Home Open Sauce Ransomware mess: high time for Microsoft to act

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Ransomware mess: high time for Microsoft to act

In the face of spreading ransomware attacks on Windows machines worldwide, one would expect Microsoft, the cause for all this mess, to stand up, issue a public statement of contrition and put its troops on a war-footing to help ease a problem caused by its software.

The reality could not be more different. Microsoft is invisible, unless a specific journalistic outlet asks for its reaction. Its stock response is that a patch was issued for the vulnerability that is being exploited.

Of course, the company does not also offer the perspective that patching is a damn expensive and time-consuming business for companies of the size that are being attacked.

Patching may be a hit-and-miss affair for Joe Public's home computer, which probably is already filled to the brim with malware, scumware, adware and worms, those delights that Windows users enjoy.

But for a network the size of Britain's National Health Service it is not so simple. Each big company has its own software operating environment and its IT staff have to ensure that nothing will crash and burn when a patch is applied. Every scenario has to be contemplated and studied before patching, else the whole system may crash.

Lets' remember one thing: the ransomware and exploits are just the effects. The vulnerabilities in Windows are the cause.

The answer to all this is simple: those vulnerabilities should not be there in the first place. But Microsoft, in its rush to add features to already complicated systems which it is clearly unable to manage — else would I be writing this on a weekend? — refuses to acknowledge that the problem begins and ends in Redmond.

Had Microsoft co-founder Bill Gates decided to keep his operating system off the Internet and simply catered to standalone users, then this mess would not exist. But Gates was always less interested in providing secure software and more interested in milking every dollar, kopek, rouble, lira, rupee and dirham from pockets worldwide.

There are some who blame the NSA for finding out exploits and then keeping quiet about them. It requires a massive amount of chutzpah for people to expect the NSA to act in the public interest when Microsoft gets a free pass to do whatever is in its own interests.

The Australian Broadcasting Corporation's Steve Cannane reported from London this morning that patients were being sent from hospital to hospital because staff at one institution could not access their details to treat them.

If one of these patients dies, will Microsoft be culpable? No, you can be sure that the company has insulated itself by making the terms of the licence under which Windows is used bulletproof. Rather than pour money into hiring the best software engineers, the company hires the best lawyers.

In the latest iteration of Windows, 10, Microsoft has reportedly implemented measures for greater security, including sandboxing. But because the company refuses to move to the new systems that provide better security, and still caters to all the old apps that use the Win32 API, the miserable security milieu still exists.

Of course, Microsoft can argue that it cannot break compatibility for millions of users. But who created this situation? Why, nobody other than Microsoft. It was done to hook people and get them to use Windows. The company cannot, thus, duck responsibility for sorting out the mess.

It is high time that governments called out the head honchos at Microsoft for this mess. But as long as one hears organisations like the BBC describing the current mess as one where "computers are being attacked' and not correctly as one where "Windows computers are being attacked", the situation will never be remedied. People think computers are at fault when the reality could not be more different.

There needs to be pressure on Microsoft from governments, the public and security professionals alike if things are to get better. But then when did such a scenario ever eventuate? The unicorns and Father Christmas will arrive sooner.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News