Is Windows 10 ransomware proof?

[Dave Russo]

Anyone know if this claim by Microsoft is true?

 

[Deleted member 65228]

I think you're talking about Windows 10 S? To keep it short, you can still be hit with a ransomware infection whilst using Windows 10 S.

 

[shmu26]

Anyone know if this claim by Microsoft is true?

The coming version of Windows will allow you to set "protected" folders, so that the contents of those folders can only be modified by approved applications. Yes, this is a step toward ransomware protection, but I would be surprised if Microsoft claims that it is total protection, because that claim would be false.

 

[Anker_by]

Any kind ransomware can bypass Windows defender and firewall, it's my opinion is better system, better code improvements.

 

[tim one]

Generally speaking it does not exist a Windows version totally immune to ransomware attacks.
I say this also to not create false senses of security.

 

[Local Host]

The closest I found was Microsoft stating Windows 10 is the most secure Windows ever (which is, compared to previous versions), if you're talking Windows 10 S then it cannot run applications outside the Windows Store so the typical ransomware won't work on it at all.

Not to mention UWP runs in sandbox, so yes, Windows 10 S is more than secure against ransomware

 

[SHvFl]

The coming version of Windows will allow you to set "protected" folders, so that the contents of those folders can only be modified by approved applications. Yes, this is a step toward ransomware protection, but I would be surprised if Microsoft claims that it is total protection, because that claim would be false.

It's beyond flawed. I need to have WD on for it to work.

 

[Lightning_Brian]

I can definitively say (without a doubt) that Windows 10 is not 'ransomware proof'. The OS is a little more locked down compared to previous Windows OS, but this is to not say that it is completely ransomware proof. I hate to burst your bubble, but this is true. I would challenge any statement that says that Windows 10 is ransomware proof. I have done extensive testing with Windows 10 in VMs and I can say that ransomware can and will infect Windows 10 systems. While the OS is 'more secure' ransomware is ever developing and solutions to keep ransomware in check is needed.

With this being said, I would highly recommend everyone to get backup software such as Aomei Backupper and or Macrium Reflect to back up their computers. Please never pay the 'ransome' for your computer, because this only encourages further development and further attacks. Furthermore, please store backups on external drives that are not connected to your network in any way, shape or form. Also please keep more than one backup of your system with a different solution. You never know if one solution doesn't work right - this way you can fall back to plan B. I'd recommend the use of an external hard drive to store your backup. Sometimes, if the backup isn't that large you can store it onto a flash drive and back this up to an external hard drive. In either case, please make sure it is not located on your network. I had one person have an external hard drive connected to his network and the ransomware was so sophisticated enough that too was compromised. Keep in mind about your NAS too!

This is just my insight. Stay safe and please do not believe Windows 10 is ransomware proof.

Sincerely,

Lightning_Brian

 

[Deleted member 65228]

if you're talking Windows 10 S then it cannot run applications outside the Windows Store so the typical ransomware won't work on it at all

Read: Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it | ZDNet

According to that article, a malicious macro for Microsoft Office software which uses reflective DLL loading should do the trick. Of course, the user would have to enable the macro depending on the circumstances but many people become infected via this nowadays on standard versions of Windows anyway.

I cannot say if it really works or not since I've never tested it, but I doubt it is not truthful. It makes perfect sense for it to work.

 

[shmu26]

Read: Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it | ZDNet

According to that article, a malicious macro for Microsoft Office software which uses reflective DLL loading should do the trick. Of course, the user would have to enable the macro depending on the circumstances but many people become infected via this nowadays on standard versions of Windows anyway.

I cannot say if it really works or not since I've never tested it, but I doubt it is not truthful. It makes perfect sense for it to work.

Well, it does sound like MS closed off a lot of attack vectors, a lot more than I thought. You can't run an .exe, and you can't run a script. All you can do is try to get a naive user to allow a malicious macro in an MS Office application. That's pretty limited.

 

[509322]

Anyone know if this claim by Microsoft is true?

If the user adheres to a specific set of behaviors, "Yes."

Technically, against all vectors, "No."

This is the general nature of marketing claims.

 

[Deleted member 65228]

All you can do is try to get a naive user to allow a malicious macro in an MS Office application. That's pretty limited.

Yes, and the naive users are typically the ones who are successfully infected. As an example, if an inexperienced person is capable of downloading an attachment from an untrusted sender and running it without thinking twice, I am sure they will allow the macro - add some social engineering for the cherry on top and the likelihood of a successful infection is even higher.

It doesn't even matter if a macro is required. If they are willing to download a normal Win32 executable and run it (leading to infection), what makes you think they won't open the document and allow the macro?

 

[509322]

Yes, and the naive users are typically the ones who are successfully infected.

The realm of the naïve is all about us. It includes everybody from all walks of life - including Admins with years of solid experience.

I am sure they will allow the macro - add some social engineering for the cherry on top and the likelihood of a successful infection is even higher.

It doesn't even matter if a macro is required. If they are willing to download a normal Win32 executable and run it (leading to infection), what makes you think they won't open the document and allow the macro?

More and more commercial users are disabling all macros by default - or only allowing audited digitally signed macros. In other words, remove the macro attack vector from the naïve users' hands.

It is far, far easier for a home user to protect their system using default-deny than an enterprise. And the home user can make their system far more secure with a little bit of effort.

To almost a complete extent, those that want great security don't complain about the usability of default-deny and heavily restricted user access\privileges.

There's a lot of reasons that Microsoft includes software restriction policy protections in their enterprise products for decades by this point.

It just takes a bit of effort and patience to explain and teach the naïve.

The bottom line is that simply installing security softs never has been and never will be enough.

 

[shmu26]

Anyways, this Windows10S is not going to be relevant to most users, because you can't install normal 3rd party software