Else, one cannot account for the brazen manner in which the company, which is the root cause of ransomware, tries to project itself as some kind of saviour acting to protect businesses against this very form of malware.
The American Heritage Dictionary has the following definitions for chutzpah:
- n. Utter nerve; effrontery.
- n. Nearly arrogant courage; utter audacity, effrontery or impudence; supreme self-confidence; exaggerated self-opinion;
- n. (Yiddish) unbelievable gall; insolence; audacity.
Every one of those definitions fits very well with what Microsoft does when it comes to ransomware.
This post was published on the right day – I am still wondering if it is a spoof. The post is full of the same kind of motherhood statements that Microsoft has been spouting since it was established in 1975: meaningless pap. But is that the only reason why the company gets away with this deception?
Hardly. If the fact that ransomware is exclusively a Windows problem is raised with companies in the security space, their uniform response is to say that this is because Windows is used on nine out of 10 business PCs (the same figure applies to machines used at home). Windows has a little more than a billion users worldwide.
Never mentioned is the fact that it may not be prudent to speak ill of a company that has considerable clout in the tech space and one from which all these security firms derive plenty of income.
But ask any of these security outfits why Google's Android mobile operating system — which has more than double the number of users as Windows — does not have any ransomware issue, and people will immediately start talking about the weather. Or their children. Or politics. Or any other subject.
Technology journalists are also to blame because apart from a very select few, any malware attack is never listed as an attack on Windows – which is what it is. Of course, scribes who speak truth to power will not get any freebies from Microsoft. No trips to Redmond, no invitations to security conferences, no wining and dining.
Microsoft, itself, makes a tidy little pile from ransomware attacks so it has little incentive to try and improve its software – though doing so with a curiously complicated system like Windows would indeed be a monumental task.
When the company wrote a glowing blog post in December last year about the way the Norwegian company Norsk Hydro tackled an attack by the LockerGoga ransomware, and what it (Microsoft) had done to assist, iTWire verified from the Norwegians that Microsoft had been paid for whatever assistance it rendered.
One can certainly write ransomware for other operating systems – macOS, Linux, Android, iOS and the BSDs. But they are of no use to an attacker unless one can gain administrator status on a machine. And therein lies the difference.
In the case of Windows, there are numerous components, which are part of the operating system and which cannot be removed, that are vulnerable.
To that many security people will offer one remedy: patching. That is another furphy. Here's what one seasoned security pro, an ex-NSA hand, Dave Aitel, told me many years ago: ""Patching is terribly expensive. You have to test and test to ensure that your applications all work after the patch. And then deploying a patch in a medium-sized firm will cost many hundreds of thousands. How many companies are prepared — or even have — this kind of money to spend on deploying a patch?"
Microsoft has even ditched its own operating system when it comes to mobile phones – this year, the company plans to release a phone that runs Android. This is the ultimate condemnation of Windows, something like a man disowning his own child.
Giving up Windows is something that few people will countenance because it is a difficult process. (I know, I went through it nearly 20 years ago). Like those who continue smoking until the doctor diagnoses that they have cancer, people will continue to stick to Windows until the inevitable ransomware attack takes place. And then they will start looking for remedies.