Slashdot Asks: In the Wake Of Ransomware Attacks, Should Tech Companies Change Policies To Support Older OSs Indefinitely? 360
In the aftermath of ransomware spread over the weekend, Zeynep Tufekci, an associate professor at the School of Information and Library Science at the University of North Carolina, writes an opinion piece for The New York Times: At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, "pay extra money to us or we will withhold critical security updates" can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more. Microsoft supported Windows XP for over a decade before finally putting it to sleep. In the wake of ransomware attacks, it stepped forward to release a patch -- a move that has been lauded by columnists. That said, do you folks think it should continue to push security updates to older operating systems as well?
No (Score:5, Insightful)
No. You can't support legacy software forever. If your customers choose to stay with it past it's notified EOL then they are SOL. Any company using XP that got hit by this can only blame themselves.
Re:No (Score:5, Insightful)
I will need to agree with conditions. If the Tech company is selling service contracts for that product, they will need to update it. However like XP and older, where the company isn't selling support, and had let everyone know that it off service, they shouldn't need to keep it updated. Otherwise I am still waiting for my MS DOS 6 patch as it is still vulnerable to the stoner virus.
Re: (Score:2, Insightful)
Or perhaps one option would be to open source the older OS's so that should someone choose to be on the hook for offering support (or the community comes together?)
However, I think if they open sourced it, so many eyes would pour over it and find so many glaring exploits that it would actually be worse overall - at least in the beginning?
Ahh hell, nevermind... :-)
Maybe only for limited distributions [Was: Re: No] (Score:2)
From the outside, I would tend to agree with you. But Microsoft has some liability here. They created a product that is still in use on hundreds of thousands if not millions of computers. Microsoft sold more than 400 million copies, and who knows how many pirated copies are out there.
Here's the deal, Microsoft was found to be in a monopoly as far back as 1998 [wikipedia.org]. When companies like Microsoft reach this level of operation, they usually become regulated [wikipedia.org]. I see a strong likely hood that Microsoft will suffe
Re: (Score:2)
I have one system that I've been trying to upgrade for 5 years. Another system has a hardware device {and drivers} that are no longer available, which also has software form a company that is out of business. "Upgrade to Windows 10" won't work (and I'm not going to to the MS-Sell land of Win 10). I am grateful to MS for upgrading the ones that they did, and to the moron's in the "buy the latest now"; that is not an option, I've tried.
Re: (Score:2)
The last time Microsoft got in the middle of security problems, It allowed Apple to break out and we had a period of time 2006-2012 where Macintosh PC were all the rage. None of the Linux Distributions have the mussel to take advantage of a misstep from Microsoft.
Re: Disagree (Score:4, Insightful)
Re: (Score:3, Interesting)
The irony is that Microsoft does offer paid support for Windows XP, but that the UK's current Conservative government decided to axe the contract a year or two back to save money.
I wonder how that £5mill saving has paid off now that they're going to have to pay a fucking fortune in sorting it all out and upgrading anyway?
Re:No (Score:5, Insightful)
The people providing support should be the ones making MRI scanners, ATMs and other expensive equipment that only works with XP. Even when XP was brand new, did they really expect those machines to only have a lifetime of around 10 years? Microsoft was clear about how long support was going to be provided for.
It seems that people are only just waking up to the fact that these machines have software and it needs on-going maintenance. The next decade or two will be littered with software bricked but mechanically sound hardware, everything from IoT lightbulbs to multi-million Euro medical equipment.
In fact it's already happening. You can buy DNA sequencers on eBay, less than a decade old and original price $500,000, now barely worth the shipping because the manufacturer abandoned support.
Re: (Score:2)
Well it is there fault for not staying current. I have worked in big organizations were movement is slow... However intentionally keeping your systems dangerously out of date, is just bad management.
Re: No (Score:4, Informative)
While it is Windows XP today, it wont be long before it is Windows 7 that is totally screwed by these same policies... which is extremely worrisome considering how much hardware and software DOESNT work on Windows 10 (let alone the spying bullshit). Win10 is even worse in that hardware/software supported at initial release has been removed since then by updates, meaning users literally have to choose between security or functionality at this point.
windows 10 enterprise (Score:3)
windows 10 enterprise let's you turn that stuff off but it's to bad that smaller places can't really get windows 10 enterprise. Unless they get into a long term contract for software
Re: No (Score:5, Insightful)
If you own a Chevy, Dodge, or Ford and the airbag is defective and recalled it won't matter if you are out of warranty. The device will be fixed free of charge by your local dealer. Any safety recall would be handled the same way. The retailer's service facility will repair it free of charge.
With the news of how medical records and devices were affected, one might begin to wonder if software should be subject to the same kind of recall system. Personally I think it feels a little one sided for software companies to create buggy and easily penetrated software that results in loss on the user's end and all the company has to say in return is "You need to buy this new (equally buggy and easily penetrated!) software that is more intrusive and gives us access to more of your marketable metadata."
Is this yet another example of how dollars equal speech, leading to a loopback fucking, where our own money is used by large corporations to buy lawmakers and make sure protections for customers are never passed?
I would like to hear dissenting opinions as well as corroborating ones.
Re:No (Score:4, Interesting)
I don't see how you can blame Microsoft if $OTHER_COMPANY uses their software in a way Microsoft doesn't support. IMO, you should be blaming Hitachi here, not Microsoft. As far as critical and irreplaceable goes, anyone who builds critical, irreplaceable services on commodity, consumer grade software, has no one to blame but themselves. Put another way, they may have accepted the risk that this would happen when they stood the service up. The risk has now materialized.
Re: (Score:3)
Nope. I'd be telling factories on razor thin margins to focus on gear from vendors that offer a design not susceptible to 3rd party obsolescence. Or at the very least then proceed to design around potential security issues in their own way. Remember this isn't a case of Windows XP embedded running on systems. It's a case of:
- Windows XP embedded running on systems.
- Systems open to external interface to another machine
- Systems connecting to another machine without protection against attacks on ports they d
Re: (Score:3)
The embedded version of Windows XP is a separate product and still does get support (including updates) until April 2019, a fact XP users can use to their advantage to continue getting updates [expertreviews.co.uk].
Re: (Score:2)
Re: (Score:2)
The EOL on phones seems to be 2 years. 3 if you consider launch date. Some may offer updates for 5. 20 year old phones with replaceable batteries are still functional today. The question I have is why MUST we trash them? Why are they waste if they can serve their original purpose? Why must I scrap my 2 year old Nexus 5 because Google no longer supports it?
If it is legacy and the original company no longer wishes to support it then copyright and patents should no longer apply. Not all solutions require the
Re: (Score:3)
Easier said than done. Many of these closed source software are using purchased 3rd party libraries, that will not allow for the code to be open sourced. Then there is still code that is used in your current product that you may not want to share. Finally you want people to pay for the new version, and not just get a hold of a perfectly functional older version.
Re: (Score:2)
Also, much of the the code from Windows XP is still in operation in one form or another in Windows 10. Correct me if I'm wrong, but the Windows NT operating system has gone under revisional version updates since it's creation, it's not a complete and total re-write. Opensourcing XP would mean open sourcing Windows 10 and Server 2016.
They already exist (Score:4, Insightful)
They already exist. They're called routers. Network routers can be configured to provide great deal of protection to machines that are older and cannot be patched. Many contain firewall software. Even simple ones can be configured to block traffic on vulnerable ports.
In this case, a router could be configured to keep the SMB port (445) blocked. A router, with updated software, and a firewall gateway can help protect even older devices with embedded code that may no longer be supported.
Of course, it goes to say, that you must keep the router's software updated and not use default credentials on the router.
The NHS decided to not upgrade many old systems because the threat was deemed minimal. Offices were urged to upgrade but funds were not made available and infrastructure budgets were cut again and again. Multiple bad decisions led to this result.
Many things could have prevented it. Better funding, better threat assessment, the NSA informing Microsoft of the vulnerability so it could have been patched years ago, and on and on...
In the end we are here, and hopefully threats will be re-prioritized and better protections will be put in place in the future (I could not keep a straight face while typing that and finally burst out laughing).
Re: (Score:2)
i like the idea, but i think in practice it would be alot more complected.
Re: (Score:3)
OTOH this is the same cisco that makes it a PITA to get firmware updates for many products without an active service agreement.
So many small offices out there that bought a cisco 800 series or something; and once its a couple years old can't easily get updates, even if its still an active product line.
Don't be silly (Score:2)
this did not need to be fixed with an OS patch, it could have been prevented with better network security policies. I would be surprised if someone hadn't said something about addressing the vulnerability earlier but probably got ignored because of some budgetary issue.
It would be more reasonable to call for continued money to be made available to address these vulnerabilities after a system has gone into production and a move to use more open source solutions where users can share patches
Re: (Score:3)
What I want to know is why Samba wasn't disabled already. Isn't this something that can be done with Group Policy?
Silly idea (Score:5, Insightful)
Should they go back and patch Win95 while they're at it? Make Win386 rock-solid in the face of current virii and ransomware?
By that same logic, you could insist that Ford go back and install safety glass and airbags on any existing Model T's still running.
The simple fact is that OS's are a treadmill. It's a not a typewriter that you buy once and use until it breaks.
Look, I think OS firms *should* support 'the last few versions' - say whatever was current 10 years ago (ie in MS's case, Win2007). But to go back further, or to MANDATE that?
If you can't be bothered to run reasonably current OSs, then you're going to be as safe as you deserve.
Re: (Score:3)
Exactly. Microsoft stopped selling Windows XP over 8 years ago (!). I doubt many of the affected computers are older than 8 years.
It is more likely that people made use of the "downgrade" option in professional licensing, which allowed them to install Windows XP despite the fact that it was no longer on sale. That should be been a clear warning that support will not last forever.
But no, organisational inertia means that IT kept setting up new Windows XP system long after the system was discontinued. I think
Re: (Score:2)
"I think there is clearly one party at fault, and it is IT."
Why so? XP was far easier to lock down and fully secure than 8 or 10 with that bullshit telemetry, and it had far fewer hardware restrictions. It is smaller and faster and more capable at most of my tasks than most modern systems (example: I use ManyCam 3.0.80 - 2000/XP-Era multi-cam software. Runs like a champ on XP with 4 webcams, I go 7 [Ultimate] or higher, I can no longer use more than 2 webcams despite the software having the ability to acces
Re: (Score:2)
Yes, there are always going to be hardware interfaces that require Windows XP. We have an electron microscope that runs Windows XP - you do not throw that away just because patches have run out. But you do isolate it: only necessary network connections are enables, for example to a file server that does run a current OS.
But a few hardware connect PCs are not what this problem is about. This is about office machines still running Windows XP because some idiot web interface still mandates IE6. The web interfa
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What happens if a Still used software isn't owned by anyone any more. The Company is out of business, There is no source code available. There is a point where the end user has some responsibility to update their system. Like the Model-T they may still keep it, and use it for a hobby, but knowing full well if you take it on the Highway and get in an accident you are probably going to get killed.
Re: (Score:3)
Bad car analogy. Firstly many old cars are banned from using critical infrastructure like highways (or in some cases any roads) for their obvious threat to third parties and their owners.
Also this isn't hobbies we're talking about. No one gives a crap if someone's Model T toy breaks down, just like no one will cry about the Windows XP virtual machine I play with at home.
The only complaints are against critical services, internet connected machines that operate and provide livelihoods for the owners. If the
Re: (Score:2)
Re: (Score:2)
So why is Win95 protected even today by copyright? So according to you Microsoft needs to be protected but the consumer doesn't? If it's too old to be supported it should be too old to be copyrighted.
Re: (Score:3)
When did you last visit an NHS hospital? I am fairly certain that the ward my mum was in two years ago had "entertainment centres" showing a Win95 desktop, powered up, but not functional because the hospital app did not support 95! Perfect for hosting malware.
I get the impression the mains plugs have PAT tests, but no one has the job of auditing the PCs for sane software.
All the signs are that decisions are taken by the congenitally incompetent - probably Mr Potato head in the ca
Re: (Score:3)
"Unless, of course, you're insinuating that the poor and economically disadvantaged (companies included) deserve to suffer the ill effects of operating outdated systems."
In some cases, yes, those companies DO deserve such ill effects. Especially those that simply refuse to embrace technology at all.
Recently, in the rock club I'm a member of (and in running for VP position) I learned that these older people are so set in their ways that they actually voted to remove all computers from their shop back in 2000
No. *All* companies should ... (Score:2)
... have policies in place that prevent mission-critical systems from being proprietary, dependent on one vendor, insecure, not updated and open to being messed up by clueless users who click on links and download and install everything they can lay their hands on.
Also they should all have in place: Up and running intrusion detection on their intranets, regular automated overturning backups and regularly tested zero-fuss disaster recovery. Have all that in place and you wouldn't even notice WannaCry.
Extra b
Re: (Score:2)
MS is a good corporate solution because it has, in the past, realized that corporate solutions cannot just be updated on demand. Real production machines have to be carefully maintained. This requires funding, and the one place MS has been able to charge for services is the corporate space.They were correct, for the most part, is free is only free if your time is
Re: (Score:3)
" Honestly a simple backup will prevent most ransomware attacks"
Uhhh, what? In fact, more attacks have encrypted user files recently, so you're not going to stop this any time soon.
Re: (Score:2)
I don't even like MS.
Re: (Score:2)
After 40 years in the computer industry, the one key lesson that is re-enforced year after year is that you should NEVER trust your infrastructure to closed source products. Anyone that takes a commercial decision to do so should be liable to instant dismissal.
Car analogy: It is like taking a taxi from the airport to the hotel on arriving in a country you have never visited before and don't speak the language with a blindfold on. (And a wa
It's about the hardware (and apps), not the OS (Score:2)
C'mon people.
The upgrade path from XP upward is not like the path from 7 to 10. You don't get to keep your apps without reinstalling everything, and it is very unlikely you can keep your existing computer.
The disruption is immense, and they only way forward for me was running a USB hub to allow switching between computers piled on my desk and keeping my old XP box at the ready in case there was some critical app to which I had lost the installation. media that I needed.
As to the people who "downgra
Re: (Score:3)
they only way forward for me was running a USB hub to allow switching between computers piled on my desk and keeping my old XP box at the ready in case there was some critical app to which I had lost the installation. media that I needed.
You do know that you can have XP in a virtual machine, don't you? Or for that matter, other obsolete OSes such as 7 and 10.
Re: (Score:2)
2 months and yet despite having Windows Update enabled (yet I restrict what gets installed since I stopped the GWX BS) and yet still Microsoft is trying to add additional shit I don't want.
How on God's green earth can you even make your argument when it's nullified by what the other company decides?
Re: (Score:2)
Most mission critical systems, are running some custom made applications, that was built for a particular OS.
Well (Score:2)
Re: (Score:2)
There's a difference between proactive support and reactive support.
Re: (Score:2)
There's a difference between proactive support and reactive support.
It's enough to have reactive support after EoL, although if we're forcing people to do things, we're going to have to put some limits on how long they can dick around before they have to actually get the things done.
hard question (Score:5, Interesting)
I honestly can't figure out where I fall on this. I would say for major security issues, yes, though the cutoff should be when production use of that OS get below a certain point, which should be easily monitored, and I don't think XP went below that.
In any event, that an organization the size of NHS, quite literally one of the largest employers on the planet, did such a poor job on security is disgraceful, especially considering how internetworked all their stuff was.
Re: (Score:3)
You introduce a chicken and egg problem that will only deflect the problem elsewhere. If MS continuously supported the OS then there'd be one less driver to move away from it.
Instead of a bug breaking some ultra expensive piece of factory gear it will be a hardware failure or something else that can no longer be fixed. Simply removing one of the sources of obsolescence doesn't solve the underlying problem that is that many companies have piss poor obsolescence management or business continuity plans in plac
Should? (Score:2)
But I'd be very wary of making this a legal obligation. Especially since obligation
Re: (Score:2)
What about an economic obligation? Someone has to do the work; that implies time, which implies wage; wage implies cost; cost implies revenue streams; and revenue streams imply consumers actually spending money. It's easy to just dismiss Microsoft with a multi-billion-dollar net profit and push the conversation down the line to every other product that gets nickels, dimes, and dollars added to the end, until 5% or 10% of our money is going to things that don't matter.
The real question is why haven't we
Support Older OSs Indefinitely? (Score:3, Insightful)
Indefinitely? No, only as long as they want to keep their copyright/patent privileges on those systems.
Re: (Score:2)
Indefinitely? No, only as long as they want to keep their copyright/patent privileges on those systems.
Indeed, once they stop making security patches, they should have to cough up the source code to the whole damned OS. They should only have to issue security patches to keep their code, though.
Be prepared... (Score:2)
NO! (Score:2)
Most of the ransomware could be stopped by the use of proper backup's, firewalls, networking and IDS / IPS software. Instead of companies like Microsoft supporting old software stacks, they should only be required to release updates for the current systems and rely on the IT of the companies who use their product, to properly secure themselves.
Car Analogy (Score:2)
I recommend a Subscription model... (Score:3)
Abandoning Operating Systems is a cruel trick played by vendors who want the new revenue from upgrades...no matter what the cost in lost-business, learning-curves, and incompatibilities with existing practices may be to the customers.. Spending money on maintaining the security (even excluding features) of superceded products distracts from development of improved products, and is not in the vendors' self-interest.
Given that a new Operating system (retail) is in the $100-$150 range, I'd propose "Life Extension" service subscription, solely for security updates in the $30-35/year range...with a required minimum of 10,000 customers to keep maintaining the service. That provides enough revenue ($1,000,000+ per annum) to support a small, dedicated staff.
Frankly, there's no reason that a M$ couldn't engage in a Joint Venture with a small qualified, independent security firm to provide the service, with special access to proprietary information within the O.S. vendor.
It would be an investment in the rehabilitation of the O.S. vendors' reputation, because M$ has gotten quite high-handed in recent years, dictating (or even forcing) software on unwilling customers.who have existing businesses to run.
So, Microsoft and HP should have to support... (Score:2)
Windows Workstation on old DEC Alpha systems against any attacks? Pretty sure some of the basic Windows vulnerabilities would apply.
Best solution... (Score:2)
...replace Windows with Linux, and stop using smbv1 and smbv2.
Anyone remember nimda?
Hell, at the very least, open source any abandoned OSes so that others can take on maintenance if they feel compelled to live in the 1990s again.
Re: (Score:2)
I want to live in the 1980's [youtube.com] you insensitive clod!
Re: (Score:2)
Re: (Score:2)
Old software is hard to kill (Score:2)
I think that if you got people over to the subscription model, it wouldn't be impossible to put 3 or 4 guys on a maintenance team to backport absolutely critical fixes. You'd have to be very explicit about the criticality level that triggers a fix, but the reality is that vendors introduce a lot of dependencies. Those maintenance coders wouldn't have to be your best and brightest either - it would be a very good first job for new grads. I would think that as long as customers were paying something like Soft
Old OS = old hardware (Score:2)
Would this approach not impact hardware development as well? And mobiles and iot?
If Microsoft, Google, Apple and all Linux distribution organisations are expected to support older versions permanently, their software legacy grows and with it, the supported hardware combinations also grow.
People here on /. dislike the push to upgrade to Win10, but it's what's going on elsewhere, with more mobile devices being sold than desktop format PCs. The model doesn't suit everyone all at the same time and with the same
Re: (Score:2)
Apple: most people run recent iOS versions - this shows Apple is doing well. Newer versions of OS X run well on older Macs too. Excellent Apple!
Except that they cut the PPC macs out in the cold, many of which still have sufficient horsepower to run modern applications — only there are no applications because the application developers took their cue from Apple (reasonably) and abandoned it at the same time Apple did. So there's no for example javascript engine which has been updated for PPC, so there's a distinct dearth of modern browsers.
But let's forget what is essentially ancient history and move on to the fact that Apple dropped support f [osxdaily.com]
I'd like to have a three tiers scenario. (Score:2)
First of all, let me state that most of my machines are Linux, or BSD. I find the whole panic over WCry absolutely hilarious.
Something like OpenBSD, but less stringent:
First-tier is average OS support - six months support tops, after that, you need to upgrade. You have version 4.3 while the latest version is 7? Tough luck.
Second-tier is emergency OS support: 12 to 18 months support tops. On a specific version (meaning fubar 6.0 but not fubar 6.1 for instance ), only back-port of the most critical patches to
Answer is NO (Score:2)
This could also be viewed as PR protection for Microsoft. If they didn't help these users, then this would dirty Windows' name even further, and many of these users would probably switch to something else, realizing MS doesn't have their back.
What if we tied support to copyright? (Score:5, Interesting)
Slashdot generally doesn't like ludicrously-long copyright terms, right? What if we made maintenance a requirement for retaining copyright over software? If Microsoft (or whoever) wants to retain a copyright on their software for 70 years, then they'd better be prepared to commit to 70 years of support. If they want to EOL it after 5 years or 20 years or whatever, and wash their hands of responsibility, that's fine, but then it's public domain. Why should we let companies benefit from software they don't support anymore?
This could also work for art works, as well -- because copyright exists "To promote the Progress of Science and useful Arts," we could make it a requirement that an author (or company, or whatever) needs to be distributing (or licensing for distribution) a work to have copyright on it. When it's out of print, it enters the public domain.
Re: (Score:3)
Optimally, the law would also require a source release so customers using the unsupported software could find another vendor for their patches.
The Open Source release could simply be a requirement for copyright protection. They don't have to do it, but if they don't and their code gets out after they stop support then it enters into the public domain, even if they then later go on to start supporting it again. And of course, they also lose copyright protection over the binaries at the point at which they stop support, and should have to provide a universal reg code that bypasses any activation, or a similar patch, etc.
The code release is going to
Re: (Score:3)
The Open Source release could simply be a requirement for copyright protection.
IMO, there should be no copyright protection on binary-only releases. If there are such secrets in your source code that you don't want to publish it, you should use contract and trade secret law to protect your product. If you want copyright protection, you should have to publish the source code so that it's truly usable when it eventually falls into the public domain. That doesn't mean that you have to give anyone legal rights to redistribute, modify, create derivative works, etc. -- you can still reserve
Who will pay for it? (Score:2)
Yes. It's like vaccinations (Score:2)
If the number of older systems is large enough, then Yes, Microsoft should release patches for them.
They should do this for two reasons:
1) Reducing the number of infected systems helps protect others from infections
2) It protects the innocent, like those whose Medical Care was interrupted in the UK, from collateral damage.
Who pays for it? Microsoft. They have benefited from the sale of all those systems, and certainly have enough cash to divert some to supported old but prevalent systems. Also, the fact
implementing security updates forever (Score:2)
If we made infinite support (even for just critical updates) the industry standard, would it be difficult for a budding software developer company to plan for this, before knowing how well the software will sell?
At the other end of the spectrum, some established companies have hundreds or thousands of pieces of software deployed. how many units need to be sold/distributed before the company would need to consider it one that needs critical security support indefinitely?
Would you think Open Source software w
Simple question to a complex problem (Score:2)
If the answer is no then all a company has to do is tie in all it's software to the OS. If a OS is defined as the software that controls the hardware then there wouldn't be this issue in the first place. This is a service which runs on the OS.
The systems sold at a discount today are no faster in handling the day-to-day use of the average user as some sold 15 years ago. Most peoples use is not that of a gamer. This need to create waste baffles me. If it were not for the extended term of copyright there would
Virtual machines + backup (Score:2)
Re: (Score:3)
You're confused, virtual machines can become infected and spread infection and clog networks too. That is not a solution. Having backups and archives of infected files is not a solution either. Guess again.
Re: (Score:3)
Not to mention that often the reason why a legacy OS is still being used isn't so much software as hardware, and drivers for same. Sometimes that stuff can be connected to a VM, sometimes not.
Artificial scarcity (Score:2)
There are more than enough XP users in the world for Microsoft to dedicate resources and turn a profit supporting it. Arbitrary sunset dates disconnected from reality of who is still using software amount to nothing more than sales tools intended to extort upgrade revenue.... buy this or get owned.
I personally don't believe vendors should be allowed to walk away from safety defects in products in order to make money on upgrades. Buffer overflows are entirely preventable classes of software failures. It i
Re: (Score:2)
Wrong approach (Score:2)
Personally, I think it's the wrong approach to try to compel Microsoft to support old operating systems. It's a substantial burden for them, and makes it harder for them to move forward and innovate.
Instead, I think we should try to compel Microsoft to open the source of Windows XP. If there's a large enough number of people who want continued support, they would then be able to fund it somehow. Plus, it would push Microsoft to innovate, since they would have to make sure that Windows 10 did useful thin
It's an existential problem (Score:2)
Forever support isn't reasonable, but at the same time vendors using security update channels to push unwanted upgrades for the benefit of the vendor is equally bad.
My guess is that we're going to be getting to the end of the road of the "nasty, brutish and short" state of nature in the software industry and start seeing more regulations.
Vendors will be able to EOL their products, but will also have to supply security updates for N years after the product is officially ended. Vendors will be required to ma
Re: (Score:2)
The fault lies with all of us (Score:2)
None of us bother to learn real security. You're all so stuck on layer 4-7 you fail to understand layers 0-3.
Your fault for not realizing the current security model is flawed as fuck.
Kill Date (Score:2)
Perhaps all OSs should have a kill date embedded after which they will fail to operate. Maybe nothing as drastic as the machine failing to start, but perhaps for example booting into the equivalent of safe mode with no networking, so that it's possible to move your data from the system but isn't really practical to use it.
Why? Because such a kill date would actually force people to think about upgrading rather just keeping running because they know they can.
It could be as simple to override as putting the
Re:Blame Windows 10, in Part (Score:5, Funny)
I've installed Windows 10 on my PC and TRY BING TODAY it's not that bad.
Re: (Score:2)
It also lives on in many scientific instruments. An old mass spec that runs XP (or even older. I regularly maintain X Ray diffraction machines that still run DOS) usually can still do the day to day job just fine. The software usually hasn't been supported for many years and won't run on anything newer. But replacing the instrument could cost a large amount of money (250K or up in many cases).
Research budgets aren't growing and I work for a university in a state that can't pass a budget. We just don't have
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It's a matter of convenience more than absolute necessity. You have to have a way of controlling the machine and getting the data the devices take off of them. There are several ways this can be done without putting the machine directly on the internet. In some cases thumb drives are adequate. In other cases the controls of the machine are largely web based and then you have to a separate network connection to a multi-homed machine on the wider network that acts as a firewall and usually will only let one o
Re: (Score:2)
It still lives in hearts of many IoT devices and especially as embedded OS in all the printers, copiers, ATMs, and hell knows where else, showing that all-too-familiar red box with cross on top right corners on displays of all these devices, notwithstanding all the familiar WinXP warning and dialogue boxes.
Are IoT devices effectively vulnerable to this particular malware? And if they do become infected, is there anything to ransom on these systems? Can't you just reset them back to factory state if needed?
Re: (Score:3)
Because crooks keep being more inventive, finding new -- heretofore unanticipated -- ways of tricking users and software.
You might as well ask, "How many law enforcement officers are out there?" There will always be some to invest their inventiveness in making a quick "killing" instead of engaging in honest, hard work of designing products that people want. Computer criminals are not interested in the niceties of business, like marketing, and advertising, and customer satisfaction...they're only intereste
Re: (Score:2)
FTFY.
Re: (Score:2)
Because ransomware did not exist before Bitcoin. :rolleyes:
Re: (Score:2)
I'm *sure* if you approached M$ with enough cash, they would oblige you.. Although it's likely going to be a LOT cheaper for you to simply upgrade your OS and applications to Windows 10 (Or, if you really want to go cheap, Linux).
If you absolutely need support, you CAN get it if you are willing to pay for it. What's usually the case though is folks are unwilling to pony up the cash and choose to take their chances.
I worked for a company that had a PBX that was falling out of support by the manufacturer
Re: (Score:2)
Re: (Score:3)
The secrets will always get out.
To be fair, this would have happened either way. Maybe (and this is a big maybe) that it would be found out so far down the line a lot less people would be affected, but odds are that someone would have found it anyway. Also, if you think the Chinese and other nations with big cyber divisions aren't sitting on their own vulnerabilities I think you're kidding yourself.