macbookwindows100722907orig
Security

How to avoid the WannaCrypt virus if you run Windows on a Mac

WannaCrypt may be exclusively a problem for Windows users, but the worm/virus combination could hit a Mac user with a Boot Camp partition or Windows virtual machines in VMware Fusion, Parallels, or other software. If you fit that bill and haven’t booted your Windows system since mid-March or you didn’t receive or install Microsoft’s vital security update (MS17-010) released at that time, read on.

It’s critical that you don’t start up a Windows XP or later installation that’s unpatched and let it connect to the Internet unless you’re absolutely sure you have the SMB file-sharing service disabled or firewall or network-monitoring software installed that will block any attempt from an outside connection.

Also, if you use Windows XP or a few later releases of Windows that are past Microsoft’s end of support since mid-March, you wouldn’t have received the security updates that Microsoft was reserving only for corporate subscribers until last Friday. At that point, they made these updates generally available. If you booted any of those systems between mid-March and Friday, you’re unprotected as well.

If your Mac is on a network that uses NAT and DHCP to provide private IP addresses, which is most home networks and most small-office ones, and your router isn’t set up to connect the SMB file service from outside the local private network to your computer (whether Boot Camp or a VM), then the WannaCrypt worm can only attack your system from other computers on the same network. If they’re already patched or there are no other Windows instances of any kind, you can boot up the system, disable SMBv1, and apply the patches.

If you don’t want to take that chance or you have a system that can be reached from the greater Internet directly through whatever method (a routable IP or router port mapping to your Mac), you should disable networking on your computer before restarting into Boot Camp or launching a VM. This is easy with ethernet, but if you’re using Wi-Fi for your Windows instance, you need to unplug your network from the Internet.

After booting, disable SMBv1. This prevents the worm from reaching your computer, no matter where it is. Microsoft offers instructions for Windows 7 and later at this support note. If you have a Windows XP system, the process requires directly editing the registry, and you will want to install firewall software to prevent incoming connections to SMB (port 445) before proceeding. The firewall approach is a good additional method for any Windows instance.

Once you’ve either disabled SMBv1 or have a firewall in place, you can enable network access and install all the patches required for your release, including MS17-010.

In some cases, you no longer need SMBv1, already known to be problematic, and can leave it disabled. If for legacy reasons you have to re-enable it, make sure you have both networking monitoring and firewall software (separately or a single app) that prevents unwanted and unexpected SMB access.

IDG Insider

PREVIOUS ARTICLE

« Dodocool DC30 7-in-1 USB-C Hub review: Affordable hub with passthrough power alongside three USB Type-A ports

NEXT ARTICLE

10.5in iPad Pro rumours: price, release date and features »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech

Poll

Do you think your smartphone is making you a workaholic?