undefined | Better HN

0 pointsflukus8y ago0 comments

> The problem lies in our defensive infrastructure and our ability to roll out patches responding to incidents.

The problem is corporate IT (or management) think they can create some sort of stable environment, driven by fear of having things break. Organizationally they need to accept that they are operating in a dynamic and hostile ecosystem and that the risk of worms is higher than the risk of some random app breaking on a windows patch.

0 comments

CamperBob28y ago

Organizationally they need to accept that they are operating in a dynamic and hostile ecosystem and that the risk of worms is higher than the risk of some random app breaking on a windows patch.

Except it's not. The account used by the hackers has supposedly earned about 4 Bitcoins so far. Meanwhile, many people from home users to professional IT personnel can recall incidents where Windows Update has broken something that worked fine before. Up to and including installing a completely new version of Windows, force-fed to unwilling customers with intentionally-deceptive practices.

218y ago

I know more times when updating Ubuntu made the machine unbootable than for Windows.

dotancohen8y ago

I'm a CentOS desktop user at work and Ubuntu at home. I love my Linux. Objectively, the parent poster is correct. For all MS's faults, I've had no less problems updating Ubuntu systems than I've had or seen with MS systems.

That said, CentOS is _rock solid_. The packages are old, but maintained by Redhat upstream and do not break on updates. The only thing I recall seeing break on a CentOS update, including point releases, are Firefox and Thunderbird extensions as Mozilla apps are updated eight version numbers from one ESL release to the next.

1 more reply

tragic8y ago

This is a little misleading. The cost of the attack to businesses, governments etc is vastly greater than the laughable amount of money actually raised by the criminals.

A doctor who needs to look at an X-ray and comes up against WC is not going to pay up on her credit card. She will call the IT department to 'fix the broken computer'. But she still won't be able to look at the damn X-ray.

flukusOP8y ago

This is only a single particularly large attack, the same sort of thing happens to machines everyday on a smaller scale. The future potential for attacks like this also go way beyond the current attack.

I do agree MS needs to shoulder a lot of the blame here, but would they have acted differently if IT departments didn't block updates?

j / k navigate · click thread line to collapse