Many firms hit by global cyber-attacks

Discussion in 'malware problems & news' started by clubhouse1, Jun 27, 2017.

  1. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Well he sometimes seem to miss these conversations.:(
     
  2. plat1098

    plat1098 Guest

  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    LOL it is Sunday so he is doing other things or on another forum Plat. I am for some reason sitting here fighting off fruit flies and don't know where they came from.
    They are fast little buggers.
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Today is your turn. I had my own battle with those microscopic nuisances yesterday.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  6. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    I don't know why everyone is waiting for me. I am not a Windows fanboy, I just defend anyone who is being falsely accused and unfortunately, biased Microsoft bashers just love to bash anything Microsoft - whether it is based on truth, or not.

    The fact is, W10 is not perfect and until Man can create perfection 100% of the time, it never will be - especially with 30+ million lines of code. So to criticize something that complex for not being perfect is just unreasonable, at best.

    The inaccurate statement above that got my attention was this,
    That is just false on both points. The foundation is not faulty and for sure, it is getting stronger all the time and not collapsing.

    Some may say Windows Vista but I say starting with W7, the Windows foundation has been very steady and it continues to get better. W8 was actually a great OS, it was just rejected by the majority due to ill-conceived and misguided policies :mad: and arrogant perceptions :rolleyes: at Microsoft where they just assumed everyone would love and accept having a totally new UI shoved down our throats. :(

    W10 is by far, the most stable and secure Windows platform yet - WITH CURRENT HARDWARE designed for W10. To suggest the foundation is collapsing just shows, itman, I am sorry to say, that you don't have an understanding of the current situation! I mean come on! Using two links from 2010 to justify your claims? :rolleyes:

    Windows Update works great for the vast majority of users. I am responsible for quite a few computers and WU has failed to break even one of them. Worse case required nothing more than a reboot fix any issues.

    Since W7, Windows security has greatly improved and continues to improve along with Windows Defender. The proof you ask?

    The number of malware is on the decline. Yes, it is getting more sophisticated but it relies on the user being "click-happy" and letting the bad guy in. There is nothing Microsoft or any security solution can do if the user opens the door and lets the bad guy in.

    Even the number of Ransomeware encouters are declining despite the fact it is getting more sophisticated and the appearance it is growing due to widespread media coverage. The truth is, if users had kept their computers updated, Wannacry and the more recent attack would have been marginalized because Microsoft had already pushed out patches.

    These declines are exactly why badguys are concentrating more and more to create an increase of malware for Linux and MacOS based systems. Those systems and users have been complacent.

    Go ahead and bash Windows where due and I will support and even stand behind you on that. But don't bring up 7 year old reports from when W7 was still in its infancy and pretend it still applies to W10 today. That's just being as misleading and silly as those in the IT press seeking attention for themselves with exaggerated or even false headlines. :(

    Again, such breakages really are rare. The problem is, they get amplified to extremes with exaggerated coverage by the IT Press that goes viral making the problem seem much worse than it is.

    I don't know of any corporation IT manager that "chooses to ignore security risks". The problem is, they need to distribute updates on their time. And in 24/7 operations, any download (even for scheduled reboots) has to be coordinated to minimize costs and cuts in productivity, and disruption to their customers. This is exponentially more complicated with companies located in multiple regions of the globe.

    Another problem is many companies use proprietary software that may, or may not comply with industry and Windows standards. So extensive testing must be done first.

    As a former IT manager at 24/7 organizations with multi-regional, I can assure you it was not the IT departments that delayed essential security updates.

    But still, if you look at the recent ransomeware attacks, they most often worked because some employee clicked on a link in an email. That is not Microsoft's fault. That's an in-house training and education problem.
    Hack proof? Another unrealistic expectation. Just as no bank vault or art museum is burglar proof, no OS is hack proof. But don't forget, a bad guy must get past all the layers of security first before even reaching the OS.

    Two-factor authentication is great but I have found most users think it is very inconvenient and too time consuming. I sure do. I don't carry my cell phone wherever I go. I have worked places where cell phones are not even allowed. And there are many reasons Why Biometrics Won't Replace Passwords Anytime Soon.

    Let's put the blame where it is due - on the bad guys. And then vote for your representative who is willing to support providing the necessary resources ($$$) to law enforcement. If they could just enforce the existing laws (forget about new laws) we would be much better off.
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    :thumb: Rebuttal of the first order.
     
  8. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    The rebuttal doesn't matter. I am just stating field observations - and that is that enterprises disable Windows Update permanently as a matter of routine. Whether some do it based on reality or something else doesn't matter. All that matters is that they do it. The fact is that a lot of them do it for a whole range of reasons - some good, others irrational, and still others from the realm of fantasy land.

    Get into medium and small businesses and generally IT security of any kind is atrocious.

    And, yes, Windows is garbage.
     
    Last edited: Jul 10, 2017
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I posted the link since it is still unfortunately for the most part is still accurate. The only thing that has changed is Microsoft has decided "to cash in" itself on the third party security vendor revenue stream by offering its own "enhanced" extra cost security mechanisms to protect against Windows security vulnerabilities. As such, there is absolutely no economic incentive for Microsoft to really improve Windows security protection. However, there is something far more "potentially ugly" about this development that is currently unfolding. It is not by "coincidence" that third party security vendors are having increasing issues with each Windows upgrade release. Best way to eliminate your security completion is to "booby trap" the OS so that only your paid "enhanced" security solutions work trouble free with it. Really can't think of a better example of "the fox guarding the hen house."

    Each passing day, I am utterly amazed at the ludicrousness of the current situation. The best analogy I can think of is a car manufacturer that sells an automobile that can breakdown at any time. Rather than correct the defect, he offers an extra cost solution that can fix the problem. He also mentions in passing that there are other third party solutions but they won't be as effective as his since they are not "privy" to the internal workings of the car. Would any rational consumer stand for this nonsense? At the minimum, they would never buy that manufacturer's product again. The problem is that this option is not available to Window's desktop users for all practical purposes. This is because Microsoft which is the personification of a "robber baron" of old has a virtual monopoly on the desktop OS market. So if folks want to change this pitiful current situation, start writing your legislators, gov. officials, etc. about anti-trust proceedings. That effort alone will most certainly get Microsoft's attention about fixing Windows ongoing and never ending security issues.

    I stated my opinion which still stands. You stated yours.
     
    Last edited: Jul 10, 2017
  10. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Really ? Then you must be living on another planet, because security audits are routinely atrocious. Plus how do you think enterprise systems are routinely hacked ? I know IT managers that routinely look the other way because they are told to do so by their employers - because they complain about it to me. Anyone who does that is making an overt choice to follow their employer's directive. Paycheck over ethics.

    It doesn't matter if it is due to a lack of budget, staff or whatever. There is always some kind of excuse - of which it is mostly management not willing to spend the money.

    Enterprise and governments seem to do everything except "keep their IT security high-and-tight."
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    :D

    On this who possibly could disagree. The facts speak for themselves and I for one am highly teed off over the OPM breach.

    The data on that level could have and should have been better protected. Steam Rising :mad:
     
    Last edited: Jul 10, 2017
  12. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Bill Bright.
    You can try to pretty this up but the facts remain. When hackers exploit a bug in some obscure dll that causes a buffer overflow you could say that was just an accidental coding error.
    When a corporation the size of Microsoft with the resources they have connects vulnerable services to the internet in every version of Windows all the way back to Windows 95, that is no accident. At best you could dress it up to call it gross negligence but no one accidently writes code to connect a service that is designed for use in a closed network to the internet and then accidentally hides that connection behind svchost and then accidentally prevents that service from being disabled and also accidently codes it to bypass the built in firewall then everyone in the entire Microsoft corporation accidentally forgets, over an entire decade and several version changes, to examine what amounts to a handful of processes that connect to the internet to check if they really should have internet connectivity or not and if they do, are they safe to do so.
    For too many years they have played this cat and mouse game with the public, backed up by corporate sock puppets like yourself who use the internet and the media to convince the public that Microsoft try their best but they are just a bunch of bumbling idiots that keep making the same silly mistakes just like the rest of us silly people.
    Well let me remind you and everyone else, Microsoft does not hire idiots, Microsoft has the resources to hire the cream of the crop, university math grads, some of the most intelligent people in the world and to believe these things happen by accident is to believe the average user with a little bit of security savvy, knows better than all of them and the entire Microsoft Corporation put together.
    Ludicrous.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Boy will I ever love to read what response rises out of this one.

    It is so spot on, on every level and in every respect and no surprise Microsoft got their lunch handed to them on a silver platter IMO.
     
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Uffda EASTER, calm down. Nothing a good whiskey and water won't cure.

    I will agree with the old Windows for small business scenario. The company I worked for before retiring last year was still using Windows XP. With all user given Admin.Everybody had internet access. I was the only one using Windows 7. The manager got hit by e-mail with Powerlic. The company had Norton endpoint and it kept seeing the infection and said it was cleaned but always came back. I took it upon my self to run Eset's removal tool. Not even Malwarbytes could deal with it at the time. Before I left everybody was upgraded to Windows 7 and no XP systems were allowed internet access. The reason they still used XP was they still needed to use XP programs to repair their products. Reload software. The new IT people they hired after being hit with Powerlics installed the free version of Malwarbytes and that was it. What a joke. This was a POS company that repairs and sells POS products which is way behind when it comes to security. Good thing they have not been targeted with Ransomware yet. I am pretty sure tax accounting and medical software are in the same boat. Most of the medical companies use their own software and I dated a woman a few years ago that was still coding her companies health care software in Cobalt.
     
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I have to admit, I got off on the wrong foot with Bill just because I didn't like his avatar lol. I have since developed a respect for the guy.
    after I looked at the link in his signature. Appears he started using computers 4 years before me but got into electronics way before me. I didn't get into electronics till the bust in the early 80's. 82 people started the class and only 39 of us graduated and out of that 39, 22 went to work for the FBI.
    Anyway here is the link to his bio. https://mvp.microsoft.com/en-us/PublicProfile/4000549?fullName=Bill Bright
     
  16. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Does Appguard make a version for Linux?
    And what OS do you use? And do you even use Appguard?
     
  17. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK


    And yet you make a living developing software for windows..Is appguard 100% affective..
     
  18. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    No, and it is unlikely that there will ever be a version for Linux.

    Windows

    Yes
     
  19. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    An entire industry exists to fix the multitude of Windows problems.

    There's a lot of developers and professionals within the IT industry that don't think very highly of Windows. People are entitled to their opinions and there is no moral, ethical or other dilemma in posting those opinions.

    If Windows is so great, then run it without any 3rd-party security soft installed.
     
    Last edited: Jul 10, 2017
  20. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    I do use security software and use common sense in using the web...However I don't subscribe to the security paranoia of many here, I use the web for entertainment and news and I don't break out in a sweat when I click on links.
     
  21. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    It's good to see someone who is not paranoid.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Too harsh anymore now. Made it safely through that period intact during the teenage years. Started early ended early. Something about working in industrial manufacturing that drives that urge. LoL But could probably still tip a shot or two at a nice club.

    And man alive. I haven't seen mentioned Cobalt programming language since 1978 and that's no joke. It was also somewhat foreign to me at the time anyway.

    No it just rubs me raw that the government dept. in charge of records of nearly all agencies hung a lot of people out to dry on the OPM ordeal. Notice how it's swept under the rug now? But that is subject for another discussion, and a good one too but probably wouldn't make such a good fit in this format.

    What does fit and nicely so is the many global firms (as titled) hit by this latest spread. I had no ideal Windows 7 was that big globally but then when I transformed over to Windows 8 I also had no ideal that even some regional banks and businesses locally were still using XP at the time either.

    FWIW there was no way you could possibly miss that awful unmistakable default (stop/error) audio emanating from it when you walked into a business or store. Ouch
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes, I agree.
    And with Windows 10 they make their users a beta testers for new features and 'improvements'. I wonder if all mitigations they are employing could cover up their lack of security and quality control .
     
  24. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Last edited: Jul 11, 2017
  25. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    I never said otherwise. In fact, I stated the most common reason enterprises disable WU, it is so they can do it on their time, after testing to make sure it does not interrupt operations or cause problems with their custom/proprietary software.
    Oh come on! You cherry pick some "obscure" (your word, I might add) example to justify your claim? :( A drunk may run a stop sign, clip 2 parked cars and run through 6 yards before hitting your front door. I guess you better use your back door from now on! :rolleyes:
    One sentence? :eek: :argh: I'll say it again. 30 million lines of code (and that's a conservative estimate!). And if all that blather were true, isn't it amazing NOT ONE of all the legitimate security firms, 1000s of super smart hackers - many backed by organized crime, nor the Russian and Chinese governments could not find these vulnerabilities in all that time? They actively spend endless hours and countless $millions reverse engineering Windows just to look for such vulnerabilities and still, they couldn't find yours during that decade?

    But who does RockLobster blame? Microsoft, of course.
    And again, I will defend their right to post those opinions, as long as they are based on fact and not falsehoods and biases.
    I do. Windows Defender and Windows Firewall work just fine. How do I know? Because supplemental scans with Malwarebytes has NEVER found anything but a couple "wanted" PUPs.
    I always find it revealing when people try to defend their weak positions by attacking others with puerile personal insults. Would a "sock puppet" for Microsoft say the following?
    Are you listening to yourself talk? I don't make excuses for the many misguided marketing and policy decisions at Microsoft, but are you seriously going to accuse the "cream of the crop" (your words) developers for intentionally inserting into and knowingly leaving malicious code in Windows? Your delusional, clearly blinded by biased hatred.

    Get out your tinfoil hats folks! It's a conspiracy, I tell you. Microsoft, Linux, and Apple are all in it too. They have all INTENTIONALLY inserted vulnerabilities and/or malicious code in their operating systems to get you!

    Linux under fire: Malware reports detail growing threats
    SANS Institute: An Introduction to Linux-based malware
    Linux Malware on the Rise: A Look at Recent Threats
    New MacOS Malware - Attacks up 744% in 2016
    25,000 UNIX Servers Hijacked by Backdoor Trojan

    Oh, I'm sorry. I know what happened now. Microsoft hired up all the "cream of the crop", "university math grads", and "the most intelligent people in the world". So clearly, the second-rate UNIX/Linux and MacOS developers are just clueless clowns. :rolleyes: So of course, it is all Microsoft's fault, again. :( Darn that cream of the crop.

    I'm done here. I recommend this thread be closed.
     
    Last edited: Jul 11, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.