Clik here to view.
Ransomware has slowly become the most common and most difficult threat posed to companies and individuals alike over the last year.
And there is one common thread to practically all ransomware attacks: Windows.
Microsoft acolytes, supporters and astro-turfers can scream till they are blue in the face, but it is very rare to see ransomware that attacks any other platform.
Of course, these Redmond backers are careful to say that ransomware attacks "computer users", not Windows users.
{loadposition sam08}But statistics tell the truth. In 2015, the average number of infections hitting Windows users was between 23,000 and 35,000, according to Symantec.
In March, this number ballooned to 56,000 with the arrival of the Locky ransomware. And in the first quarter of 2016, US$209 million was paid by Windows users in order to make their locked files accessible again.
Why ransomware is so much a Windows thing that Microsoft even used it as a marketing tool to try and push people to Windows 10, pointing out that Windows 7 users were more prone to getting hit by this form of malware than Windows 10 users!
Ransomware for other platforms was non-existent to the extent that when the first such malware for the Mac was noticed, there was a song and dance over it.
The Mac variant was said to be a variant of an earlier attempt to code up something for Linux. But, even three iterations down the track, the Linux effort was not working as intended. At times, the uneducated indulge in click-bait about ransomware that runs on Linux. Alas, they are unmasked pretty soon.
Windows 7 users are more exposed to #ransomware, says Microsoft #Video #cybersecurity #infosec @ZDNet https://t.co/Hjjjizw8ti pic.twitter.com/M2D3oOZw2e
— Bob Carver (@cybersecboardrm) November 22, 2016
Despite the fact that Windows is the major attack interface, it is impossible to hear anyone in the IT industry recommend getting rid of Windows as a means to keep out ransomware. One can ask till one is blue in the face, but so-called tech experts will do everything but say the obvious.
You would think that if eating a certain type of food caused humans to vomit, the best way to avoid spilling one's innards on the footpath would be to avoid that food. Nope, tech experts will tell you to continue eating that same food and then take an anti-emetic.
There is one reason for this: Windows has spawned a multi-billion-dollar anti-virus industry that does not want to eat its own breakfast. The more Windows threats come along, the better the bottomline for these industries. Why would one try to kill off the goose that lays the golden eggs?
But there are some rare, honest people in the industry who will occasionally spill the beans, rather obliquely. Thirteen years ago, I wrote a 5000-word piece on the Windows update process, after canvassing the opinions of numerous sysadmins.
Among them was Paul Ducklin, at that time an employee of Sophos, and a man who tended to avoid BS. His contribution still stays in my memory.
Wrote Ducklin: "As you know, I'm mostly neutral about Windows and Unix (though I did seriously consider getting the NSW number plate 'BSD', only to find it had been taken by the time I'd decided that paying nearly $400 per year for something without any intrinsic value was only a medium-sized slap in the face to the needy).
"This means I don't have any compelling comments about comparing Windows admin to Unix administration. So why the email?
"Well, I simply want to refer you to a pithy quote from the Second Edition of the seminal work Firewalls and Internet Security by Cheswick, Bellovin and Rubin. See page 255, about half-way down. 'We do not know how to secure [Windows hosts], or even if it is possible'. How I smiled."