Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 02 April 2020 09:13

Microsoft possesses one attribute in spades: chutzpah

Microsoft possesses one attribute in spades: chutzpah Image by Katie White from Pixabay

As a company, Microsoft may lack many attributes; it may be behind the curve on many things and may not be cool as some other tech firms. But in one aspect, the Redmond behemoth outdoes the rest in spades: chutzpah.

Else, one cannot account for the brazen manner in which the company, which is the root cause of ransomware, tries to project itself as some kind of saviour acting to protect businesses against this very form of malware.

The American Heritage Dictionary has the following definitions for chutzpah:

  • n. Utter nerve; effrontery.
  • n. Nearly arrogant courage; utter audacity, effrontery or impudence; supreme self-confidence; exaggerated self-opinion;
  • n. (Yiddish) unbelievable gall; insolence; audacity.

Every one of those definitions fits very well with what Microsoft does when it comes to ransomware.

On 1 April, otherwise known as April Fools day, Microsoft published a long post titled "Microsoft works with healthcare organisations to protect from popular ransomware during COVID-19 crisis: Here’s what to do." This is the equivalent of someone saying that they are cleaning up the steps in front of your house because they have defecated there – and acting as if cleaning it up is some kind of virtuous act.

This post was published on the right day – I am still wondering if it is a spoof. The post is full of the same kind of motherhood statements that Microsoft has been spouting since it was established in 1975: meaningless pap. But is that the only reason why the company gets away with this deception?

Hardly. If the fact that ransomware is exclusively a Windows problem is raised with companies in the security space, their uniform response is to say that this is because Windows is used on nine out of 10 business PCs (the same figure applies to machines used at home). Windows has a little more than a billion users worldwide.

Never mentioned is the fact that it may not be prudent to speak ill of a company that has considerable clout in the tech space and one from which all these security firms derive plenty of income.

But ask any of these security outfits why Google's Android mobile operating system — which has more than double the number of users as Windows — does not have any ransomware issue, and people will immediately start talking about the weather. Or their children. Or politics. Or any other subject.

Technology journalists are also to blame because apart from a very select few, any malware attack is never listed as an attack on Windows – which is what it is. Of course, scribes who speak truth to power will not get any freebies from Microsoft. No trips to Redmond, no invitations to security conferences, no wining and dining.

Microsoft, itself, makes a tidy little pile from ransomware attacks so it has little incentive to try and improve its software – though doing so with a curiously complicated system like Windows would indeed be a monumental task.

When the company wrote a glowing blog post in December last year about the way the Norwegian company Norsk Hydro tackled an attack by the LockerGoga ransomware, and what it (Microsoft) had done to assist, iTWire verified from the Norwegians that Microsoft had been paid for whatever assistance it rendered.

One can certainly write ransomware for other operating systems – macOS, Linux, Android, iOS and the BSDs. But they are of no use to an attacker unless one can gain administrator status on a machine. And therein lies the difference.

In the case of Windows, there are numerous components, which are part of the operating system and which cannot be removed, that are vulnerable.

To that many security people will offer one remedy: patching. That is another furphy. Here's what one seasoned security pro, an ex-NSA hand, Dave Aitel, told me many years ago: ""Patching is terribly expensive. You have to test and test to ensure that your applications all work after the patch. And then deploying a patch in a medium-sized firm will cost many hundreds of thousands. How many companies are prepared — or even have — this kind of money to spend on deploying a patch?"

Microsoft has even ditched its own operating system when it comes to mobile phones – this year, the company plans to release a phone that runs Android. This is the ultimate condemnation of Windows, something like a man disowning his own child.

Giving up Windows is something that few people will countenance because it is a difficult process. (I know, I went through it nearly 20 years ago). Like those who continue smoking until the doctor diagnoses that they have cancer, people will continue to stick to Windows until the inevitable ransomware attack takes place. And then they will start looking for remedies.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments