Technical Discussion
  >> Windows Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | [3] | 4 | 5 | (show all)   Print Thread
Standard User ian72
(eat-sleep-adslguide) Tue 16-May-17 14:49:02
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
But whether or not that's good enough alone to protect my machine against this Wannacrypt and similar malware I don't know


I don't believe it is. It depends on which route you got it but if it came in via the SMBv1 unpatched vulnerability then I don't believe MSE would ever see it to be able to stop it. Plus, MSE is only able to stop things it already knows about - for a time it would be a "zero day" vulnerability and so MSE wouldn't know how to detect it for at least a number of hours.

Keeping systems patched and malware checkers up to date and firewalls properly configured are all part of the process - also not being caught by social engineering such as phishing emails. And once you've done all that you could still get caught out...
Standard User meditator
(fountain of knowledge) Tue 16-May-17 15:32:58
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
The Microsoft article to which I referred stated that Windows Defender and MSE would both detect the malware. The author gave a definition version no. beyond which the user's machine, if using either of these clients, would be safe. I checked and, with the latest updates that MSE did on Friday last when I turned the XP machine on, my MSE was well up-to-date.

My thoughts thereafter centred on finding a way to get the Windows update that Microsoft and the broadcasting media were all talking about, as I preferred a belt-and-bracers approach.
Standard User meditator
(fountain of knowledge) Tue 16-May-17 15:48:36
Print Post

Re: What's the URL of the latest Windows Update website?


[re: caffn8me] [link to this post]
 
Ah, but aren't you assuming that the download could only ever consist of a single file? Instead, the downloaded file could be made a zip, say, containing not only the active file itself but also a separate text file. And so surely the hash value of the active file (the ubiquitous upgrade, in this instance) could be given in that text file - preferably, with an explanation? Why put people off and raise their suspicions by including something in the filename that looks like an encryption? That's just bad PR. Remember, this has been a special, one-off update file that's been issued. There'll be lots of users, I'm sure, who'll be unfamiliar with the naming of files in this way.


Register (or login) on our website and you will not see this ad.

Standard User TinyMongomery
(knowledge is power) Tue 16-May-17 15:50:04
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
Although an SMB vulnerability is hardly likely to affect a home user. The malware could on reach them via an email.

==================================
Sovereignty really does mean sovereignty
Standard User ian72
(eat-sleep-adslguide) Tue 16-May-17 16:01:07
Print Post

Re: What's the URL of the latest Windows Update website?


[re: TinyMongomery] [link to this post]
 
Why wouldn't it? The ability to share files between windows machines has been around since windows for workgroups. When connecting to a new network windows will ask if you want to enable file sharing. So, even if someone doesn't know it they will have SMB enabled in the background - they don't have to be actively using it.

At present it appears they haven't been able to find how the vulnerability got in to networks - they have no patient zero identified to find out if it was email, dodgy website, bad firewall settings, etc. Once inside a home network via any of these routes it could infect any other windows devices on that network using the SMB vulnerability.
Standard User caffn8me
(eat-sleep-adslguide) Tue 16-May-17 16:08:00
Print Post

Re: What's the URL of the latest Windows Update website?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
Ah, but aren't you assuming that the download could only ever consist of a single file? Instead, the downloaded file could be made a zip, say, containing not only the active file itself but also a separate text file. And so surely the hash value of the active file (the ubiquitous upgrade, in this instance) could be given in that text file - preferably, with an explanation? Why put people off and raise their suspicions by including something in the filename that looks like an encryption? That's just bad PR. Remember, this has been a special, one-off update file that's been issued. There'll be lots of users, I'm sure, who'll be unfamiliar with the naming of files in this way.
You would want a hash value for the zip file itself to ensure it hadn't been tampered with. If you can tamper with an executable file included as part of a zip, you can tamper with the text file in the zip that contains the hash value.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs

Edited by caffn8me (Tue 16-May-17 16:09:18)

Standard User ian72
(eat-sleep-adslguide) Tue 16-May-17 16:10:58
Print Post

Re: What's the URL of the latest Windows Update website?


[re: caffn8me] [link to this post]
 
Or consider the fact that if I want to tamper with the file I can change it and then just rename it with the new hash...

Unfortunately if you can tamper with the file then renaming it is child's play.

Pretty sure hashes were originally used to ensure the file hadn't corrupted in transmission rather than to prove it hadn't been changed by a malicious actor.

Edited by ian72 (Tue 16-May-17 16:11:54)

Standard User caffn8me
(eat-sleep-adslguide) Tue 16-May-17 17:19:03
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
Yes, you can rename it.

Hashes can be used to verify data integrity to ensure there hasn't been any accidental corruption and authenticity to show that there hasn't been any anauthorized modification to the software [example].

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User Oliver341
(eat-sleep-adslguide) Wed 17-May-17 13:47:51
Print Post

Re: What's the URL of the latest Windows Update website?


[re: ian72] [link to this post]
 
In reply to a post by ian72:
At present it appears they haven't been able to find how the vulnerability got in to networks

My guess is that these networks had SMB ports open to the whole of the internet (terrible idea), which explains why so many networks were infected within a short space of time. Home users will almost always have their ports firewalled behind a NAT router, in addition to the Windows Firewall, so they should be safe.

Oliver.
Standard User ian72
(eat-sleep-adslguide) Wed 17-May-17 14:50:19
Print Post

Re: What's the URL of the latest Windows Update website?


[re: Oliver341] [link to this post]
 
It is possible but I think unlikely that most of these large organisations would have punched holes in their firewalls to allow SMB in. I do not believe that is the route it got in - far more likely it was via malware on a website or a phishing email but at this point they haven't found the root cause.
Pages in this thread: 1 | 2 | [3] | 4 | 5 | (show all)   Print Thread

Jump to