Ransomeware Windows Update

[Tom Saurus]

I used to update Windows Update constantly until I read about all the stuff from Microsoft that would encourage me to upgrade or force an upgrade. I have been using the free Malwarebytes program and ESET Nod32 to protect my computer. Now after reading about this new ransomware going around I am concerned. Is there any guide to show what Windows Update to install to protect my computer from this threat without ending up with the nag from Microsoft to upgrade from Windows 7 which I am totally happy with and thus don't want to upgrade? Thanks in advance for any help with this matter.

[pandy]

http://www.wsusoffline.net/

[jagabo]

Microsoft stopped with the Win10 upgrade nags a long time ago.

[sneaker]

As far as I know Microsoft has officially ended the free upgrade program from Windows 7 and 8 to Windows 10. So the most annoying forced upgrade things have ended automatically. If you want to disable it anyways run "never10". You can also remove such nagging software if it is already installed. Microsoft has released a removal tool for that: https://support.microsoft.com/en-us/kb/3184143

With that upgrade out of the way just install the latest security rollup for Windows 7:
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019264

I would enable Windows Update with automatic updates again. The fix was automatically rolled out to Windows 7 in March already. It is better to close holes before they are being exploited. Not after they have become so big they made it into every big media outlet...

/edit: I'm sloow...

[hech54]

Still using XP Pro....

[sneaker]

Why the smilies?

[Tom Saurus]

Looking at Windows Update I haven't updated since December 28th, 2015. Well there are Windows Defender updates. I have Internet Explorer 10 which I basically never use except if there was a web page I wanted to save as a .mht file. I kept IE 10 because I use Windows Live Mail as my email program and upgrading to IE 11 means you can't use Windows Live Mail anymore. I use Firefox, Pale Moon and Seamonkey browsers to surf the Internet.

I imagine I have become too paranoid about Microsoft. I read about the nags and forced upgrades here and it turned me off big time. Thankfully my computer seems to be free of viruses and spyware if the ESET Nod32 and Malwarebytes scans are correct. I like that NOD32 blocks a lot of stuff that might hurt my computer.

Thank you all for this advice. I have never been so trepidacious about Windows Update as I am now. Everything is running just the way I like it. It seems like a no brainer to just click on that new Windows Rollup update for May and hopefully it would protect the computer, but I am also scared it will change the functionality I am used to.

I am thinking I should get a new Windows 10 Desktop and have that as my Internet Computer and retire this computer from the Internet and just use it for video editing, video capture and encoding. It might be the best way to go. This HP Windows 7 64 bit i5 computer has been such a terrific machine. I was sceptical about switching over from Norton Anti-Virus to ESET Nod32 but they won me over with its ability to real time protect.

This is a transition time for me and computing. The Computer Guy I had confidence in and took my computer to went out of business and the ones around who are left don't inspire confidence.

I am probably going to have to get a prepaid card and do business with Best Buy. I have resisted getting a prepaid card because the fees are outrageous. I preferred to pay the Computer Guy a 20 percent markup for ordering me something from Best Buy. I felt better the money going to him then some big finance company or Bank.

It is the time of tablets. My sister has one, and I like the portability but it seems even if you are willing to pay for a program or app it has all these nasty things called permissions and you read through them and they say we will monitor your network traffic, we have the right to delete stuff from your SD card. It sounds like spyware. So we never installed anything on the tablet and I was so paranoid I disabled wireless from the modem. Some of the local places have prepaid cards you can use to purchase stuff for one's tablet. However these permissions just scare me off. I have been tempted to put a word search game on the tablet whether a paid version or a free version but the permissions stuff makes me nervous. So I just buy word search books at the dollar stores and leave it at that.

I feel kind of like a paranoid nutbar.

[sneaker]

Looking at Windows Update I haven't updated since December 28th, 2015.

Oh, then it could be a bit of work/waiting to get everything up-to-date again. I think Windows 7 needs a few updates before it can catch up with the latest rollups. We had a discussion about this some time ago on here. I'd start by installing these the following two updates, restart the PC and then just start running Windows Update and let it do its job. It will take some time, though.

https://support.microsoft.com/en-us/kb/3020369
http://www.catalog.update.microsoft.com/Search.aspx?q=KB3125574

[ron spencer]

Go here and read this

https://www.askwoody.com/

All you need is the March patch.

Why the craziness???

Don't be an admin user, add patches when need (they are NOT always needed), don't click on email attachments, don't enable scripting on webpages unless you trust it, and use malwarebytes. This is not that difficult. I stopped updating 7 in October 2016, then I added March 2017 for this ransomware thing. Easy.

[ron spencer]

Still using XP Pro....

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

http://www.microsoft.com/downloads/details.aspx?FamilyId=7388c05d-9de6-4c6a-8b21-219df407754f

[sneaker]

All you need is the March patch.

I don't think you can just install any of the 2017 rollups when your last update was in 2015.

Don't be an admin user, add patches when need (they are NOT always needed)
[...]
I stopped updating 7 in October 2016, then I added March 2017 for this ransomware thing. Easy.

It's easy not to update. But is it a good idea? I don't really think so.

[raffriff42]

https://en.wikipedia.org/wiki/WannaCry_cyber_attack

a patch to remove the underlying vulnerability for supported systems had been issued on 14 March 2017*, delays in applying security updates and lack of support by Microsoft of legacy versions of Windows left many users vulnerable.

* https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Still using XP Pro....

Wipe those grins off your faces, mister!
Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack

[ron spencer]

All you need is the March patch.

I don't think you can just install any of the 2017 rollups when your last update was in 2015.

Don't be an admin user, add patches when need (they are NOT always needed)
[...]
I stopped updating 7 in October 2016, then I added March 2017 for this ransomware thing. Easy.

It's easy not to update. But is it a good idea? I don't really think so.

Not easy? Sure it is. Install the April 2016 Convenience Update, then the one for March 2017. Done. Updates are not always necessary if you follow best practices as a home user and use malwarebytes.

[sneaker]

I didn't say "not easy". I said "easy not to update". Now you installed an update that was already available in March after it had infected enough PCs to make it into the media. Why didn't you install it back in March? People who left the automatic updates on were safe.

Updates are not always necessary if you follow best practices as a home user and use malwarebytes.

Installing all OS security updates as they become available is best practice. You are recommending bad practices.

[ron spencer]

I didn't say "not easy". I said "easy not to update". Now you installed an update that was already available in March after it had infected enough PCs to make it into the media. Why didn't you install it back in March? People who left the automatic updates on were safe.

Updates are not always necessary if you follow best practices as a home user and use malwarebytes.

Installing all OS security updates as they become available is best practice. You are recommending bad practices.

And yet you haven't updated in two years lol. If you are paranoid get a tablet. I'm not paranoid. If you are not an admin user in your machine you will have no issues. I don't care what you do. I've never had an issue in my computing life, which goes back to the 1990s.

[ron spencer]

PCs were infected by users who are idiots. Don't be THAT idiot.

[sneaker]

And yet you haven't updated in two years lol.

My PC is always up-to-date. Tom Saurus didn't update since 2015.

I'm not paranoid.

What is your reason not to leave Windows Update automatic updates on?

If you are not an admin user in your machine you will have no issues.

[Tom Saurus]

ron spencer: I installed the March update that Woody referred to in his article. The computer seems to be working fine so far. I will look into disabling scripting to further protect the computer when I am using the browsers. Thank you for your advice. I was thinking of putting in that April 2016 patch as well but read the information about it and the things that could go wrong and having to fool with the registry to try to remedy it if that happened and it scared me away.

Thank you to everyone. I have a lot of things to think about. For now I am happy that my computer seems to be fine after that March patch.

[ron spencer]

And yet you haven't updated in two years lol.

My PC is always up-to-date. Tom Saurus didn't update since 2015.

I'm not paranoid.

What is your reason not to leave Windows Update automatic updates on?

If you are not an admin user in your machine you will have no issues.

I don't have a laptop....so your pic doesn't apply to me. And I don't use social media. And I don't hang out in coffee shops, and if I did I wouldn't leave my laptop by itself. I also don't have my browser remember passwords. I use malwarebytes, a virus scanner, firewall. So easy to avoid problems if one behaves simply. But if you do not, then perhaps you need some practice. Try spyware blaster as well! Your pic is also stupid in that it doesn't even mention admins being able to install software, including trojans and the like. It also assumes that the user doesn't lock their machine, or perhaps maybe assumes the user doesn't use a password. Pity you missed that.

I don't want automatic updates installed due to M$ piss-poor record of screwing up updates. I'll use them when I need to. Again, I'm not paranoid. And I have tons of backups, which is far more important than updates that may not work.

Ask those hospitals in the UK how many admin users they have...it is a ton.

[sneaker]

I don't have a laptop....so your pic doesn't apply to me.

The concept applies to locally running malware in the same way no matter if laptop or desktop PC. WannaCry is crypto-/ransomware. It encrypt all files it can get hold of. And the most interesting files can usually be found in the user space. Personal documents, photos, videos, ... Even most used software like the browser or Office or password managers usually run in user space. It won't be able to encrypt your precious Windows .dll files, though .. (unless it also comes with a privilege escalation exploit like is often the case)

Ask those hospitals in the UK how many admin users they have...it is a ton.

I don't know but again: ransomware usually does not require admin rights to get the interesting files. I'm pretty sure most of the machines didn't have the latest updates though because the administration didn't deem them necessary.

I don't advice against anti virus tools but they largely rely on black listing known malware variants. It shouldn't make anyone be comfortable with not closing known holes.

[october262]

There is a free tool that supposedly works for protecting and cleaning
Ransomware attacks - http://www.myce.com/news/security-researchers-release-free-tool-ransomfree-protect-ransomware-81100/

[manono]

There is a free tool that supposedly works for protecting and cleaning
Ransomware attacks - http://www.myce.com/news/security-researchers-release-free-tool-ransomfree-protect-ransomware-81100/

Thank you very much. I've installed it. I don't really want to get the virus to prove this RansomFree works, but I feel better about not getting ransomware now. The worldwide attacks yesterday gave us all something to think about.

[davejavu]

Ask those hospitals in the UK how many admin users they have...it is a ton.

Most UK hospitals are still running XP on large numbers of their PC's. The NHS IT infrastructure is enormous and largely outdated and only slowly being updated.

[devilcoelhodog]

Hi, dear all.

There is a free tool that supposedly works for protecting and cleaning
Ransomware attacks - http://www.myce.com/news/security-researchers-release-free-tool-ransomfree-protect-ransomware-81100/

The tools above is truly effective and from trusted sources? Does anyone use such tool with success?


Do you know more tools that can help / prevent infection from such ramsomware? Or similar ones?


My OS is Windows 7. Do you have any specifical advice concerning about some specific windows update to prevent ramsonware infection?


Thanks.

Best regards.


devil (johner)

[sneaker]

There isn't a specific Windows update against ransomware because ransomware can come in many different ways. Drive-by downloads and other exploits (so you need to have OS and browser and other software up-to-date with latest security fixes) or simply the classic e-mail attachments (anti-virus and common sense). I believe the tool linked works similar to the anti-ransomware detections by softwares like Kasperksy and Malwarebytes: they monitor all processes for write/delete actions on the file system. If they see a process starting to overwrite or delete many files in a short amount of time it is suspected to be such ransomware trying to secretly encrypt your files. These softwares will then pause or kill such processes stopping them from further encrypting files. There is no 100% protection but a combination of up-to-date OS, software (browser + plugins, (exentions like µblock origin and noscropt recommended)), common sense and anti malware solutions can minimize the risk. (Since it's mostly Windows being targeted switching to something like Linux, BSD etc. will further reduce the risk but of course you loose a lot of familiar Windows software compatibility.)

Last but not least: regularly backup all important files externally.

[SameSelf]

Nobody seems to want to state the obvious. Microsoft EOL'ing XP is a form of ransomware....just sayin'

[sambat]

One thing I'm not clear on with the latest horror, is that although I have backups of my system drive I'm not clear whether it does any good inasmauch as my backups are either on another drive internally on the PC or on external drives.
In both cases the drives are allways on-line.
So will this malware simply work through all the drives locking the files?
Does hiding the drive letter do any good?

[JVRaines]

Your backup drive should be dedicated to that purpose and stored in another location when not in use.

[Steve(MS)]

There isn't a specific Windows update against ransomware because ransomware can come in many different ways. Drive-by downloads and other exploits

Last but not least: regularly backup all important files externally.

That last sentence is what is important, updating from microsoft is like switching one spyware for another.
Hate to be like that but look at the record and the spyware called W10.

Yeah, I don't trust microsoft and I am not alone.

Truth be told, don't open emails in which you don't the source and if you do open it, for goodness sake, don't click on any attachments.
This is the most important and only thing one needs to do.

Microsoft makes the problem to start with..with having so many backdoors on their source files.

Hey, I got an idea, I'll pay Microsoft $750.00 to build me an OS with all the backdoors closed.

There is no reason why any MS OS should have a backdoor allowing a script to tell it to encrypt files.

This is microsoft bullshit where they cause all these problems to start with and it costs their customers no telling how much money.
What other company can get away this?

[stiltman]

I put an unpatched (VM) WinXP box in my DMZ and gave it an external IP

It took 15mins to get caught by the ransomware
I did it again and this time it took about 30mins, but instead of wannacry, it got struck by cryptocurrency miner Adylkuzz