I’ve made no bones about my skepticism about Windows 10 S. It seems to fall into the uncanny valley between a locked down mobile OS versus the full power and vulnerability of regular old Windows. But Microsoft thinks the benefits to performance and security outweigh the loss of its enormous legacy software ecosystem.
Performance may be a boon for the stripped down OS, but security is a lot harder to guarantee. Zack Whittaker decided to test one of Microsoft’s claims that “no known ransomware” will run on Windows 10 S.
In the end, the OS didn’t prove to be as impervious as Microsoft claims. Security researchers using a borderline ironic attack vector were able to get access to a shell with administrator privileges.
It wasn’t an easy exploit, or one that would be simple to automate in the wild, but the end result is that ransomware can get on Windows 10 S. There’s a lot more to the exploit, so make sure to checkout the ZDNet article.
Zack Whittaker writes:
Last week on its debut day, we got our hands on a brand new Surface Laptop, the first device of its kind to run Windows 10 S. We booted it up , went through the setup process, created an offline account, and installed a slew of outstanding security patches — like any other ordinary user would (hopefully) do.
And that’s when we asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system?
- Gestalt IT Rundown – November 22, 2017 - November 22, 2017
- The Gestalt IT Holiday Gift Guide 2017 - November 22, 2017
- All Storage Should Scale-Out – The On-Premise IT Roundtable - November 21, 2017
- Congruity360 Opens a Historic Data Center - November 20, 2017
- SNIA Hops on DePop, MoSMB, and Technical Debt in Gestalt Storage News 17.5 - November 20, 2017
- Russ White – IT Origins - November 16, 2017
- The Great Congruity360 Data Migration - November 15, 2017
- Gestalt IT Rundown – November 15, 2017 - November 15, 2017
- Gestalt Cloud News 17.8 - November 14, 2017
- A Conversation with Congruity360 COO Mark Shirman - November 9, 2017