Windows 10 S and Ransomware

I’ve made no bones about my skepticism about Windows 10 S. It seems to fall into the uncanny valley between a locked down mobile OS versus the full power and vulnerability of regular old Windows. But Microsoft thinks the benefits to performance and security outweigh the loss of its enormous legacy software ecosystem.

Performance may be a boon for the stripped down OS, but security is a lot harder to guarantee. Zack Whittaker decided to test one of Microsoft’s claims that “no known ransomware” will run on Windows 10 S.

In the end, the OS didn’t prove to be as impervious as Microsoft claims. Security researchers using a borderline ironic attack vector were able to get access to a shell with administrator privileges.

It wasn’t an easy exploit, or one that would be simple to automate in the wild, but the end result is that ransomware can get on Windows 10 S. There’s a lot more to the exploit, so make sure to checkout the ZDNet article.

Zack Whittaker writes:

Last week on its debut day, we got our hands on a brand new Surface Laptop, the first device of its kind to run Windows 10 S. We booted it up , went through the setup process, created an offline account, and installed a slew of outstanding security patches — like any other ordinary user would (hopefully) do.

And that’s when we asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system?

Read More

About the author

Rich Stroffolino

Rich has been a tech enthusiast since he first used the speech simulator on a Magnavox Odyssey². Current areas of interest include ZFS, the false hopes of memristors, and the oral history of Transmeta.

Leave a Comment