Jade Falcon wrote:

Wait, so all it does is change group policy settings and Software restriction policies, basic file/folder monitoring and black lists PUP?
Why would one need this? You can do all this without any app with what's provided within windows.
Sound more like a lazy way out to me but If it does what's it clams to do it should stop most ransomware along with malware that try's to make system changes. Neat idea for those that don't know or have the time to properly secure there systems.

That's not all it does. But that is kind of the backbone of what it does (it has ~4000 SRPs, which would be pretty time-consuming to implement manually, so I wouldn't call it "lazy"). Also it allows these polices to be applied in non-domain settings as well as "Basic" and "Home" versions of Windows. It does other things like block suspicious executables (.cpl, .scr, .pif) and double file extensions (like .pdf.exe).

Spend 5 minutes reading the manual before you shoot it down any further:
https://www.foolishit.com/cryptoprevent-malwa … -documentation/

clueless1 wrote:

That's not all it does. But that is kind of the backbone of what it does (it has ~4000 SRPs, which would be pretty time-consumi […]
Show full quote

Jade Falcon wrote:

Wait, so all it does is change group policy settings and Software restriction policies, basic file/folder monitoring and black lists PUP?
Why would one need this? You can do all this without any app with what's provided within windows.
Sound more like a lazy way out to me but If it does what's it clams to do it should stop most ransomware along with malware that try's to make system changes. Neat idea for those that don't know or have the time to properly secure there systems.

That's not all it does. But that is kind of the backbone of what it does (it has ~4000 SRPs, which would be pretty time-consuming to implement manually, so I wouldn't call it "lazy"). Also it allows these polices to be applied in non-domain settings as well as "Basic" and "Home" versions of Windows. It does other things like block suspicious executables (.cpl, .scr, .pif) and double file extensions (like .pdf.exe).

Spend 5 minutes reading the manual before you shoot it down any further:
https://www.foolishit.com/cryptoprevent-malwa … -documentation/

I already read up on it, seems rather redundant to me. You can block different executables and file extensions without any 3rd party tools to begin with nothing more then regedit. You can also white/black list just about anything in windows without any tools. Just about everything this tool dose can already be done with what windows provides you with. The only thing that stood out to me was the folder watch option, I can't think of a way to implement something like that with out a tool or some app.

I can see it being very useful for the non tech savvy people and home user were changing group policy settings and SRS is less of an option, but in a work place with a domain, active DIR and so on, not so much needed as you only need to setup one system with theses settings then have them rolled out over the network.

I guise I'm a little more old fashion when it comes to system security. Still it seems to be a rather convent tool for home users.

Jade Falcon wrote:

Carful with pos updates.
They arnt tested on xp pro or home. But I can't see anything bad happening other then a false sense of security. Pos update may be different enough at times to be ineffective on pro or home. But I have yet to see that. But I'm not really testing all the pos update ether.

Looks like some tech news places are now saying XP can't spread the worm? I found that it can. But did had trouble getting it to spread on a bone stock install of xp. Maybe something in updates alows it to spread? I really should to do more testing and take time in writing a paper on it. Bit I'm not taking my work home with me.

Now that you mention it, some of POS updates did improve functionality of XP,
notable example such as updates KB3055973-v3 for POS it would actually allow programs that rely on WinXP provided cryptographic API to access newer HTTPS sites.
http://www.internetdownloadmanager.com/suppor … s-problems.html

Targeting POS machines is a still viable option, if they can cough up money to have their XP maintained, surely they can also cough more for Ransom if they are taken as hostages?

Very interesting. I'll have to take a closer look into that.

Edit
As far as I'm aware XPpos still has free support from MS. We don't use xp pos at work so I could be wrong.
We just have xp pro for time clock controlers/servers and some legacy 16bit software that has problems when running in a VM. We mostly fazed out xp already.
I have wondered, how does xp_64 play in on all this?

Now the news say that Windows XP wasn't the one to blame for the WannaCry. Windows 7 was the primary victim, it seems.
But I'm not surpriesed, that's typical for them. It's always the old technology that's been badmouthed in first place.

Remember the france airport with the Windows 3.1 machine ? It was running continuously for 25 years no problem,
'til a hardware fault orccured. And what did media say ? Yeah, right - that Windows 3.1 was crap and unstable.. 😢
No one said "Hey, that control machine with Windows 3.1 lasted for 25 years! Wow!" That's so sad if you think about it.
The Voyager probes do run just a little bit longer than that (~15 years difference)..

Windows 7 hardest hit by WannaCry worm
http://www.bbc.com/news/technology-39997581

That's not surprising. "The Patch" never prevented the infection, it just prevented it from spreading to other systems in the same network. People are the infection vector, and there are more people using Windows 7 then any other OS.

clueless1 wrote:

That's not surprising. "The Patch" never prevented the infection, it just prevented it from spreading to other systems in the same network. People are the infection vector, and there are more people using Windows 7 then any other OS.

I did do some more testing in my free time. The patch could limit the chances of getting infected.
Biased on my understanding and testing wanacry comes into networks one of two ways.
1: by doing a port/network scan to see if a vulnerable system is found.
2: by some sort of user interaction.

With the patch the first method stated should be stoped.
Ether way the biggest fish (old or new) tends to be the main target in these kind of broad attacks.

I think it's crazy that any router would have port 445 open to the outside world.

edit: Wow, over 1 million devices exposing port 445 on the internet and 80% of them are Windows-based:
https://community.rapid7.com/community/infose … anning-for-them

clueless1 wrote:

I think it's crazy that any router would have port 445 open to the outside world.

edit: Wow, over 1 million devices exposing port 445 on the internet and 80% of them are Windows-based:
https://community.rapid7.com/community/infose … anning-for-them

A lot of times in the work place a windows server is directly atched to a modem and the server acks as a router.
Atlest put a hardware firewall between them I always say, but some people are cheepstakes

Jade Falcon wrote:

A lot of times in the work place a windows server is directly atched to a modem and the server acks as a router.
Atlest put a hardware firewall between them I always say, but some people are cheepstakes

That's insane. If it's money then use pfSense or IPFIre.

clueless1 wrote:

Jade Falcon wrote:

A lot of times in the work place a windows server is directly atched to a modem and the server acks as a router.
Atlest put a hardware firewall between them I always say, but some people are cheepstakes

That's insane. If it's money then use pfSense or IPFIre.

Well the main problem is that a lot of places that do this use one or 2 servers for everything or more then one thing. So some sort of open source router os doesn't always fly.

Not to mention most higher ups will not ok such software do to the lack of support. If you run into a problem is there a number you can call? Most workplaces want that.
But seriously just get a hardware firewall it's not rocket science. A good one is like 100$.

Jade Falcon wrote:

Well the main problem is that a lot of places that do this use one or 2 servers for everything or more then one thing. So some sort of open source router os doesn't always fly.

Not to mention most higher ups will not ok such software do to the lack of support. If you run into a problem is there a number you can call? Most workplaces want that.
But seriously just get a hardware firewall it's not rocket science. A good one is like 100$.

Yes, you can purchase a good router with firewall capabilities from Ubiquiti or Microtik for $100, but you still need a person who knows what they're doing to configure it. Consumer grade hardware can be okay and easier to use (although not in the same league for flexibility and performance), but firmware security is known to be problematic. Supporting something internally can work fine as long as it's not too much of a stretch for your staff and there's a clear pathway for support via training and documentation (which should be a requirement for anything).

gdjacobs wrote:

Yes, you can purchase a good router with firewall capabilities from Ubiquiti or Microtik for $100, but you still need a person who knows what they're doing to configure it. Consumer grade hardware can be okay and easier to use (although not in the same league for flexibility and performance), but firmware security is known to be problematic. Supporting something internally can work fine as long as it's not too much of a stretch for your staff and there's a clear pathway for support via training and documentation (which should be a requirement for anything).

Indeed a firewall is not the simplest thing is implement. But any workplace that has several computers or a server should at the very lest have a IT support plan in place. Weather outsourced or internal they should have the means to implement a firewall and support it.

Errius wrote:

What can be done with old XP computers that haven't the horsepower to run newer Windows?

If your computer can only run XP due to specs, you could make it into a DOS/98SE/WIN 3.1/MS BOB/NT4/2K/XP MultiOs system.

clueless1 wrote:

Not very easily. :( If his mail account supports IMAP, and he's using something with lots of storage (like gmail) then he coul […]
Show full quote

Errius wrote:

It's not me it's my parents. My dad is paranoid about XP and wants to install Windows 7/8/10 on their computer. I've warned him it will become too slow to use if he does that. So he just doesn't use it any more. Problem is, all of his emails are on there going back years. Can Linux email clients import Outlook 2007 email archives?

Not very easily. 🙁 If his mail account supports IMAP, and he's using something with lots of storage (like gmail) then he could just connect Thunderbird on Linux to the IMAP acct and suck them in that way.

Honestly, if you secure XP well, he should be able to keep using it. I recommend CryptoPrevent, Norton ConnectSafe DNS, MVPS HOSTS, and uBlock Origin browser plugin. That combination should keep his XP secure for the time being. And occasional scans with Malwarebytes.

I suppose you could get Outlook working in Linux with Wine, but I don't have experience with that:
http://www.webupd8.org/2011/01/how-to-install … ce-2007-in.html

Wow clueless1 you really go to extreme lengths to keep XP safe. Even after infection I just modify the registry and reboot into another OS and remove the offending files that it keeps trying to load then reboot back into XP and it doesn't see or can't load them anymore. Still leaves some trace elements but usually I'll restore a working XP image back to a clean state which is faster but a bit too lazy to do it. But it's actually kind of fun when it gets infected as you learn how to clean it up without any special tools. These days I'm more likely to lose my XP system due to a power failure than some malware / virus destroying it. And if they get that far just a simple few seconds restoring my OS image and I'm back.

Message consolidated - To be deleted by moderator.

Kreshna Aryaguna Nurzaman wrote:

The board seems to be quiet about WannaCry as well. Maybe it's because most of us still use old operating systems, so we're not being infected?

I have not seen any attack on my personal computer, as I run Linux on it without Wine. My spare laptop is running Win7 and I have not had it turned on for the last 3 month's. All my retro machines that run Win98se have no network card. My woman is running Win10. We have not seen or experienced any attack or infection at all.

95DosBox wrote:

clueless1 wrote:

Not very easily. :( If his mail account supports IMAP, and he's using something with lots of storage (like gmail) then he coul […]
Show full quote

Errius wrote:

It's not me it's my parents. My dad is paranoid about XP and wants to install Windows 7/8/10 on their computer. I've warned him it will become too slow to use if he does that. So he just doesn't use it any more. Problem is, all of his emails are on there going back years. Can Linux email clients import Outlook 2007 email archives?

Not very easily. 🙁 If his mail account supports IMAP, and he's using something with lots of storage (like gmail) then he could just connect Thunderbird on Linux to the IMAP acct and suck them in that way.

Honestly, if you secure XP well, he should be able to keep using it. I recommend CryptoPrevent, Norton ConnectSafe DNS, MVPS HOSTS, and uBlock Origin browser plugin. That combination should keep his XP secure for the time being. And occasional scans with Malwarebytes.

I suppose you could get Outlook working in Linux with Wine, but I don't have experience with that:
http://www.webupd8.org/2011/01/how-to-install … ce-2007-in.html

Wow clueless1 you really go to extreme lengths to keep XP safe. Even after infection I just modify the registry and reboot into another OS and remove the offending files that it keeps trying to load then reboot back into XP and it doesn't see or can't load them anymore. Still leaves some trace elements but usually I'll restore a working XP image back to a clean state which is faster but a bit too lazy to do it. But it's actually kind of fun when it gets infected as you learn how to clean it up without any special tools. These days I'm more likely to lose my XP system due to a power failure than some malware / virus destroying it. And if they get that far just a simple few seconds restoring my OS image and I'm back.

Yes, I run full, image-based backups each day, so I could always restore quickly. But my recommendations also make for a better computing experience:
-CryptoPrevent uses local policy software restrictions, so uses zero computing resources. Why not? It's free...
-filtered DNS is often faster, again has no negative performance impact, so why not? Again, free...
-MVPS HOSTS not only blocks malware, it also blocks ads, which means your browser uses fewer resources and your web pages load faster. Again, free. Why not?
-ditto uBlock Origin browser plugin. Less stuff to load means faster web browsing. Free.

and I wouldn't call it extreme lengths, it takes all of 15 minutes to get that all set up. Once it's done, you never have to deal with it again. 😀

clueless1 wrote:

Honestly, if you secure XP well, he should be able to keep using it. I recommend CryptoPrevent, Norton ConnectSafe DNS, MVPS HO […]
Show full quote

Honestly, if you secure XP well, he should be able to keep using it. I recommend CryptoPrevent, Norton ConnectSafe DNS, MVPS HOSTS, and uBlock Origin browser plugin. That combination should keep his XP secure for the time being. And occasional scans with Malwarebytes.

Yes, I run full, image-based backups each day, so I could always restore quickly. But my recommendations also make for a better computing experience:
-CryptoPrevent uses local policy software restrictions, so uses zero computing resources. Why not? It's free...
-filtered DNS is often faster, again has no negative performance impact, so why not? Again, free...
-MVPS HOSTS not only blocks malware, it also blocks ads, which means your browser uses fewer resources and your web pages load faster. Again, free. Why not?
-ditto uBlock Origin browser plugin. Less stuff to load means faster web browsing. Free.

and I wouldn't call it extreme lengths, it takes all of 15 minutes to get that all set up. Once it's done, you never have to deal with it again. 😀

Backed up your message for future reference. I might have to do this for someone else's XP computer for Skylake since they would be newbies and get infected through simple mistakes. For faster web browsing I recommend you create a large Ramdrive using the > 3.2GB memory region then point the cache location to it. That's why my Firefox web browsing feels smooth as silk. One day I might experiment and hack the XP so it loads purely into the Ramdrive entirely in conjunction with your security options. 😀