Personal computing discussed

Moderators: Captain Ned, emkubed

 
Redocbew
Gold subscriber
Graphmaster Gerbil
Posts: 1309
Joined: Sat Mar 15, 2014 11:44 am

Re: That WannaCry ransomware

Tue May 16, 2017 1:16 pm

whm1974 wrote:
I thought Silverlight was dead and MS had quit supporting it.


Languages/frameworks like Silverlight never really die. Ned's example of Silverlight is just one of many where stuff has lingered on long past its official expiration date. Just look at how long it's taking to kill Flash which was always a little funky even when it was well-maintained, and is almost universally hated now.
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.
 
Arvald
Silver subscriber
Gerbil Elite
Posts: 695
Joined: Tue Sep 27, 2011 12:14 pm
Location: Gerbil-land, Canada

Re: That WannaCry ransomware

Tue May 16, 2017 1:59 pm

Hawkwing74 wrote:
I got *upgraded* to that last year from Win XP. Still on IE 8 which means many things do not work. Have to use Chrome except for a few internal apps.

Not unusual for business. So many corporate apps (not in house but purchased) are not supported well with modern operating systems.
Many of our plant controls still require XP SP2 (SP3 breaks them).

We are Win7 rolling out Win10 but there are issues. A lot revolving around Excel plug ins.
 
Hawkwing74
Silver subscriber
His Holy Gerbilness
Posts: 13767
Joined: Wed Aug 20, 2003 5:51 pm
Location: Streamwood, IL

Re: That WannaCry ransomware

Tue May 16, 2017 2:05 pm

Arvald wrote:

Not unusual for business. So many corporate apps (not in house but purchased) are not supported well with modern operating systems.
Many of our plant controls still require XP SP2 (SP3 breaks them).

We are Win7 rolling out Win10 but there are issues. A lot revolving around Excel plug ins.

How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26397
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: That WannaCry ransomware

Tue May 16, 2017 2:29 pm

Hawkwing74 wrote:
How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?

At this point I'd hope that they're airgapped from production networks.
If the Earth were flat, cats would have pushed everything off of it by now.
 
ClickClick5
Gerbil Elite
Topic Author
Posts: 550
Joined: Fri Aug 15, 2008 8:28 pm
Location: Alaska
Contact:

Re: That WannaCry ransomware

Tue May 16, 2017 3:49 pm

Captain Ned wrote:
Hawkwing74 wrote:
How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?

At this point I'd hope that they're airgapped from production networks.


At my last job, they had Windows 2000, XP, Vista, 7, and 8 (before 8.1) all on the same network. And the highly trained managers would scream at us for not getting Outlook 2010 installed on A windows 2000 machine. Running a P3, and 256MB ram, with cute 20GB drives. Our CTO finally had enough and blocked the switch ports to Vista machines and back. He basically forced them to update to newer hardware/software. The only reason they still had these machines was because "they still run".

And I have come across companies with a blend of Server 2000-2016 hosts/vms. Some run some super important legacy programs, and others still exist because "upgrading costs money". Well...when the data is encrypted or lost because of these machines, that costs more than a server!
i7-5930k (4.1GHz), 32GB DDR4-2400, 980 4GB, GA-X99-UD3, Samsung 850 Pro 256GB (os/programs), Toshiba 5TB (games), WD VelociRaptor 500GB (games/scratch disk), Win 10 Pro x64
Check out my site for trance sets and other goodies! clickclick5.com!
 
whm1974
Gerbil Elder
Posts: 5196
Joined: Fri Dec 05, 2014 5:29 am

Re: That WannaCry ransomware

Tue May 16, 2017 5:18 pm

ClickClick5 wrote:
Captain Ned wrote:
Hawkwing74 wrote:
How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?

At this point I'd hope that they're airgapped from production networks.


At my last job, they had Windows 2000, XP, Vista, 7, and 8 (before 8.1) all on the same network. And the highly trained managers would scream at us for not getting Outlook 2010 installed on A windows 2000 machine. Running a P3, and 256MB ram, with cute 20GB drives. Our CTO finally had enough and blocked the switch ports to Vista machines and back. He basically forced them to update to newer hardware/software. The only reason they still had these machines was because "they still run".

And I have come across companies with a blend of Server 2000-2016 hosts/vms. Some run some super important legacy programs, and others still exist because "upgrading costs money". Well...when the data is encrypted or lost because of these machines, that costs more than a server!

Not to mention that time is money and new and faster hardware and better software can increase productivity enough to more then pay for the upgrades.
 
Convert
Grand Gerbil Poohbah
Posts: 3378
Joined: Fri Nov 14, 2003 6:47 am

Re: That WannaCry ransomware

Tue May 16, 2017 5:44 pm

A predominant medical 3d digital imaging company had their licensing server hit. The software won't run until it checks in with the licensing server so all the medical offices that use this software for their imaging application are dead in the water.
Tachyonic Karma: Future decisions traveling backwards in time to smite you now.
 
Arvald
Silver subscriber
Gerbil Elite
Posts: 695
Joined: Tue Sep 27, 2011 12:14 pm
Location: Gerbil-land, Canada

Re: That WannaCry ransomware

Wed May 17, 2017 9:06 am

Hawkwing74 wrote:
Arvald wrote:

Not unusual for business. So many corporate apps (not in house but purchased) are not supported well with modern operating systems.
Many of our plant controls still require XP SP2 (SP3 breaks them).

How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?

The systems are not day to day use systems. They are only for interfacing to the controls.
Also they usually do not connect to the external network except when an external update is required from the vendor.
 
Arvald
Silver subscriber
Gerbil Elite
Posts: 695
Joined: Tue Sep 27, 2011 12:14 pm
Location: Gerbil-land, Canada

Re: That WannaCry ransomware

Wed May 17, 2017 9:15 am

To note for our company we are up to date on all virus checkers and force our users to be up to date.
We are not vulnerable on the worm side of the whole thing. The firewall, email scanning and AV should catch the whole thing, so that leaves PICNIC errors...

It is the outliers like said WinXP machines that cannot be updated and can get out of date due to not being on all the time that are at risk.
 
captaintrav
Gerbil First Class
Posts: 123
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: That WannaCry ransomware

Wed May 17, 2017 9:24 am

We're on top of patching Windows generally, not to mention McAfee had updates to catch it (hopefully) out right away. What we did scramble around though, is digging out any infrequently used machines that hadn't reported back to the WSUS in a few months and make sure they were up to date. The ones that still haven't hit the network we've blacklisted the MAC addresses on our NAC appliance. We also have a FireEye appliance, and so far no reports.
 
captaintrav
Gerbil First Class
Posts: 123
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: That WannaCry ransomware

Wed May 17, 2017 9:46 am

Arvald wrote:
Hawkwing74 wrote:
I got *upgraded* to that last year from Win XP. Still on IE 8 which means many things do not work. Have to use Chrome except for a few internal apps.

Not unusual for business. So many corporate apps (not in house but purchased) are not supported well with modern operating systems.
Many of our plant controls still require XP SP2 (SP3 breaks them).

We are Win7 rolling out Win10 but there are issues. A lot revolving around Excel plug ins.


Is that due to a new version of Office? We're just in the early stages of getting Windows 10 in our environment, and will likely be going from Office 2010 to 2016.
 
DragonDaddyBear
Gerbil Elite
Posts: 639
Joined: Fri Jan 30, 2009 8:01 am

Re: That WannaCry ransomware

Wed May 17, 2017 7:33 pm

captaintrav wrote:
We're on top of patching Windows generally, not to mention McAfee had updates to catch it (hopefully) out right away. What we did scramble around though, is digging out any infrequently used machines that hadn't reported back to the WSUS in a few months and make sure they were up to date. The ones that still haven't hit the network we've blacklisted the MAC addresses on our NAC appliance. We also have a FireEye appliance, and so far no reports.

In a very similar technology busy as you. We didn't black list stuff but we did all of the rest. McAfee did release an emergency dat files on Friday, but I think at that point the researcher had already sinkholed the malware. Prior to that they had guidance on how to stop it via manual intervention with registry rules. What I really wish we could get to is AppLocker. A friend rolled it it before and said it wasn't that hard even with citrix and the like. That would stop so much malware because most of it runs in temp files.
 
captaintrav
Gerbil First Class
Posts: 123
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: That WannaCry ransomware

Fri May 19, 2017 10:12 am

Losergamer04 wrote:
captaintrav wrote:
We're on top of patching Windows generally, not to mention McAfee had updates to catch it (hopefully) out right away. What we did scramble around though, is digging out any infrequently used machines that hadn't reported back to the WSUS in a few months and make sure they were up to date. The ones that still haven't hit the network we've blacklisted the MAC addresses on our NAC appliance. We also have a FireEye appliance, and so far no reports.

In a very similar technology busy as you. We didn't black list stuff but we did all of the rest. McAfee did release an emergency dat files on Friday, but I think at that point the researcher had already sinkholed the malware. Prior to that they had guidance on how to stop it via manual intervention with registry rules. What I really wish we could get to is AppLocker. A friend rolled it it before and said it wasn't that hard even with citrix and the like. That would stop so much malware because most of it runs in temp files.


AppLocker is so worth it. Its caught umpteen malware attempts for us when drive-by malware installs or malvertisements are exploiting zero day flash exploits for instance to drop executables and try to execute them from the user's profile. There is some weaknesses in AppLocker that have been documented, but so far I haven't seen anything really clever enough to try and circumvent AppLocker. Probably because it's so much easier to focus on easy targets. I am grateful to work for an organization that is smart enough and resolved enough to have no local administrator rights for anyone outside IT, and only then very few cases (ie, the developers don't have local admin rights outside of their development environments on VMs), and commit to AppLocker even though it can be a fair amount of work to maintain rulesets.
 
Arvald
Silver subscriber
Gerbil Elite
Posts: 695
Joined: Tue Sep 27, 2011 12:14 pm
Location: Gerbil-land, Canada

Re: That WannaCry ransomware

Fri May 19, 2017 12:20 pm

captaintrav wrote:

Is that due to a new version of Office? We're just in the early stages of getting Windows 10 in our environment, and will likely be going from Office 2010 to 2016.

it is Office 2010. I don't think we have tried 2016.
Many of the plug ins are not yet certified for 2016.

One issue we see is Excel just freezes.

Who is online

Users browsing this forum: No registered users and 4 guests