I'm not a Windows admin, nor these days do I have them working for me).
I recall having blazing rows with application developers - a truculent breed, at best - who insisted that if their rotten applications wouldn't work with Netscape, which I needed as I had a lot of Unix workstations in the estate, it was my fault for having users with browsers that didn't support the IE6 madness.
If you're entrenched with IE6-only applications, which are probably themselves unsupported, then shifting off XP is very hard indeed. I think that, plus the embedded space, probably accounts for a lot of the hardcore staybehinds.0 -
MS used to offer VHDs for various older versions of IE. I haven't used them so I can;t vouch if they would still exhibit the SMB vulnerabilities though, moot point I guess since "horse has bolted" already :cool:securityguy wrote: »Worryingly, one of the main reasons for XP is IE6. If people were running XP with a more modern browser, the risks would be bad enough, but at least transition would be easier. But XP with IE6 is a disaster area for security _and_ is hard to move off, because IE6. You can run most XP applications on Windows 7 or later, as there's pretty good support for legacy binaries, but you can't run IE6 without using a full-blown XP VM, which brings all the XP risks along with it (I'd welcome corrections on that: I'm not a Windows admin, nor these days do I have them working for me).
I recall having blazing rows with application developers - a truculent breed, at best - who insisted that if their rotten applications wouldn't work with Netscape, which I needed as I had a lot of Unix workstations in the estate, it was my fault for having users with browsers that didn't support the IE6 madness.
If you're entrenched with IE6-only applications, which are probably themselves unsupported, then shifting off XP is very hard indeed. I think that, plus the embedded space, probably accounts for a lot of the hardcore staybehinds.4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy0 -
I know there are pros and cons with all security systems and differing views of efficacy......but I am a fan of Zone Alarm.
So on the subject of protection is the email message I have received worth it's weight in gold or should I just tell myself 'oh yeah?'
(I already have it -extreme security, that is - by the way; am I fooling myself?)
0 -
Run this in an elevated command prompt to disable SmbV1 ..
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled0 -
Oops, posted my earlier post to the wrong thread! Should have been to Ransomeware Defence! How can I transfer it to the correct thread?0
-
Thanks for the post Andy. Can you explain what that executive does? Some will appreciate the ability to modify but I suspect the vast majority of people will just want a system that is protected without user intervention!0
-
It just disables SmbV1 , which is the method this worm uses to propogate around a network ..
Basically, it stops the thing being able to spread to other computers within your network.
(more aimed at anyone administering a work network really but the same does apply to home use)
There is no reason to leave SMBv1 enabled, and this is a "one time fix" meaning once its disabled it stays disabled. So theres not really a reason not to do it 0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 619.9K Mortgages, Homes & Bills
- 176.5K Life & Family
- 255.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- Read-Only Boards