Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Sunday, 14 May 2017 19:08

Ransomware: Microsoft can no longer claim to be 'proactive' Featured

By

Microsoft's reaction to the Windows ransomware crisis that occurred on Friday and Saturday has shown one thing: no longer can the company continue to use the business buzzword "proactive" when it talks about itself. It was caught unawares and left looking very old and tired in the way it responded to the situation.

When the Shadow Brokers group dumped a number of NSA exploits on 14 April, after having tried for a while to get people to buy them, it should have been clear to those who head the Microsoft Security Response Centre that it was only a matter of time before some attacker would use these exploits to attack vulnerable systems.

The probability was all the more, given that attacks these days are driven mostly by a desire to make money. Not just to get up someone's nose.

It has also been clear to all those who are in any way part of the tech community — those who have not been living under a rock, that is — that there are millions of Windows machines out there that are out of support and vulnerable to these exploits.

As iTWire reported back in February, 150 million PCs were running Windows XP at that time, a version for which support has long expired.

Turtle.

Microsoft issued patches to guard against these exploits in March, a month before the Shadow Brokers dumped the lot. (The company has kept mum as to how it became aware of the dumped exploits. Was it told by the NSA? Did it pay the Shadow Brokers?)

But, given its parsimonious nature, something that has often left it with egg on its face in the past, Microsoft only issued patches for Windows versions that are currently supported.

It did not think ahead and contemplate the possibility that a situation similar to Code Red could eventuate again, with attackers having a field day on older Windows systems. No, it was caught on the back foot and had to pull up its socks and react fast. 

Had it not been for an accidental act by a British researcher, we would be looking at Code Red Mark II now.

Now, the company that has been force-feeding Windows to all and sundry is acting as though it is the good guy. "Seeing businesses and individuals affected by cyber attacks, such as the ones reported today, was painful," wrote Phillip Misner, principal security group manager at the MSRC.

When the Shadow Brokers dumped the exploits, what was Misner doing? The analogy that comes to mind is that of Nero fiddling while Rome burned.

And thus, when the fat was well and truly in the fire, Microsoft found itself forced to issue patches for Windows XP, Windows 8, and Windows Server 2003. Of course, lest you forget, this was done in the public interest!

This is not the first time that attacks on Windows systems have triggered mass panic. Dave Aitel of Immunity, a security professional who often calls things as he sees them, put it well in a tweet: "Windows didn't get more secure in the last two decades, the hackers just got nicer."

A number of security companies wrote in to iTWire, seeking to capitalise on the situation and plug their own names and wares. These companies are part of the problem: they should be calling out Microsoft for its pathetic attitude to security, which this time put the lives of patients in Britain at risk.

But you won't find any of these security experts saying a thing. After all, why would they bite the biggest hand that feeds them? If Windows disappeared overnight, many of these companies would be left without lunch money.

The cynicism that has been on display in the last 36-odd hours is disgusting.

Read 5612 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments