
Windows 7, not XP, was the reason WCry spread so widely - daenney
https://arstechnica.com/security/2017/05/windows-7-not-xp-was-the-reason-last-weeks-wcry-worm-spread-so-widely/
======
userbinator
In case it's not clear, "7" and "7 home" are the 32-bit versions. It took me
rather longer than necessary to figure that out.

 _Instead, it now appears, the leading contributor to the virally spreading
infection were Windows 7 machines that hadn 't installed a critical security
patch Microsoft issued in March_

I'd guess a lot of those who don't install updates on 7 were greatly turned
off by the aggressive Windows 10 upgrade promotions and other unwanted
features Microsoft were trying to sneak by as security-related. Those still on
XP didn't have to worry about that either.

I remember a memorable analogy about the nature of Windows updates: "they
aren't just like vaccinations --- there's also a large chance of making you
grow an extra 3 ears, lose one eye, and turn your skin bright green."

If only Microsoft had two "update channels", one for features and the other
for security-only fixes...

~~~
powercf
On my Windows 10 install, Windows Update uses 100% of one core to do whatever
it's doing. Once it starts, it seems to spin away indefinitely. Some searching
shows that it's not just me that's affected by this. I've also noticed high
resource usage from Windows Update on a family-member's laptop (Windows 7 I
think). I can understand people disabling Windows Update for performance
reasons. It seems to be very buggy and offers few visible improvements to the
user. Compare with "apt-get upgrade", which seems to use very few resources,
provides visibility on what it's doing and usually takes less than a few
minutes to complete.

~~~
jorvi
But apt-get can get in pretty bad (almost unrecoverable) states concerning
dependencies. The only OS that has updates down to perfection is macOS, sadly.

~~~
BerislavLopac
"The only OS that has updates down to perfection is macOS, sadly."

Even if that was true, it is valid only for system packages. Updating any
other application means one of the three things:

    
    
        1. Manual updates (and don't get me started on uninstalling).
        2. Brew (which can be a hell of it's own kind).
        3. Apple Store (a.k.e. the walled garden).
    

I'll rather stick with apt, thank you very much.

~~~
jorvi
1\. What? Almost every app uses Sparkle for seamless updates. And macOS has
been lauded for a long time as having the simplest install and uninstall
process. Drag into /Applications = installed, drag to trashcan = uninstalled.
Snaps/Flatpaks will finally bring that to Linux

2\. Again, what? Brew is dead-simple. `brew install whatever` and `brew remove
whatever` work like butter.

3\. Triple what. Sandboxed apps that cleanly update, with a gatekeeper that
makes sure no trash comes through? _And_ I can manually sideload stuff if I
absolutely need to? Hell yes.

I have a pretty strong feeling you're a Linux elitist, probably running Arch.
All the stuff you point out about macOS is plain wrong, and you'd know within
a day of using.

~~~
BerislavLopac
And I have a pretty strong feeling that you are a Mac fanboi, jumping to a
conclusion despite hints against it, simply because someone criticised your
religi^H^H^H operating system of choice. ;-)

1\. Oh yes, Mac has the easiest installation process. Deinstallation, not so
much -- yes, you can draw your app to trashcan, but that leaves bunch of data
files, configurations (depending on the app) etc on the disk. That is the
reason for existence of a number of uninstallation utilities like AppCleaner
or AppDelete (my tool of choice). And while Sparkle is useful, it is a third-
party effort and not aprt of the OS.

2\. Oh yes, brew is simple, there is no doubt about that. Except when a
package becomes corrupted (e.g. while upgrading, or when there are missing
dependencies, or when you accidentally install the same thing in two different
ways), in which case it becomes a nightmare to untangle.

3\. Oh yes, the gatekeeper is very useful -- unless you disagree with it about
what represents "trash". And honestly, my strong belief is that Apple is going
to restrict the other ways to install apps in favour of the Apple Store,
moving towards a "desktop iOS"; which is perfectly fine if you just want to
use certain apps, but isn't if you're a software developer building anything
other than MacOS or iOS apps.

Edit: Just to clarify, I am giving my own opinion and pain points which have
been turning me away from the Mac for quite a long time (and it's only getting
worse). It is not my intention to force my opinion to anyone else or to
pronounce Mac the worst and Linux (or anything else) the best choice. It's
simply the case that each OS has it's own realities, and some are better fit
for some purposes, and others for others.

------
eps
> Based on a sample that had Kaspersky installed

Something tells me that people that still run XP aren't exactly the Kaspersky
clientelle, so the sample is severely biased. Unless Kaspersky pro-rated the
infection rates to accommodate for that, but it doesn't sound like they did.

~~~
crowbahr
I mean Win 10 and XP both have relatively similar install bases of around 10%
of installed windows instances. So of course 7 spread it more... It's more
commonly installed.

------
rythie
Microsoft has recommended turning off SMB1 support in the past:
[https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-...](https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-
using-smb1/) \- though perhaps not prominently enough.

However, you might be able turn off SMB1 support is if you still have machines
with Windows XP or 2003. This is a similar situation to SSLv3 when POODLE was
discovered, in that the difficulty of getting rid of old protocols, is that of
getting rid of the last ones (Though I realise WCry exploits an implementation
bug).

~~~
chrisper
Why is it enabled by default then? If you need such an old legacy thing,
shouldn't it be the other way around? Like that you need to enable it if you
need it rather than disable it if you don't.

~~~
rincebrain
I would suspect because they initially shipped with it enabled in 7, and
changing that default during the product's lifetime, even with the loudest
notification they could muster, would break people.

~~~
chrisper
Yes, but it is also enabled on Windows 10 by default.

------
JeffCyr
I had to update a Windows 7 laptop recently and the process was far from easy,
the update process hang at 100% cpu for hours and I had to manually install
the monthly update rollout, average people won't do that and just disable the
updates.

~~~
photon-torpedo
Exactly. I've seen this problem on Windows 7 as far back as 2012. Any machine
that is not constantly receiving updates will run into this issue sooner or
later. On weaker machines, the update process will actually eat all the
machine's memory and likely never finish. Also, the manual update which fixes
this problem changes every few months. At this point I feel that Microsoft
just wants to discourage people from using Windows 7.

~~~
Pica_soO
Yeah, that dead horse called "New OS-Software every five years" still has some
miles to go, before acceptance sets in- that buisness customers prefer
stability over shiny any day and Infrastructure now sells as a service.

------
Pica_soO
This is a nice example of blame shifting to either the consumers or the
programmers..

Blame for the whole "deactivated" Updates affair should be upon the CEOs and
marketing guys who tried to shanghai-shovel consumers and customercompanys
Win10.

Yes, they might have saved microsoft in the short turn burning consumer trust,
but if that consumer trust is part of the world wide infrastructure- they
should be called liable for burning this resource.

------
NuDinNou
It's the most used Windows OS, so no surprise there.

~~~
nthcolumn
The worm reused the meterpreter code which didn't target XP at all. For some
reason some people are having are hard time dealing with this:
[https://news.ycombinator.com/item?id=14377799](https://news.ycombinator.com/item?id=14377799)
and I am beginning to wonder why. Any insights?

~~~
AdmiralAsshat
Well for one thing, people seem to really enjoy victim blaming. It's much
easier to say, 'The people who got infected have only themselves to blame,
they were using an old an unsupported OS!' rather than to accept that maybe
it's not necessarily anyone's direct fault if their computer got infected.

~~~
cwyers
It was patched for 7 months before WCry started to spread. So it's not "The
people who got infected have only themselves to blame, they were using an old
an unsupported OS!" it's "The people who got infected have only themselves to
blame, they were using an old and extended support OS and turning off Windows
Update!"

------
kalleboo
> according to a blog post published by AV provider Malwarebytes, it spread
> through a mechanism that scanned the Internet for computers with open Server
> Message Block ports

I'm still amazed so many PCs are directly online, and not trapped behind NAT
or at least a firewall. Does this mean that the NHS, etc had DMZed machines on
their LAN?

edit: Shodan shows over 1 million machines with SMB open

