undefined | Better HN

0 pointsunholythree8y ago0 comments

No it is about fixing, a design flaw allowed this to happen. SMB1 (hopefully) wasn't built thinking EternalBlue would be a fun feature.

No one expects perfect software; but this clearly happened because Microsoft's software was broken, the NSA found where, and horded and then lost control of that knowledge.

edited: I understand what you mean about people not patching and leaving themselves vulnerable. A lot of pain could have been prevented at that level.

0 comments

philliphaydon8y ago

So let's assume this was in Ubuntu, lets say, version Ubuntu 10.04.4 LTS (5 years of support), and the NHS decided that it didn't want to upgrade beyond 10.04.4 because some of their stuff broken...

Long term support ended in May 2013 for desktop. But Ubuntu patched the bug in March 2017 for all current supported versions of Ubuntu.

Then the NHS got his with the bug.

How does free / non-microsoft software protect against a shitty decision to not update / upgrade?

thomastjeffery8y ago

> How does free / non-microsoft software protect against a shitty decision to not update / upgrade?

By not bundling upgrades with what is essentially malware, and making them as inconvenient as possible.

If I am running Ubuntu 10.04.4, and I hear about serious malware that relies on a security hole that is patched upstream, I have the opportunity to patch it myself, and keep running Ubuntu 10.04.4 as long as I want.

That being said, it's disingenuous to compare unpatched Windows 10 with unpatched Ubuntu 10.04. It is totally unreasonable to think you are secure using an unsupported OS, but it is a lot more reasonable to think you are secure running Windows 10 just a couple months out of date.

j / k navigate · click thread line to collapse