Microsoft warns of worm ransomware, finds fix in Windows 10 upgrade Microsoft is warning of a wormable ransomware that infects removable drives on versions of its operating system below Windows 10. The ZCrypt scumware is distributed through old but effective methods of phishing emails, Word document macros, and fake Adobe Flash installers. It drops a warning notice in a HTML file informing …
I wonder .. just how much Microsoft paid people to develop that :)
Quick reality check on last remaining copy of Win XP in a VM:
The ZCrypt scumware is distributed through old but effective methods of phishing emails, Word document macros, and fake Adobe Flash installers.
- phishing emails: I use Thunderbird, don't read email on Windows, and yet I still check such things anyway (left over Windows habit). No problem.
- Word document macros: LibreOffice doesn't execute them. No problem
- fake Flash installers: removed Flash ages ago, and my browser tells sites it's an iPad. Not a problem*.
So no problems at all, really.
* I suppose I could get caught out with a fake Flash UNinstaller, but I've done that now :). That being said, I do check where things are downloaded from (as before, left over Windows habits).
...pirate... sites [should be] avoided.
- Hear no evil.
The ZCrypt scumware is distributed through old but effective methods of phishing emails, Word document macros, and fake Adobe Flash installers.
- See no evil.
Macros should also be banished
- Say no evil
...and porn sites [should also be] avoided.
- Have no fun.
The EOL for windows 7 is 2020 i believe.
So, get the vuln patched. Immediateamont-toot-sweet(sic)
I dont WANT WinX
I dont want Edge.
I DO want you to honour your promise of security updates for older OS's.
Fuck me, how many more times are WE going to have to tell YOU that a significantly large proportion of us DONT WANT WinX... Scare tactics like this will NOT change that stance.
*
It's the new Microsoft. Nothing is off-limits if it gets them closer to 1 billion Win 10 devices.
Using Windows Update, a formerly trusted mechanism for updating Windows and other MS software to spread adware? Not a problem!
Using Windows Update to disseminate adware disguised as a security update for IE? Sure!
Pushing people who have no idea what a backup is to perform a potentially risky in-place upgrade without letting them know about that risk (we can't have anyone backing out of the upgrade just because it might bork their PC)... Certainly.
Changing their nagware so that the "X" that has always meant "No" now means "Yes?" Why not?
There appears to be no depth to which Microsoft will not sink to spread their malware to 1 billion devices.
Installing a trojan by running something from a dodgy website is not a vulnerability that can or needs to be patched.
Installing from an Office macro - would be an Office vulnerability if anything.
That the trojan doesn't work on Windows 10 is either a bug in the trojan or Windows 10 failing to run a legacy application. Don't know what Microsoft thinks it is bragging about.
Let's all bitch about having to upgrade... something you have to do with any OS, application, architecture etc. What, you don't want to upgrade so a problem is fixed? ...then stop griping; you've made your decision so stand by it like an adult.
...and give a pass to the morons and cheats who write the malicious code. This way when you do become a victim, you can be happy with the fact you didn't upgrade.
"Upgrading is one thing, being forced to accept a completely alternative operating system is another."
I've been forced by Redmond to accept a completely alternative operating system.
It goes by the name of Linux.
The transition was in no way painless, but I'll never look back. SWMBO loves it and the kids went "Hey how nice! Our computer now has Android on it!"
Not upgrading to Win10 ≠ not wanting to fix a problem.
Apparently you don't know the definition of a "trojan horse".
Forgetting about the questionable telemetry and encrypted data transmission - if you're OK with your OS removing your ability to control updates, thereby changing >20 years of policy, then by all means enjoy.
Home users shouldn't have to concede control over their own bought & paid for hardware just to satisfy the whims of whatever blowhard is the flavor of the month at MS. If you think for one second that MS has never published and released an update (or a few dozen) that have 'never' hosed machines rendering them non-bootable, well I've got ocean front property in AZ to sell you. Heck, there are still unresolved issues with 10 (such as the disappearing task bar and non-working Start menu) that they haven't even fixed yet, despite the OS being "rapid rollout". But surely, the future will be better though, eh?
There are plenty of other options out there, from "not upgrading" to "running *nix". The backhanded compliment of "making upgrading EASY" that MS has bestowed upon everyone running 7 or 8.1 makes the fruit even more rotten because over the last year they have made it increasingly more difficult for someone who DOES NOT want the upgrade, to NOT GET the upgrade. Disabling updates completely is not an acceptable solution when the OS is supported for 4 more years with security patches and updates; however, disabling updates completely IS THE ONLY WAY to NOT get the upgrade.
The notion that "you MUST upgrade to not be affected" and the insinuation that "by not upgrading we're not going to patch your OS even though we've promised to do so because there's 4 years left on the clock" is gutter trash.
I think I'll copy/paste this to a .txt so the next time (and it's coming) MS push out a brick patch I can open that file up and have a laugh.
Here's how updates should go;
I have two Manjaro boxes with different UI's and software for differing tasks. Each day at midnight a little box pops up to let me know what updates are available and which issue(s) each update fixes. I can pick and choose what I'd like to upgrade from that list and the dependencies will be listed for each one so I can choose whether or not the ends justify the means.
See what they did there?
"I" choose what to update and when, they aren't just hammering 650+ program patches at me when I'm not looking and then tell me it's for my own good when my system no longer boots.
If you love forced updates and in fact forced whole OS 'upgrades' then feel free. I'll just wait here for the next infinite boot loop article.
P.S. Yes, one of those machines (that I'm typing this on) has 650+ updates waiting. Why a rolling release if I'm not going to let it roll? Again, My choice.
Antergos as my main OS, a close relative of Manjaro, and it does the exact same thing. There is a pop saying updates are available. I can review the updates, choosing the ones I want, review the update if I want. Also, the updates state which packages are being updated and the installation occurs when I give my explicit permission.
Microsoft has tried every dirty trick they could to get people to upgrade to Windows 10.
Now they are trying to scare people into upgrading.
I suppose its implied that Microsoft intends to throw the users of all the earlier versions of Windows under the bus.
Microsoft is gettting more and more desperate.
So...
In order to minimize the risk of some very bad software that I very much do not want getting on my PC, I have to install some other slightly less bad software that I also very much do not want on my PC?
The odds of me picking up the malware in question are slim, given that I am reasonably sensible in my online activities. The consequence is terrible, but it's also very unlikely.
If I install Windows 10, the negative impact will certainly be far less objectionable than than getting ransomware, but the odds of that impact will be 100%.
I'll take my chances.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
