Linked by Thom Holwerda on Mon 15th May 2017 16:18 UTC

Friday saw the largest global ransomware attack in internet history, and the world did not handle it well. We're only beginning to calculate the damage inflicted by the WannaCry program - in both dollars and lives lost from hospital downtime - but at the same time, we're also calculating blame.

There's a long list of parties responsible, including the criminals, the NSA, and the victims themselves - but the most controversial has been Microsoft itself. The attack exploited a Windows networking protocol to spread within networks, and while Microsoft released a patch nearly two months ago, it’s become painfully clear that patch didn’t reach all users. Microsoft was following the best practices for security and still left hundreds of thousands of computers vulnerable, with dire consequences. Was it good enough?

If you're still running Windows XP today and you do not pay for Microsoft's extended support, the blame for this whole thing rests solely on your shoulders - whether that be an individual still running a Windows XP production machine at home, the IT manager of a company cutting costs, or the Conservative British government purposefully underfunding the NHS with the end goal of having it collapse in on itself because they think the American healthcare model is something to aspire to.

You can pay Microsoft for support, upgrade to a secure version of Windows, or switch to a supported Linux distribution. If any one of those mean you have to fix, upgrade, or rewrite your internal software - well, deal with it, that's an investment you have to make that is part of running your business in a responsible, long-term manner. Let this attack be a lesson.

Nobody bats an eye at the idea of taking maintenance costs into account when you plan on buying a car. Tyres, oil, cleaning, scheduled check-ups, malfunctions - they're all accepted yearly expenses we all take into consideration when we visit the car dealer for either a new or a used car.

Computers are no different - they're not perfect magic boxes that never need any maintenance. Like cars, they must be cared for, maintained, upgraded, and fixed. Sometimes, such expenses are low - an oil change, new windscreen wiper rubbers. Sometimes, they are pretty expensive, such as a full tyre change and wheel alignment. And yes, after a number of years, it will be time to replace that car with a different one because the yearly maintenance costs are too high.

Computers are no different.

So no, Microsoft is not to blame for this attack. They patched this security issue two months ago, and had you been running Windows 7 (later versions were not affected) with automatic updates (as you damn well should) you would've been completely safe. Everyone else still on Windows XP without paying for extended support, or even worse, people who turn automatic updates off who was affected by this attack?

I shed no tears for you. It's your own fault.

Thread beginning with comment 644257
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:

You are kneejerking without reading the actual article.

No I am not.

I didn't blame the NHS (or its hospitals and workers), but the government that funds it.

I know you aren't. The situation was created by the previous Government by the access to health program that was poorly implemented. Lots of IT investment, no real plan.

I used to work in this environment, as a 2nd/3rd tier support tech back in 2007-2009, supporting one of these applications.

What I think you are doing is massively over simplifying the situation. The NHS is split into Trusts, these all work differently and get funded differently based on size and lots of other factors. Then referrals can be transferred to private clinics / hospitals etc.

These all have bespoke systems you can't just upgrade stuff. It has to go through a proper change management process and this can take years.

Even things like printers having the margins a bit wrong on the windows settings can be problem when printing patient notes to hang on the end of the bed (I forget the proper term now).

Is it really Microsoft's fault if the British government underfunds its healthcare service?

No. I never said it was. I think the problem exists because the previous labour government didn't have any proper plan for IT and just stuck money into it.

Again - I don't think you actually read the aricle, but just immediately got defensive.

I wasn't being defensive. That wasn't my intention. I just don't think you understand that it is really nobody's fault. I've worked in one of these IT suppliers and everyone was stressed out trying between support / development and deployment.

I did not say anyone was lazy - just that yes, if you choose not to fund your IT department adequately, then yes, YOU are to blame for an inadequately funded IT department, and the resulting consequences. In the case of companies, that's the manager allocating funds - and in the case of the NHS, it's the government.

It not a problem that can just be solved by chucking money at it.

I don't think you really understood what I was getting at. You are massively over simplifying the situation. The reason why these systems aren't updated as often is due to a multitude of reasons. Some of these I highlighted in my original post. Sometimes there is noway to update them.

Reply Parent Score: 2

Bill Shooter of Bul Member since:

Throwing money at the problem definitely would help. I'm certain there are several IT solution providers in the US that would love to work on solving the issues. Not cheaply, though.

The custom medical equipment does have a new version that is supported by windows. They always do. Its just a question of weather or not the upgrade is in the budget.

I do kind of wish it had hit the US a little just so we could see which Hospitals are keeping up and which are not. In reality there should be stress tests of Hospital IT outages, aside from the ones that the Hospital IT already causes on a semi regular basis.

Reply Parent Score: 2

daedalus Member since:

Not necessarily. The companies that supply custom equipment like this also have long development cycles due to certification by the relevant bodies that means they plan for, say, a ten year cycle, and the machine doesn't change in that time. I worked for a company making such equipment, and our brand spanking new system was shipping with Vista in 2012, purely because development started in 2006 and Vista was seen as the future. Switching to Windows 7 would have delayed the product to market by a year or two - something the company simply wouldn't accept. So even shelling out €200,000 to replace the three machines you might find in a typical hospital lab wouldn't have gotten you an up-to-date OS.

I believe those machines have since been updated to 7 - right about the time 10 came out.

Reply Parent Score: 2

dionicio Member since:

Hospitals, Schools, should be built with caducity integrated, up to manpower. New ones always cheaper on maintenance.

Those wanting to extend age of retirement -well, the'll need to 'update' :-) Maybe some will prefer a career change. [recommending organic gardening]. Or go through PAID nursery school again. So easy for the true lovers of that discipline.

Just Trying to take the light side. Code wise, wasn't so grave, if well extended.

[Rosseta Mission Teams were 'reassigned' afterwards, just as example].


Reply Parent Score: 2

dionicio Member since:

[Even Microsoft Get This -LOW PERFORMANCE- issue. On Going back to the Home Button]. On a now general policy of STABILIZING. Who could have bet on a Linux console?

Reply Parent Score: 2

dionicio Member since:

Hey! Teacher's Board: Needing a Generation XII. Still one available? Or, Are We the last? ;-)

Reply Parent Score: 2

dionicio Member since:

The Eternally Transmuting is a Valid Pattern of Life, but an extremely expensive one. And That is Main Issue, right now and decades into the future.

Reply Parent Score: 2