Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 11 October 2019 12:01

Windows ransomware: when will people in charge ever learn?

Windows ransomware: when will people in charge ever learn? Image by Katie White from Pixabay

Nine days ago, the Victorian Government announced that it would be providing $200,000 for a program to help Microsoft train more people in the use of its software. It came, ironically, just a day after regional Victorian hospitals were hit by ransomware – something that, by far, only attacks Microsoft's Windows operating system.

Exactly why people in power continue to advance the use of mediocre software, which leads to increasing insecurity, not to mention the loss of vital data and the endangering of lives, is beyond me. When hospitals are attacked, then lives are indeed in danger.

Before I continue let me say that one can write ransomware for other operating systems too – macOS, Linux, Android, iOS and the BSDs. But they are of no use to an attacker unless one can gain administrator status on a machine.

In the case of Windows, there are numerous components, which are part of the operating system and which cannot be removed, that are vulnerable. It is probably the main reason why nobody in authority at Microsoft ever mentions the word Windows these days.

Why, the company has even ditched its own operating system when it comes to mobile phones – next year, Microsoft will be releasing a phone that runs Android. This is the ultimate condemnation of Windows, something like a man disowning his own child.

True to form, the Victorian authorities have said nothing further about the ransomware attack; Australia is a country where the government is loath to disclose any details about anything at all that it fears would be embarrassing.

Of course, there is plenty of money in the public purse to hire expensive consultants who will bill the Victorian Government tens of thousands a day to fix the problem. Victoria is always willing to dole out taxpayers' money – the most recent handouts went to the politicians themselves, with the Premier, Daniel Andrews, increasing his salary by more than $45,000.

At the end of it all, we will be told that things are back to normal. Local media will keep the focus on the Melbourne Cup and any other distraction. It has worked for decades.

This is the first time that a ransomware attack in Australia has been openly disclosed. But there are probably a good number more that are not disclosed. In the US, the first nine months of the year saw 621 ransomware attacks. In September, one private hospital, Wood Ranch Medical in California, had to shutter its doors after it was hit.

We have yet to hear even a word from Microsoft about these attacks. Doubtless, the end-user licence that accompanies Windows would have been bolstered in recent years to prevent any legal problems.

And, true to the adage that a sucker is born every minute, clueless officials will continue to invite Microsoft to participate in more and more programs and entrench its mediocre software even more in the infrastructure of the country.

When the question of insecure Microsoft software is raised, there are plenty of pundits who come out of the woodwork and advise people to update their systems. But nobody says a word about the cost of updating software at even a medium-sized business.

This is what a well-known security expert, Dave Aitel of Immunity, told me many years ago: "Patching is terribly expensive. You have to test and test to ensure that your applications all work after the patch. And then deploying a patch in a medium-sized firm will cost many hundreds of thousands. How many companies are prepared — or even have — this kind of money to spend on deploying a patch?"

Defenders of Microsoft — and the security industry loves products from Redmond for their businesses would be unable to rake in money at the rate they do were it not for the poor-quality products from the company — say that Windows is under attack only because it has such wide usage.

But, pray, what about Android then? It has nearly double the number of users that Windows has. One is yet to hear of any ransomware for Android.

No, the arguments for continuing to use Windows do not hold water. It is high time for businesses to seriously look at alternatives.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments