Home Open Sauce Best way to avoid ransomware? Stop using Windows

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Best way to avoid ransomware? Stop using Windows

After a week when people learned that ransomware can take over their lives, the question must needs be asked: why is it that this kind of malware seems to attack only Windows?

There are many Microsoft apologists, astro-turfers, and so-called journalists on the make who, at times like this, keep a low profile and furiously try to spread the message in Web forums that "computers users" are at risk.

Alas, the harsh truth must at last be faced: if you do not use Windows, then the chances of a ransomware attack are close to zero.

Ransomware for the Mac is such a rarity that when one was discovered, security researchers went into literal meltdown. As for Linux, despite the efforts of all and sundry to pin ransomware on the free operating system, nothing has been found.

Windows flies in the face of the basic tenets of security. One can have convenience when using a computer system. Or one can have security. User-space and kernel-space must not be allowed to mingle, else one gets a security nightmare.

Over the years, Microsoft has sought to sell its wares by trying to be all things to all people. At a certain point along this kind of journey, one always comes to a sticky spot in the road.

Last Friday, organisations in more than 150 countries found that they were stuck in that sticky spot. It wasn't an edifying spectacle.

James Scott, a senior fellow at the Institute for Critical Infrastucture Technology, had this to say about Microsoft's culpability in the whole mess.

"Microsoft was quick to blame the success of the WannaCry campaign on the NSA, alleging that the agency should never have developed EternalBlue and that the vulnerability should have been disclosed sooner," Scott wrote on the security think-tank's blog.

"Even if the Shadow Brokers' claims were true, the liability and responsibility for the risk remain with Microsoft for developing inherently flawed operating systems that failed to minimise exploitable vulnerabilities by incorporating security-by-design throughout the developmental lifecycle of the software according to NIST 800-160.

"Instead, Microsoft, like the vast majority of software and technology manufacturers, rushed their product to market with the intent to actively use consumers as “crash test dummies” for vulnerability discoveries.

"This systemic cultural fault in software development endangers users daily and enables the efforts of cyber-adversaries. The result of these practices is the necessity for the constant release of patches and upgrades that repair old vulnerabilities while introducing new ones."

Exactly what Microsoft plans to do, apart from blame the NSA for creating exploits that have been leaked into the public sphere, isn't clear.

The company is lying low as it always does after such disasters. Public memory is woefully short these days, even more so than it was previously.

But with every situation, there is a breaking point. Is WannaCry going to be that point for Microsoft?

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.