www. O S N E W S .com
News Features Interviews
BlogContact Editorials
.
Hit by WannaCry? No one to blame but yourself
By Thom Holwerda on 2017-05-15 16:18:18

Friday saw the largest global ransomware attack in internet history, and the world did not handle it well. We're only beginning to calculate the damage inflicted by the WannaCry program - in both dollars and lives lost from hospital downtime - but at the same time, we're also calculating blame.

There's a long list of parties responsible, including the criminals, the NSA, and the victims themselves - but the most controversial has been Microsoft itself. The attack exploited a Windows networking protocol to spread within networks, and while Microsoft released a patch nearly two months ago, it’s become painfully clear that patch didn’t reach all users. Microsoft was following the best practices for security and still left hundreds of thousands of computers vulnerable, with dire consequences. Was it good enough?

If you're still running Windows XP today and you do not pay for Microsoft's extended support, the blame for this whole thing rests solely on your shoulders - whether that be an individual still running a Windows XP production machine at home, the IT manager of a company cutting costs, or the Conservative British government purposefully underfunding the NHS with the end goal of having it collapse in on itself because they think the American healthcare model is something to aspire to.

You can pay Microsoft for support, upgrade to a secure version of Windows, or switch to a supported Linux distribution. If any one of those mean you have to fix, upgrade, or rewrite your internal software - well, deal with it, that's an investment you have to make that is part of running your business in a responsible, long-term manner. Let this attack be a lesson.

Nobody bats an eye at the idea of taking maintenance costs into account when you plan on buying a car. Tyres, oil, cleaning, scheduled check-ups, malfunctions - they're all accepted yearly expenses we all take into consideration when we visit the car dealer for either a new or a used car.

Computers are no different - they're not perfect magic boxes that never need any maintenance. Like cars, they must be cared for, maintained, upgraded, and fixed. Sometimes, such expenses are low - an oil change, new windscreen wiper rubbers. Sometimes, they are pretty expensive, such as a full tyre change and wheel alignment. And yes, after a number of years, it will be time to replace that car with a different one because the yearly maintenance costs are too high.

Computers are no different.

So no, Microsoft is not to blame for this attack. They patched this security issue two months ago, and had you been running Windows 7 (later versions were not affected) with automatic updates (as you damn well should) you would've been completely safe. Everyone else still on Windows XP without paying for extended support, or even worse, people who turn automatic updates off who was affected by this attack?

I shed no tears for you. It's your own fault.

 Email a friend - Printer friendly - Related stories
.
Read Comments: 1-10 -- 11-20 -- 21-30 -- 31-40 -- 41-50 -- 51-60 -- 61-70 -- 71-80 -- 81-90 -- 91-100 -- 101-109
.
RE: Buying a piece of kit
By dionicio on 2017-05-17 16:30:52
Agree on The Unavoidable need of VERY Long Term Kernel and OS cycles for critical systems. [Those OS use to be Real Time].

Hardened systems link exclusively through protocols [Or Unlink-able at all]. So the Open/Close shouldn't be a heavy issue here, as far as protocols fully open and market supported.

On support of closed -or preferentially IP protected code: Too many medical equipment OEM vendors confronting market realities, plausible only buying, rather than on-house developing the supporting IT frame.

Makes certification a lot easier also, because Software Houses build interacting confidence with Certifying Authorities. Remembering QNX, just as an example. [Is stupid to leave all that accumulated expertise just to browse a TV set].

I prefer fully open stacks, also. As long as not having to fight with Certifying Authorities.

Edited 2017-05-17 16:31 UTC
Permalink - Score: 2
.
RE: Everything is broken
By dionicio on 2017-05-17 16:51:28
[%])There. You'll feel better :-)
Permalink - Score: 2
.
RE: Everything is broken
By dionicio on 2017-05-17 16:53:13
Will chat about Firm and Hard ware Security, latter ;-)

Edited 2017-05-17 16:54 UTC
Permalink - Score: 2
.
RE: I completely disagree!
By dionicio on 2017-05-17 17:14:47
" Charities who can't afford to update computers and software are to blame? "

From Windows10 and S upwards your updating is free. As long as genuine activated copy, and your computer doesn't drop dead.

Ask Microsoft for licenses. Who knows?

If dismissed, "vayan por la libre" go Linux. All the tools are there. Except the fancy, the shiny and the commodities. It's an spartan environment, but once you get used to, you won't want to do critical work, out of it.
Permalink - Score: 3
.
RE: I completely disagree!
By dionicio on 2017-05-17 17:28:30
"Most people just want to live a happy life without being worried about having all their precious memories encrypted and extorted for money they don't have."

Activated or not, genuine or not, You should teach your loved ones how to make Optical backups. Recommending you DVD-RW disk-at-once. That goes to Linux-ers also.

Been reading OSnews for years and can assure little evil here. Windows the most used desktop OS, world at large and no way We could consider every situation. You're right there. Sorry about lexicon, I'm so easily tempted to use it, also.
Permalink - Score: 2
.
RE: If your car had a fault, the manufacturer would fix
By fmaxwell on 2017-05-17 20:48:28
> Bottom line software companies, for too long, have been getting away with the idea that any flaws ( no matter how serious ) in the product it sells you - is something the consumer has to simply accept with no redress. Perhaps it needs to be brough more in line with other industries.

That's precisely what they have been avoiding by not selling software. Instead, they sell you a license to use their software and then disclaim any responsibilities for error-free operation, security, suitability for any purpose, etc. If they sold you software, then it would be a product that was subject to all of the same FTC regulations that govern any product.

Software engineers (I used to be one) are quick to proclaim it unfair to require that they produce a reliable, secure product because 'software is so complicated.' I look at it the other way: Software is so complicated because they aren't required to make it reliable and secure. Windows is a bloated, incomprehensible mess (at the source level) precisely because Microsoft is not legally liable for the chaos that results in a case like this. Instead, they reap rewards as companies scramble to update from old versions of Windows to new ones, paying Microsoft for the updates.
Permalink - Score: 2
.
RE[2]: I completely disagree!
By dionicio on 2017-05-17 21:08:12
The Real REAL tragedy here is that WannaCry has showed Us AGAIN that Sensitive Data is out-there, sitting duck to Financial And Insurance Entities, Criminal Organizations and even repressive factions within States.
Permalink - Score: 2
.
RE[2]: If your car had a fault, the manufacturer would fix
By Alfman on 2017-05-17 21:33:39
fmaxwell,

> Software engineers (I used to be one) are quick to proclaim it unfair to require that they produce a reliable, secure product because 'software is so complicated.' I look at it the other way: Software is so complicated because they aren't required to make it reliable and secure. Windows is a bloated, incomprehensible mess (at the source level) precisely because Microsoft is not legally liable for the chaos that results in a case like this. Instead, they reap rewards as companies scramble to update from old versions of Windows to new ones, paying Microsoft for the updates.

I'd point out that many software developers know more than anybody how broken things are. In many cases if you dig further there's a very good chance developers did bring up the issues before the product reached market. However management creates an environment that isn't conducive to building secure code with unrealistic timelines that omit testing and security auditing and just allocating insufficient resources. The incentives from the top of the company down the chain are to do the minimum amount of work possible.

Meanwhile the CEO is telling customers how important the company takes security, blah blah blah, but it's rarely actually true. If consumers feel they are becoming the beta testers, it is in fact because that's exactly what they've become.
Permalink - Score: 3
.
It's not Microsoft's fault
By lfnuke2 on 2017-05-18 04:19:56
It's not Microsoft's fault that their system is so insecure, and people are afraid to allow updates because it makes the computer reboot, stop all your work and wait for the update to finish...
Microsoft is perfect... Users are to blame for this situation...

Edited 2017-05-18 04:20 UTC
Permalink - Score: 2
.
What about Labour?
By markcres on 2017-05-18 11:19:26
I know it is trendy amongst beard-strokers to attack the "evil Tories", but what the hell did Labour do between 2006 and 2010 when WinXP had been superseded by Vista and Win7? They didn't think it was important to upgrade NHS systems.
Permalink - Score: 0

Read Comments 1-10 -- 11-20 -- 21-30 -- 31-40 -- 41-50 -- 51-60 -- 61-70 -- 71-80 -- 81-90 -- 91-100 -- 101-109

No new comments are allowed for stories older than 10 days.
This story is now archived.

.
News Features Interviews
BlogContact Editorials
.
WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?