Keep saying that to yourself.
3 Likes
That’s sort of true, but not nearly as true as one might like it to be. The Chinese government doesn’t have control of bitcoin only because so far, it doesn’t want it.
2 Likes
Personally I think the bigger issue is Microsoft completely dropping support for a version of Windows that at the time a good proportion of the world’s computers were running. It cost them dearly too, lots of businesses will no longer use Windows for exactly that reason, including the entire Chinese government. It’s just not worth it to have to upgrade computers every few years simply because a vendor is only building their products for a few years. And now they’ve warned that Win7 is going the same way soon.
And furthermore outbreaks like this are extremely bad for their reputation, and it would be in their best interest to keep releasing patches for old versions if only to prevent ridiculous things like this from happening.
But to their credit they released a patch for XP for this particular vulnerability:
1 Like
That’s a myth. MacOS is built on BSD, which as the expression goes was built “by the paranoid for the paranoid”. It takes security extremely seriously. Windows on the other hand still does mind bogglingly stupid things like not disabling auto play by default for thumbdrives, which has been one of the biggest vectors for virus propogation for years. You can argue that you prefer Windows for whatever reason, but to argue that Windows is as secure as Mac OS is just silly.
I know and I do understand that point. My point is that there are reasons why people don’t update, mainly that many end users are going to be entirely unaware of the problems of unsopported OSes. I’d suspect that people who can’t afford to buy a new OS every few years are just going to keep running what they have. So it’s a general ignorance of the importance of updating to supported software along with the inability to update due to not being able to afford the new OS. Sure, some people are going to tool along out of ignorance, but some are going to keep with what they got because that’s what they can afford. Obviously, a great solution would be people downloading and using FOSS, but I’d suspect that many people, especially poorer and older people don’t have the knowledge base to do so.
5 Likes
There is a cost issue here, though. Not everyone can afford to own a mac. More people can afford $200 or $300 for a lappy that runs MS. I think this is probably why many working class people don’t buy laptops or towers, but they get cell phones with date plans, because you can buy more computing power and pay for it through your contract, rather than having to drop a couple of grand or more at once.
Just, FYI, I’m a linux user and I’m lucky that my husband can help me with that.
8 Likes
Sorry, but that’s complete bulshit.
While it’s true that Windows doesn’t have a stellar history when it comes to security, the OS has been through several fundamental structural overhauls over the years (to say it’s just a series of patches upon patches is simply a demonstration of your ignorance on the matter), the most important of which was the development of the NT kernel, which in many ways is a significantly more advanced kernel architecture than most of the *nix kernels of the time (still suffering today from it’s legacy as a mainframe OS in many respects), it was also a microkernel like Mach (though since then it’s become a hybrid between a microkernel and a monolithic one - as has macOS, for performance reasons mostly, as well as developing a more advanced hypervisor than macOS, Linux still has some advantages there).
XP was the first version to marry this kernel rearchitecture with their consumer OS code base, though it took a couple of revisions before they perfected it with SP3 (largely because of their commitment to preserving backward compatibility, it took a while to fully integrate the two codebases).
From then on though, from an architectural standpoint (there were a few more security improvements in Vista from a user point of view), Windows has been just as secure as any other OS.
All software has bugs though, that’s what you get for writing software in an awful programming language like C (the majority of security bugs are due to buffer overflows, the kind of bug endemic in C software). There are probably just as many security holes in Linux and macOS, Linux is pretty agile when it comes to patching theirs, and Windows has gotten better in that regard in the last 10 years (the SMB bug we’re talking about here was fixed several months before the Shadow Brokers leak for example), but with macOS they’re less likely to even find half the bugs given the low usage.
Windows also had another major redesign after XP, though that was less based on the kernel and was more a holistic overview, started off as a project called WinMin (which was basically a program of mapping and untangling the dependencies between subsystems, allowing the creation of a more decoupled and maintainable core operating system), the first results debuted in Vista (which brought with it a lot of bugs), was perfected in Windows 7 and has continued on to today with Windows Server Core and IOT Core.
7 Likes
Windows doesn’t autoplay thumb drives, or any other removable media, anymore. And hasn’t for many versions now.
2 Likes
It did in Win7, which is the last version of Windows that I have a lot of experience with. That still boggles my mind: for years and years that vulnerability was being exploited, and not only did it take Microsoft forever to simply disable that by default, but it wasn’t even a simple task to turn it off. To say Microsoft doesn’t take security seriously is an understatement.
Don’t get me wrong, I don’t hate Windows, at least not Windows 7, but I have no illusions about how secure the OS is.
1 Like
No it didn’t.
2 Likes
Yes, it absolutely did. And something tells me it still is in Win10 too, but that one I’m not sure about since I won’t touch Win8+ with a Win10 foot pole.
It popped up a dialog, it didn’t run autorun.exe any more.
3 Likes
I was at least willing to listen, until you bashed C. Real nerds love C. 
1 Like
love/hate might be a better description.
1 Like
What language would you suggest as a better alternative for low level operating system stuff?
The primary infection vector appears to be phishing emails containing attachments or links that were infected. So the standard advice to not click links or open attachments in emails applies as always.
As with other malware, they could probably repackage and redistribute it in infected downloads or a drive-by download, so as always, be careful what you download and have your browser wear protection (third-party script blocker / ad-blocker).
And of course, most importantly - backup your system now and have a plan to restore it when (not if) this or something else knocks it out. [Edited to add: don’t keep your backup drive connected so that ransomware can’t encrypt your backups.]
3 Likes
No it didn’t - they could then extract “extended support fees” from the likes of the UK NHS and other public-sector institutions. The Chinese government moved away because they actually think of software as strategic infrastructure that cannot be left in the hands of a competing nation. It’s high time Europe starts thinking in the same way too - it’s clear by now that our trust in benevolent American companies the three-letter-agencies they work with, is seriously misplaced.
That’s debatable. As it is, companies’ incentives are all in pushing people on newer releases for the hell of it, to extract licensing or subscription fees, because capital wants to grow. Let’s be real - a lot of computers out there are glorified typewriters, there is no reason they should be forced to upgrade to more powerful hardware every 5, 10 or even 20 years. The Word documents that places like the NHS need, are the same Word documents that were around in 1995.
I’m starting to think that we will eventually need legislative action, defining what a security update is and how long it should be guaranteed for any OS that is sold to public institutions. The market alone has failed and will keep failing.
2 Likes
I think these virus outbreaks have cost Microsoft in ways that are hard to measure. Personally I don’t know anyone who uses Windows anymore, and Mac is increasingly common in office environments, largely because of crap like this.
That might be the underlying reason, but their stated reason was XP, or at least it used to be:
But of course they’re probably correct in thinking that the NSA or whoever would be spying on them if they were using an American controlled OS, especially one built by Microsoft.
I’d agree, except that I think the market is handling it pretty well though. And my mind is boggled at how little fight Microsoft has put up releasing their stranglehold. In fact it’s almost like they want it to happen, between their insane security vulnerabilities and retarded usability starting with Win8. Whoever thought getting rid of the start button was a good idea must have been working for Apple. It’s the only possible explanation that makes any sense!
There isn’t one that I know of. Rust has some promise, though it’s still quite young, and I don’t know enough about it to know for sure. C++ is a hideous monstrosity though, and C is too unsafe, the lack of better alternatives doesn’t make that any less true.
Microsoft’s Singularity was an interesting experiment, an operating system written in C# (it developed into a project called Midori, interesting series of blogs about it here). Go is another interesting managed language. It’s unlikely that a managed language would ever be efficient enough to run a proper OS today, but who knows, garbage collectors are getting better all the time, probably though we need a language that combines some form of static analysis with syntax to help with memory ownership (it’s just tricky to get the design exactly right, you want to set the defaults correctly so it’s not too onerous to write general purpose code, but expressive enough to handle all cases), maybe a half n’ half approach would work as well, managed memory by default but with extra syntax to solve edge cases where you’d normally need unsafe code.
2 Likes
I would like to agree, but as someone pointed out on another forum:
Unfortunately the newer versions aren’t able to guarantee 100% backward-compatibility, compatibility with old hardware, and some way to upgrade embedded systems. So some people can’t safely upgrade.
But Microsoft has put a lot of effort into backwards compatibility (I have a program written in the '70s for teletype machines, then ported to PCs, that somehow still runs just fine in Windows 10.) They included special patches in their OS for specific programs (I think SimCity or Civilization was one of them) for backward compatibility. They’ve even maintained bug-compatibility to this date in Excel for a date bug from a 1983 version of Lotus 1-2-3. But they can’t catch everything when it comes to proprietary software or hardware. Or software that abused security flaws in earlier versions for DRM schemes or such as that.
And from what I understand, they do offer a paid maintenance service for organizations that want to keep using old versions past their use-by date. So I can’t really blame them too much. The organizations need to budget and plan for upgrades or maintenance service.
4 Likes
