What's new

Ars: More people infected by recent WCry worm can unlock PCs without paying ransom

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

Dan Goodin

Guest
war-ends-800x631.jpg

Enlarge (credit: Ed Westcott / American Museum of Science and Energy)

New hope glimmered on Friday for people hit by last week's virulent ransomware worm after researchers showed that a broader range of PCs infected by WCry can be unlocked without owners making the $300 to $600 payment demand.

A new publicly available tool is able to decrypt infected PCs running Windows XP and 7, and 2003, and one of the researchers behind the decryptor said it likely works for other Windows versions, including Vista, Server 2008, and 2008 R2. The tool, known as wanakiwi, builds off a key discovery implemented in a different tool released Thursday. Dubbed Wannakey, the previous tool provided the means to extract key material from infected Windows XP PCs but required a separate app to transform those bits into the secret key required to decrypt files.

Continue reading on Ars Technica
 
WinXP, why, who, still uses Win XP??

Or departments with old legacy software that cannot be run on newer systems, or are too system-critical to be migrated. You think NASA and the US military are going to upgrade to Windows 10 for their system managing rockets and missiles? :)

One such problem is with 16-bit code, which can no longer run on newer platforms.

In some cases, you're talking mission-critical software that was developed either in-house or by a contractee who disappeared 10+ years ago, so migrating, validating and fixing that old code for a new platform can be difficult.

When they were retired, the NASA space shuttles still used 8088 processors for some of their systems. It was thoroughly validated for the specific uses they had for them, and upgrading them wasn't realistic.
 
the NHS in the UK, many thin clients that operate kiosks and such that have been working for years.

At least my oscilloscope doesnt run windows :p

Two years ago, I walked by a kiosk for the local mass transit company where you can refill the smartcard you use to pay your fare. It had a WinXP error message shown on its screen.

What truly made me sad was the fact these were deployed only about two or three years before that, meaning by the time they were deployed, they already knew that Microsoft would terminate support for it in the very near future.
 
WinXP, why, who, still uses Win XP??

There's a lot of places where XP is still there - most ATM's run XP these days, and there's hella industrial automation that is built around XP.

Agilent has test equipment for WiFi/Wimax/LTE that is based on XP, just as an example. It's non-trivial to upgrade those devices... or various Healthcare devices (last time I was in the ER and recovery, everything there was XP based these days)

There are applications that don't work with Win7 because of API differences, and that's why folks continue to run XP...

I, personally, think that XP was one of the better versions of Windows - probably behind NT 3.5.1 and Win2K, but ahead of Win7 and later... but from a business perspective, Microsoft has a heck of a problem with legacy and XP.

That being said... the WannaCry stuff mostly impacted Win7 actually, according to various reports on the security oriented sites...
 
winXP is not supported by big bad bill. seems to me that the security of WinXP is to blame since it is not updated and supported. A giant hack looking for place to happen...
 
winXP is not supported by big bad bill. seems to me that the security of WinXP is to blame since it is not updated and supported. A giant hack looking for place to happen...

You can still get paid support for WinXP. It's ridiculously expensive, but it's still available. Why do you think the WannaCry hotfix has been ready since last February?
 
I, personally, think that XP was one of the better versions of Windows - probably behind NT 3.5.1 and Win2K, but ahead of Win7 and later... but from a business perspective, Microsoft has a heck of a problem with legacy and XP.

Windows 7 is my favorite MS OS so far. In its last few days, there were still some very odd issues with WinXP that never got sorted. Had a few customers over the years bringing their XP box that no longer booted, and required an offline filesystem check for it to boot again. Or that random issue where a user profile ends up in a locked out mode, forcing you to use a separate admin account to dig into the registry, and remove the ".bck" that Windows had appened to the profile name. That one only started appearing during the last 1-2 years of WinXP support, so I suspect it might have been related either to a late hotfix, or a timing issue caused by the faster hardware at that time that didn't exist back when WinXP was designed. Kinda like how Win 98 started having filesystem issues when new HDD appeared with larger caches, and Windows didn't wait long enough for it to flush its buffers on shutdown, causing filesystem corruption. MS eventually released a hotfix to resolve the issue with those HDDs with large caches.
 
You can still get paid support for WinXP. It's ridiculously expensive, but it's still available. Why do you think the WannaCry hotfix has been ready since last February?
Where can I acquire this "ridiculously expensive" WinXP support??
WannaCry launched May 12/17, why would there be a hotfix before this?
 
Where can I acquire this "ridiculously expensive" WinXP support??
WannaCry launched May 12/17, why would there be a hotfix before this?

Contact Microsoft, and tell them about your multinational corporation wanting to purchase a service contract with them for a few million dollars. Some reports mention the ongoing rates being 200$ per desktop for the first year, 400$ per desktop for the second year, and 600$ per desktop for the third year.

In short: not available for regular users, only for large corporate customers.

The hotfix files have a build datestamp from February, so they probably initially fixed it for one of their corporate customers, but due to the importance of the problem, Microsoft decided to release the fix to the general public last week.
 
Windows 7 is my favorite MS OS so far. In its last few days, there were still some very odd issues with WinXP that never got sorted.

Major Windows versions are like star wars movies - not every one is good :D
  • Windows 3.1 - the first decent version of Windows, early networking, Win32 API's, some early DirectX
  • Win98 Second Edition - everything Win95/98 promised to be, but it took SE to deliver on those bets
  • NT 3.5.1 - one of the most stable versions of windows ever... trivia, it ran native OS2 apps as well
  • Win2K - awesome sauce
  • WinXP - like Win2K but better
  • Win7 - like XP but even better... with the right version - my pref was Win7Pro
  • Win10 - outside of the privacy concerns, it's actually not that bad...
Versions that were less than awesome - the Jar Jar Binks of Software/Operating Systems...
  • Win3.0 - nice ideas, but dosshell underneath...
  • Win95 - nice start, but ugly underneath, same with Win98 non-SE
  • Windows Millenium - remember that?
  • WinNT 4.0 - NT meets win 95 in a dark place... and this was the love child
  • WinXP Pro 64 bit edition - I actually had this on a opteron workstation back in the day, and it was painful - WinXP without the joy...
  • Windows Vista - less said about that, the better...
  • Win8/8.1 - outside of MetroUI, it wasn't that bad, but OMG, MetroUI
Win Server versions - my thoughts there are similar to the Windows Core versions mentioned above...

WinCE - mixed feelings there - ARM/MIPS/x86/SuperSH/others - it's a weird place, but it's more common than most folks would acknowledge... my 2012 acura runs WinCE for the in vehicle stuff - I think Ford's Sync stuff was similar on the first pass..

And then there's WinRT - nice effort... not very successful - nor were WinNT on anything but Intel (WinNT used to support MIPS/PowerPC, and DEC Alpha back in the WinNT 3.5/4.0 days)

I was always puzzled about Windows Phone on ARM - why didn't Microsoft and Intel join forces there - Intel was (and still is) Android, where it doesn't do well compared to ARM... An Intel based Lumia handset would have been really nice - I've played around with Win8.1/Win10 on a low end tablet (HP Stream 7), and it's not that bad...

The most obscure version of Windows - Windows Fundamentals for Legacy PC's - it was a cut-down WinXP system for Win95 era PC's - one had to be part of the secret society perhaps, as one couldn't get this publically, but it was there - mostly for thin clients, and eventually was replaced by Windows for Thin PC's - which was based on the Win7 core.

I'm told there's over 50 million lines of code in the Windows core OS - and that's not counting the .NET frameworks...

When one considers that - Microsoft has done an amazing job with Windows and trying to keep it secure...
 
Last edited:
And bringing things back to something that might be relevant for our forum members...

The XBox consoles... now while not being directly susceptible to WannaCry, these all are Win32 machines, so be careful exposing them to the interwebs these days in light of the WikiLeaks disclosures...
  • Xbox (original) - Win2K based?
  • Xbox 360 - WinXP based?
  • XboxOne/One S - Win8/Win10
Good news here is that there is a fair amount of sandboxing, but we don't know all the vuln's here - and the OG Xbox would be most at risk, followed by Xbox 360 - the Xbone should be fairly safe as MS is actively developing that platform still...
 
Contact Microsoft, and tell them about your multinational corporation wanting to purchase a service contract with them for a few million dollars. Some reports mention the ongoing rates being 200$ per desktop for the first year, 400$ per desktop for the second year, and 600$ per desktop for the third year.

In short: not available for regular users, only for large corporate customers.

It's the verticals like I mentioned above - industrial automation, end-points for embedded services (ATM's and Points of Sale systems) and the like...

MS is charging a lot of extended support of XP - but consider retooling software and workflows, and then HW upgrades in some cases - so big customers might not have a choice but to suck it up and pay...
 
MS is charging a lot of extended support of XP - but consider retooling software and workflows, and then HW upgrades in some cases - so big customers might not have a choice but to suck it up and pay...

They're paying it but not liking it. Last factory I worked in was in the process of moving all of their production systems away from XP based OSs. They looked like they swallowed sour milk when you'd mention it to the higher ups, but they were upgrading none the less. They didn't like shelling out the dough to MS for the continued support.
 
They're paying it but not liking it. Last factory I worked in was in the process of moving all of their production systems away from XP based OSs. They looked like they swallowed sour milk when you'd mention it to the higher ups, but they were upgrading none the less. They didn't like shelling out the dough to MS for the continued support.
this is why in industry it is preferred to use a linux based system and hire someone to code and adapt things. You cant even use windows on/with fpgas or even automated machines that produce things in a factory for example, its just too unreliable compared to taking a bare linux kernel or a linux OS, and stripping away things you dont need only adding what is required. With less functions in the OS its less things to patch, to worry about and less things that take up hardware resources.

However many simply take the easy route and use windows despite the fact that it is more expensive and things do go wrong with compatibility an issue.
 
They're paying it but not liking it. Last factory I worked in was in the process of moving all of their production systems away from XP based OSs. They looked like they swallowed sour milk when you'd mention it to the higher ups, but they were upgrading none the less. They didn't like shelling out the dough to MS for the continued support.

Lot of it depends on the software lifecycle of the applications, and the costs to upgrade them (and possibly HW to support newer versions of windows) - which is largely a CAPEX exercise...

Where extended support could be considered OPEX - so for many it is a business decision...
 
  • Win8/8.1 - outside of MetroUI, it wasn't that bad, but OMG, MetroUI
Ever since Win8 I am using Classic Shell to overcome the stupid Tile and Start-Menu developments - even with Win10 still the better choice if you wanna work productive!

I really wonder why not more people are googel-ing for a solution and finding Classic Shell!?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top