Windows 10: WannaCry

Page 1 of 4 123 ... LastLast
  1.    15 May 2017 #1

    WannaCry


    I saw on TV that the WannaCry Ransom Virus will be blocked if your Windows Updates are up-to-date.

    Which upgrade do I need stop the latest ransom from England or where ever?

    I just received my last Update around 5/11/2017. The only thing different, that I see, is that the border around the Windows was black now it's no color (flat).

    Is this the one with ransom update?

    I had this virus before. It's easy to get out with Kaspersky. But you will loose all your document if you haven't backed them up.

    Don Cole
      My ComputerSystem Spec


  2. Posts : 4,512
    10 Home x64 (1709) (10 Pro on 2nd pc)
       15 May 2017 #2

    doncole said: View Post
    I just received my last Update around 5/11/2017... Is this the one with ransom update?
    I think the previous month's update was the first to have the fix in it. If Windows Update says you are up to date then you're protected.
      My ComputersSystem Spec


  3. Posts : 2,865
    Windows 10.4 Home 1709 x64
       16 May 2017 #3

    doncole said: View Post
    I saw on TV that the WannaCry Ransom Virus will be blocked if your Windows Updates are up-to-date.
    That is partially true. Windows updates prevent you from being infected by this without your intervention.
    But you could still get infected, if you would run it by yourself, like by running an unknown email attachment.

    doncole said: View Post
    I had this virus before. It's easy to get out with Kaspersky. But you will loose all your document if you haven't backed them up.
    That is why, you always need to do regular backups. AV will usually not detect it, until after it is too late.
      My ComputerSystem Spec

  4.    16 May 2017 #4

    doncole said: View Post
    I saw on TV that the WannaCry Ransom Virus will be blocked if your Windows Updates are up-to-date.

    Which upgrade do I need stop the latest ransom from England or where ever?

    I just received my last Update around 5/11/2017. The only thing different, that I see, is that the border around the Windows was black now it's no color (flat).

    Is this the one with ransom update?

    I had this virus before. It's easy to get out with Kaspersky. But you will loose all your document if you haven't backed them up.

    Don Cole
    Hi Don,
    Just to be clear:
    The WCry ransomware does 2 things:
    1. it encrypts your data for a ransom
    2. it spreads via a worm which exploits an SMB1 vulnerability
    So, updating your system closes the SMB1 vulnerability and prevents the thing from spreading, but it can still infect your system.

    See this post for the link to the Security Bulletin:
    Privacy and Security Ė How do I Protect Myself ? - Page 4 - Windows 10 Forums

    You want to make sure the particular KB is installed for your OS.
    .
      My ComputerSystem Spec

  5.    16 May 2017 #5

    Another option is to simply disable SMB1 in Windows, to prevent spreading.

    Click image for larger version. 

Name:	image.png 
Views:	118 
Size:	23.9 KB 
ID:	135335

    This will not, however, prevent encryption.
      My ComputerSystem Spec


  6. Posts : 2,096
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)
       17 May 2017 #6

    simrick said: View Post
    Another option is to simply disable SMB1 in Windows, to prevent spreading.

    Click image for larger version. 

Name:	image.png 
Views:	118 
Size:	23.9 KB 
ID:	135335

    This will not, however, prevent encryption.
    Do any essential programs / services need SMB 1.0 support?
      My ComputersSystem Spec

  7.    17 May 2017 #7

    Steve C said: View Post
    Do any essential programs / services need SMB 1.0 support?
    I can't remember exactly, but seems someone said you might lose access to a NAS if it's setup that way (which supposedly it shouldn't be?) Not too sure - would have to google that myself.
      My ComputerSystem Spec

  8.    17 May 2017 #8

    Here is some information on SMB 1.0 Hope this explains it a little more.

    If you donít need to support an older SMB version for computers running Windows XP or Windows Server 2003, you can disable this function to reduce the system load and improve security

    The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80ís, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage.

    When you use SMB1, you lose key protections offered by later SMB protocol versions:

    Pre-authentication Integrity (SMB 3.1.1+). Protects against security downgrade attacks.
    Secure Dialect Negotiation (SMB 3.0, 3.02). Protects against security downgrade attacks.
    Encryption (SMB 3.0+). Prevents inspection of data on the wire, MiTM attacks. In SMB 3.1.1 encryption performance is even better than signing!
    Insecure guest auth blocking (SMB 3.0+ on Windows 10+) . Protects against MiTM attacks.
    Better message signing (SMB 2.02+). HMAC SHA-256 replaces MD5 as the hashing algorithm in SMB 2.02, SMB 2.1 and AES-CMAC replaces that in SMB 3.0+. Signing performance increases in SMB2 and 3.

    Bottom line is SMB 1.0 should be Disabled, just like simrick has posted.
      My ComputersSystem Spec


  9. Posts : 2,096
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)
       17 May 2017 #9

    OldMike65 said: View Post
    Here is some information on SMB 1.0 Hope this explains it a little more.

    If you don’t need to support an older SMB version for computers running Windows XP or Windows Server 2003, you can disable this function to reduce the system load and improve security

    The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage.

    When you use SMB1, you lose key protections offered by later SMB protocol versions:

    Pre-authentication Integrity (SMB 3.1.1+). Protects against security downgrade attacks.
    Secure Dialect Negotiation (SMB 3.0, 3.02). Protects against security downgrade attacks.
    Encryption (SMB 3.0+). Prevents inspection of data on the wire, MiTM attacks. In SMB 3.1.1 encryption performance is even better than signing!
    Insecure guest auth blocking (SMB 3.0+ on Windows 10+) . Protects against MiTM attacks.
    Better message signing (SMB 2.02+). HMAC SHA-256 replaces MD5 as the hashing algorithm in SMB 2.02, SMB 2.1 and AES-CMAC replaces that in SMB 3.0+. Signing performance increases in SMB2 and 3.

    Bottom line is SMB 1.0 should be Disabled, just like simrick has posted.
    Thanks. I'm going to disable this since I only use Windows 10 for home use. Is there any other legacy stuff enabled by default we can safely disable for improved security?
      My ComputersSystem Spec

  10.    17 May 2017 #10

    Steve C said: View Post
    Thanks. I'm going to disable this since I only use Windows 10 for home use. Is there any other legacy stuff enabled by default we can safely disable for improved security?
    As long as you keep your Windows 10 Home updated with the latest updates, you should be just fine. Windows released some security fixes for this just a few days ago.
      My ComputersSystem Spec


 
Page 1 of 4 123 ... LastLast

Related Threads
Solved WannaCry protection in AntiVirus, Firewalls and System Security
By using a online free email service (such as Hotmail or Gmail) instead of the direct email provided by an ISP, am I protected from malaware such as the new WannaCry trojan horse malaware? This virus spreads thru attachments in email. Do the...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:47.
Find Us