In the face of spreading ransomware attacks on Windows machines worldwide, one would expect Microsoft, the cause for all this mess, to stand up, issue a public statement of contrition and put its troops on a war-footing to help ease a problem caused by its software.
The reality could not be more different. Microsoft is invisible, unless a specific journalistic outlet asks for its reaction. Its stock response is that a patch was issued for the vulnerability that is being exploited.
Unbeliebvle! Largest hack in history? https://t.co/LNEbelGbCh?amp=1 #ransomware pic.twitter.com/gTcNV2taXP
— Fares Ahdab, MD (@fares_alahdab) May 12, 2017
Of course, the company does not also offer the perspective that patching is a damn expensive and time-consuming business for companies of the size that are being attacked.
Patching may be a hit-and-miss affair for Joe Public's home computer, which probably is already filled to the brim with malware, scumware, adware and worms, those delights that Windows users enjoy.
{loadposition sam08}But for a network the size of Britain's National Health Service it is not so simple. Each big company has its own software operating environment and its IT staff have to ensure that nothing will crash and burn when a patch is applied. Every scenario has to be contemplated and studied before patching, else the whole system may crash.
Airport Display #ransomware pic.twitter.com/2R7LElwkKK
— FJ Newman (@fj_newman) May 12, 2017
Lets' remember one thing: the ransomware and exploits are just the effects. The vulnerabilities in Windows are the cause.
The answer to all this is simple: those vulnerabilities should not be there in the first place. But Microsoft, in its rush to add features to already complicated systems which it is clearly unable to manage — else would I be writing this on a weekend? — refuses to acknowledge that the problem begins and ends in Redmond.
Had Microsoft co-founder Bill Gates decided to keep his operating system off the Internet and simply catered to standalone users, then this mess would not exist. But Gates was always less interested in providing secure software and more interested in milking every dollar, kopek, rouble, lira, rupee and dirham from pockets worldwide.
Wow, even in my building lobby! #WannaCry #ransomware pic.twitter.com/ilPqHBmiB5
— Andrew Tinits (@amtinits) May 12, 2017
There are some who blame the NSA for finding out exploits and then keeping quiet about them. It requires a massive amount of chutzpah for people to expect the NSA to act in the public interest when Microsoft gets a free pass to do whatever is in its own interests.
The Australian Broadcasting Corporation's Steve Cannane reported from London this morning that patients were being sent from hospital to hospital because staff at one institution could not access their details to treat them.
If one of these patients dies, will Microsoft be culpable? No, you can be sure that the company has insulated itself by making the terms of the licence under which Windows is used bulletproof. Rather than pour money into hiring the best software engineers, the company hires the best lawyers.
In the latest iteration of Windows, 10, Microsoft has reportedly implemented measures for greater security, including sandboxing. But because the company refuses to move to the new systems that provide better security, and still caters to all the old apps that use the Win32 API, the miserable security milieu still exists.
Top 10 countries with the most #cyberattacks via #ransomware. #cybersecurity #cyberthreats @MikeQuindazzi #infosec pic.twitter.com/4nq8lGbC9P
— Evan Kirstel (@evankirstel) May 3, 2017
Of course, Microsoft can argue that it cannot break compatibility for millions of users. But who created this situation? Why, nobody other than Microsoft. It was done to hook people and get them to use Windows. The company cannot, thus, duck responsibility for sorting out the mess.
It is high time that governments called out the head honchos at Microsoft for this mess. But as long as one hears organisations like the BBC describing the current mess as one where "computers are being attacked' and not correctly as one where "Windows computers are being attacked", the situation will never be remedied. People think computers are at fault when the reality could not be more different.
There needs to be pressure on Microsoft from governments, the public and security professionals alike if things are to get better. But then when did such a scenario ever eventuate? The unicorns and Father Christmas will arrive sooner.