{"id":7720,"date":"2017-05-21T18:30:02","date_gmt":"2017-05-22T02:30:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/21\/news-1505\/"},"modified":"2017-05-21T18:30:02","modified_gmt":"2017-05-22T02:30:02","slug":"news-1505","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/05\/21\/news-1505\/","title":{"rendered":"Windows Defender does not defend Windows 7 against WannaCry"},"content":{"rendered":"<p><strong>Credit to Author: Michael Horowitz| Date: Sun, 21 May 2017 17:37:00 -0700<\/strong><\/p>\n<p>Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry\/WannaCrypt <a href=\"https:\/\/twitter.com\/craiu\/status\/865562842149392384\">were running Windows 7<\/a>. Since, once it gets a foothold, the malware can infect an entire network, most of the attention was focused on LAN based attacks. My previous blog was about <a href=\"http:\/\/www.computerworld.com\/article\/3197421\/networking\/the-windows-firewall-is-the-overlooked-defense-against-wannacry-and-adylkuzz.html\">using the Windows firewall<\/a> as a defensive measure.<\/p>\n<p>But any malware can spread in multiple ways so there is always a need for anti-malware software on Windows PCs. The May 12th blog post, <a href=\"https:\/\/blogs.technet.microsoft.com\/msrc\/2017\/05\/12\/customer-guidance-for-wannacrypt-attacks\/\">Customer Guidance for WannaCrypt attacks<\/a>, in which Microsoft announced the release of a bug fix for Windows XP, mentioned that\u00a0<\/p>\n<p>For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32\/WannaCrypt.<\/p>\n<p>Problem is, the term &#8220;Windows Defender&#8221; has two meanings.<\/p>\n<p>When dealing with Windows 8.1 and 10, it refers a program that defends against all types of malicious software. When dealing with Windows 7, it refers to software that <em>only<\/em> protects against spyware. Microsoft offers Windows 7 users companion software, their <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/14210\/security-essentials-download\">Security Essentials<\/a>, for dealing with other types of malware.<\/p>\n<p>So, when Microsoft touts Windows Defender as protecting against WannaCry\/WannaCrypt, how does that apply to Windows 7 users?<\/p>\n<p>Not at all.<\/p>\n<p>Microsoft Security Essentials on Windows 7<\/p>\n<p>Sources close to company tell me that Windows 7 users who want to be protected from WannaCry, need to install <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/18869\/windows-7-security-essentials-product-information\">Microsoft Security Essentials<\/a>. Or, of course, a third party anti-virus program.<\/p>\n<p>If you search for Microsoft Security Essentials with your favorite search engine, you may end up at <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=5201\">this download page<\/a>\u00a0which forces you to chose between an\u00a0amd64 version and an\u00a0x86 version without explaining what the terms mean. You are far better off downloading it <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/14210\/security-essentials-download\">from this page<\/a>, which offers multiple languages and clear choices between 32 and 64 bit. \u00a0<\/p>\n<p>Considering recent events, a <strong>full scan<\/strong> with Security Essentials is probably called for. Expect it to take quite a while.<\/p>\n<p>Microsoft Security Essentials found a Medium level threat\u00a0<\/p>\n<p>I had no experience with MSE on Windows 7, and the first time I ran a full scan with it, there was a false positive (above).\u00a0<\/p>\n<p>I am a big fan of the free, portable software provided by Nir Sofer at <a href=\"http:\/\/nirsoft.net\">nirsoft.net<\/a>. One of his programs, Mailpassview, was detected by Security Essentials as a medium level threat. MSE is not the first anti-malware program to object to software from Mr. Sofer. With other programs, it was a trivial thing to whitelist the Nirsoft software.<\/p>\n<p>Not with Security Essentials.\u00a0Not only was &#8220;Quarantine&#8221; the <em>recommended<\/em> action, it was the <em>only<\/em> action. Security Essentials wasn&#8217;t interested in my opinion at all.<\/p>\n<p>Security Essentials experienced an error during or after quarantining a EXE file<\/p>\n<p>Adding insult to injury, when I did quarantine the program, there was an 80508023 error (above). What does that mean? Use some other anti-malware software.<\/p>\n<p>FEEDBACK<\/p>\n<p>Get in touch with me privately by email at my full name at Gmail. Public comments can be directed to me on twitter at @defensivecomput<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3197674\/cybercrime-hacking\/windows-defender-does-not-defend-windows-7-against-wannacry.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Michael Horowitz| Date: Sun, 21 May 2017 17:37:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry\/WannaCrypt <a href=\"https:\/\/twitter.com\/craiu\/status\/865562842149392384\">were running Windows 7<\/a>. Since, once it gets a foothold, the malware can infect an entire network, most of the attention was focused on LAN based attacks. My previous blog was about <a href=\"http:\/\/www.computerworld.com\/article\/3197421\/networking\/the-windows-firewall-is-the-overlooked-defense-against-wannacry-and-adylkuzz.html\">using the Windows firewall<\/a> as a defensive measure.<\/p>\n<p>But any malware can spread in multiple ways so there is always a need for anti-malware software on Windows PCs. The May 12th blog post, <a href=\"https:\/\/blogs.technet.microsoft.com\/msrc\/2017\/05\/12\/customer-guidance-for-wannacrypt-attacks\/\">Customer Guidance for WannaCrypt attacks<\/a>, in which Microsoft announced the release of a bug fix for Windows XP, mentioned that\u00a0<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3197674\/cybercrime-hacking\/windows-defender-does-not-defend-windows-7-against-wannacry.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10629,11072,11073,714,11079],"class_list":["post-7720","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cyberattacks","tag-cybercrime-hacking","tag-malware-vulnerabilities","tag-security","tag-windows-pcs"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7720","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7720"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7720\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7720"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7720"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}