Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Wednesday, 20 March 2019 11:39

Microsoft should clean up its security mess before any PR stunts

Microsoft should clean up its security mess before any PR stunts Image by pixel2013 from Pixabay

Satya Nadella has been the chief executive of Microsoft for more than five years but how many times has he uttered the word "ransomware" when waxing eloquent about the company he heads?

It is the height of irony that on a day when Microsoft is trumpeting its release of a cyber security service in Australia to protect against election interference, one of the bigger aluminium companies in the world, Norsk Hydro, has been taken apart by an attack of Windows ransomware known as LockerGoga.

If Microsoft Australia and New Zealand External and Legal Affairs corporate director Tom Daemen, who announced the release of the security service in Australia today, made a visit to Norway right now, he would be greeted with eggs, not flowers.

No matter what the technology industry says, there is one common threat to practically all ransomware attacks: Windows.

So why doesn't the ever-polite Nadella talk about this threat and try to address it, instead of avoiding any mention and going on about Azure, and Linux ad infinitum?

Despite Windows being, by a massive margin, the major attack interface, few in the tech industry will recommend getting rid of Windows to keep out ransomware. One can ask till one is blue in the face, but so-called tech experts will do everything but say the obvious.

You would think that if eating a certain type of food caused humans to vomit, the best way to avoid spilling one's innards on the footpath would be to avoid that food. Nope, tech experts will tell you to continue eating that same food and then take an anti-emetic.

There is one reason for this: Windows has spawned a multi-billion-dollar anti-virus industry that does not want to eat its own breakfast. The more Windows threats come along, the better the bottomline for these industries. Why would one try to kill off the goose that lays the golden eggs?

Microsoft is unwilling to deal with its security issues to the extent that it refuses to do even the most basic thing: insist that anyone starting out with a fresh install of Windows create a user account first, and then an admin account.

This has been recommended on more than occasion, with the security firm Avecto at pains to point out year after year that removing administrator rights would mitigate 80% of the critical vulnerabilities found in Microsoft products.

In 2019, when people are talking about advances in technology, the majority of the world uses an operating system that still resembles Swiss cheese.

The advice that one should keep patching and updating in order to stay safe while using Windows is of no use. It is terribly expensive and time-consuming for a big organisation to update, especially given that something like a few gigabytes of updates are released by Microsoft on the second Tuesday of each month.

Microsoft has no credibility when it comes to security. Rather than indulging in PR exercises like its release of the so-called AccountGuard today, it should first clean up the mess it has created all these years.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments