Home Open Sauce Ransomware mess: high time for Microsoft to act

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

In the face of spreading ransomware attacks on Windows machines worldwide, one would expect Microsoft, the cause for all this mess, to stand up, issue a public statement of contrition and put its troops on a war-footing to help ease a problem caused by its software.

The reality could not be more different. Microsoft is invisible, unless a specific journalistic outlet asks for its reaction. Its stock response is that a patch was issued for the vulnerability that is being exploited.

Of course, the company does not also offer the perspective that patching is a damn expensive and time-consuming business for companies of the size that are being attacked.

Patching may be a hit-and-miss affair for Joe Public's home computer, which probably is already filled to the brim with malware, scumware, adware and worms, those delights that Windows users enjoy.

But for a network the size of Britain's National Health Service it is not so simple. Each big company has its own software operating environment and its IT staff have to ensure that nothing will crash and burn when a patch is applied. Every scenario has to be contemplated and studied before patching, else the whole system may crash.

Lets' remember one thing: the ransomware and exploits are just the effects. The vulnerabilities in Windows are the cause.

The answer to all this is simple: those vulnerabilities should not be there in the first place. But Microsoft, in its rush to add features to already complicated systems which it is clearly unable to manage — else would I be writing this on a weekend? — refuses to acknowledge that the problem begins and ends in Redmond.

Had Microsoft co-founder Bill Gates decided to keep his operating system off the Internet and simply catered to standalone users, then this mess would not exist. But Gates was always less interested in providing secure software and more interested in milking every dollar, kopek, rouble, lira, rupee and dirham from pockets worldwide.

There are some who blame the NSA for finding out exploits and then keeping quiet about them. It requires a massive amount of chutzpah for people to expect the NSA to act in the public interest when Microsoft gets a free pass to do whatever is in its own interests.

The Australian Broadcasting Corporation's Steve Cannane reported from London this morning that patients were being sent from hospital to hospital because staff at one institution could not access their details to treat them.

If one of these patients dies, will Microsoft be culpable? No, you can be sure that the company has insulated itself by making the terms of the licence under which Windows is used bulletproof. Rather than pour money into hiring the best software engineers, the company hires the best lawyers.

In the latest iteration of Windows, 10, Microsoft has reportedly implemented measures for greater security, including sandboxing. But because the company refuses to move to the new systems that provide better security, and still caters to all the old apps that use the Win32 API, the miserable security milieu still exists.

Of course, Microsoft can argue that it cannot break compatibility for millions of users. But who created this situation? Why, nobody other than Microsoft. It was done to hook people and get them to use Windows. The company cannot, thus, duck responsibility for sorting out the mess.

It is high time that governments called out the head honchos at Microsoft for this mess. But as long as one hears organisations like the BBC describing the current mess as one where "computers are being attacked' and not correctly as one where "Windows computers are being attacked", the situation will never be remedied. People think computers are at fault when the reality could not be more different.

There needs to be pressure on Microsoft from governments, the public and security professionals alike if things are to get better. But then when did such a scenario ever eventuate? The unicorns and Father Christmas will arrive sooner.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

 

 

 

Connect

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities