Wanna Cry and Virtual Machine

[GrandNebSmada]

I was thinking about using a VM with Oracle Virtual Box to run my web browser in for the next little while while this Wanna Cry virus is going around. But since the vulnerability that it takes advantage of is network based, does this mean that it will still infect my PC, as the VM has to run through the NIC of my PC?

[Master Disaster]

1 minute ago, 5Beans6 said:

I was thinking about using a VM with Oracle Virtual Box to run my web browser in for the next little while while this Wanna Cry virus is going around. But since the vulnerability that it takes advantage of is network based, does this mean that it will still infect my PC, as the VM has to run through the NIC of my PC?

Just install the patch and disable SMB V1

[8-Bit Ninja]

2 minutes ago, 5Beans6 said:

I was thinking about using a VM with Oracle Virtual Box to run my web browser in for the next little while while this Wanna Cry virus is going around. But since the vulnerability that it takes advantage of is network based, does this mean that it will still infect my PC, as the VM has to run through the NIC of my PC?

Is your pc up to date and on windows 10? if it is then you have nothing to worry about 

[mrzoltowski]

It's a Windows only ransom-ware, just make sure you have your Host Windows OS patched up to the latest updates, you shouldn't worry.

[NinJake]

Are you using Win xp or windows server 2000? lol

[MercuryRain]

If you're on Windows 10, you're fine most likely fine.  If you're not on Windows 10 but installed the patch, you're fine.  If you're not on Windows 10, not patched, but SMBv1 is disabled, you're probably fine.

 

If you're not on Windows at all and you're in Linux you won't have any problems at all.

[KenjiUmino]

2 minutes ago, 5Beans6 said:

I was thinking about using a VM with Oracle Virtual Box to run my web browser in for the next little while while this Wanna Cry virus is going around. But since the vulnerability that it takes advantage of is network based, does this mean that it will still infect my PC, as the VM has to run through the NIC of my PC?

from my understanding, you don't even need the web browser to get infected as the exploit used is a flaw at the OS level - having internet connection is enough to be at risk if your router firewall somehow screws up

 

but the other thing i read over and over is that you are totally safe as long as your windows is up to date. 

[Master Disaster]

2 minutes ago, CerberusLabrat said:

If you're on Windows 10, you're fine.  If you're not on Windows 10 but installed the patch, you're fine.  If you're not on Windows 10, not patched, but SMBv1 is disabled, you're probably fine.

 

If you're not on Windows at all and you're in Linux you won't have any problems at all.

Incorrect, if you've got the creators update then your fine otherwise there is a separate patch needed to secure Windows 10 just like every other Windows version.

[GrandNebSmada]

Ok thanks everyone! Just wanted to be safe, ya know

[Droidbot]

1 minute ago, Master Disaster said:

Incorrect, if you've got the creators update then your fine otherwise there is a separate patch needed to secure Windows 10 just like every other Windows version.

no, the exploit targets a flaw in SMBv1, which is disabled by default on Windows 10.. 

[MercuryRain]

3 minutes ago, Master Disaster said:

Incorrect, if you've got the creators update then your fine otherwise there is a separate patch needed to secure Windows 10 just like every other Windows version.

Unless you've been screwing around with the settings and enabled SMBv1 for some unholy and unseen reason and disabled updates...

[Master Disaster]

2 minutes ago, Droidbot said:

no, the exploit targets a flaw in SMBv1, which is disabled by default on Windows 10.. 

Oh I'm fully aware of that but the fact remains that Windows 10 pre Creators Update requires a patch to fix the EternalBlue exploit.

 

The person I responded to suggested that having Windows 10 was all you needed to be secured which is incorrect otherwise the patch wouldn't exist.

[Master Disaster]

6 minutes ago, CerberusLabrat said:

Unless you've been screwing around with the settings and enabled SMBv1 for some unholy and unseen reason and disabled updates...

Neither of my parents laptops nor my mums office PC have received the creators updates from WU yet, all are set to receive updates automatically.

[LAwLz]

10 hours ago, Droidbot said:

no, the exploit targets a flaw in SMBv1, which is disabled by default on Windows 10.. 

As far as I know, this is not true. SMBv1 was not disabled on my Windows 10 Pro computer (clean install just a few months ago, not an update) and it is not disabled on the Windows 10 LTSB computer I have sitting next to me.

Both of them had SMBv1 turned on by default.

 

I don't have any clean Windows server install, but I think that SMBv1 is disabled by default on that. That's the server OS though and not the client version.

[Droidbot]

1 hour ago, LAwLz said:

As far as I know, this is not true. SMBv1 was not disabled on my Windows 10 Pro computer (clean install just a few months ago, not an update) and it is not disabled on the Windows 10 LTSB computer I have sitting next to me.

Both of them had SMBv1 turned on by default.

 

I don't have any clean Windows server install, but I think that SMBv1 is disabled by default on that. That's the server OS though and not the client version.

Sorry - I am incorrect. It is not disabled on Windows 10 by default, but the code is built to infect Win7/Win8/.1 and Server 2008R2/2012/R2 and not Windows 10, and doesn't work on Windows 10 at all according to MS. Sauce

 

 

[LAwLz]

20 minutes ago, Droidbot said:

Sorry - I am incorrect. It is not disabled on Windows 10 by default, but the code is built to infect Win7/Win8/.1 and Server 2008R2/2012/R2 and not Windows 10, and doesn't work on Windows 10 at all according to MS. Sauce

Interesting, but knowing Microsoft's history I would not be surprised if that's just a lie to make more people move to Windows 10.

I have a Windows 10 computer that hasn't been updated in over a year. Maybe I should get it infected on purpose and see if it works.

[TheRandomness]

13 hours ago, mrzoltowski said:

It's a Windows only ransom-ware, just make sure you have your Host Windows OS patched up to the latest updates, you shouldn't worry.

If you're running WINE or anything similar on Linux distros, you can get it there too. 

[mrzoltowski]

1 minute ago, TheRandomness said:

If you're running WINE or anything similar on Linux distros, you can get it there too. 

If you tarnish Linux with anything windows related youre asking for trouble

[TheRandomness]

1 minute ago, mrzoltowski said:

If you tarnish Linux with anything windows related youre asking for trouble

How else would you run most games that aren't Linux-compatible without dual-booting windows?

[mrzoltowski]

1 minute ago, TheRandomness said:

How else would you run most games that aren't Linux-compatible without dual-booting windows?

I was just kidding  

 

Although i would have thought Linux users are much more security concious/aware and have certain user maturity. Therefore would have the latest patches of everything.

[Droidbot]

5 minutes ago, mrzoltowski said:

I was just kidding  

 

Although i would have thought Linux users are much more security concious/aware and have certain user maturity. Therefore would have the latest patches of everything.

tell that to my school, where we have a public facing web server still running Ubuntu 10.04 

[mrzoltowski]

4 minutes ago, Droidbot said:

tell that to my school, where we have a public facing web server still running Ubuntu 10.04 

Yeah public sector organisations tend to have strange IT departments. The NHS in England runs Windows XP

[NZLaurence]

The patch doesn't stop you getting infected if you get tricked into running the virus from an email or something.

The windows patch just stops you computer being infected automatically by another infected computer on the same LAN.

Remember guys, protection and be careful sticking any unknown programs into your computer.

[Sniperfox47]

5 hours ago, TheRandomness said:

If you're running WINE or anything similar on Linux distros, you can get it there too. 

WINE doesn't use Windows SMB modules, even if you're using Windows DLLs, so you can't get infected with Wannacry via WINE. The only way to infect a computer via WINE would be to manually download and run the worms payload, and even then I'm not sure if it would actually work.

[TheRandomness]

Just now, Sniperfox47 said:

WINE doesn't use Windows SMB modules, even if you're using Windows DLLs so you can't get infected with Wannacry via WINE. The only way to infect a computer via WINE would be to manually download and run the worms payload, and even then I'm not sure if it would actually work.

Well, TPCSC on youtube did exactly that, and they did explain how it could run with programs/things like WINE installed.