Microsoft Releases WannaCry Patch for PCs Running Old Operating Systems
May 14th, 2017I’m responsible for protecting some organizations from stuff like this. Here’s what I do:
#1 If Windows is used, only operating systems currently supported by Microsoft are allowed. Even though I personally don’t use Macs, I encourage companies to use them and welcome those users who do use Macs. If you don’t know anything about computer security, and don’t require the fastest hardware, my advice to you would be to use a Mac. MacOS isn’t bullet proof, but it’s not worth attacking as much as Windows because A) It’s actually a harder target to begin with and B) not many people use it (relative to Windows).
#2 Windows PCs are set to download and install updates automatically.
#3 No non-IT staff have administrative accounts and the minimum number of applications required for the job are installed.
#4 Windows PCs run antivirus scans every 24 hours.
#5 All PCs are behind hardware firewalls running updated firmware. Do not trust Microsoft’s built in firewall and never expose a Windows PC directly to the Internet or DMZ.
#6 Local and offsite backups every 24 hours. I’ve set automated backups to run on the local network AND offsite using crashplan.com every day.
#7 Two factor authentication is forced for all employees using cloud services, i.e. Google Apps (now calling itself G Suite).
Even though I don’t really do much IT work anymore, I’ve noticed that wherever people are using Windows, there are people having problems with Windows. And this has nothing to do with the fact that the U.S. Government is stockpiling cyber weapons based on zero day exploits that it keeps secret—until the “hackers” get a hold of them… *haha* *sigh*
What I describe above would be the minimum defensive posture I’d suggest for a business, or anyone needing to protect their systems and data. This is maybe a 3 or 4 on a scale of 10 in terms of paranoia, yet it’s almost infinitely more secure than most people are running on a day to day basis.
Via: PC World:
Users of old Windows systems can now download a patch to protect them from this week’s massive ransomware attack.
In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8—all of them operating systems for which it no longer provides mainstream support.
Users can download and find more information about the patches in Microsoft’s blog post about Friday’s attack from the WannaCry ransomware.