None of this advice is useful for massive organizations like banks and hospitals who got hit by this. They cannot switch off of windows for a number of reasons.
There's nothing they can do right now, but my issue is that this will be forgotten when next update/purchasing round swings into action.
Take Mærsk who couldn't operate their freight terminals due to a cyber attack and had the entire operation being dependent on a hard drive in a server that happened to be offline. Have they improved network separation? Perhaps. Have they limited their critical infrastructure to only run whitelisted application? I assure you they have not. They've probably just purchased a Crowdstrike license.
Companies continuously fail to view their critical infrastructure as critical and severely underestimate risk.
Mærsk is kind of a bad example, because they made real security mitigations afterwards.[0] I cannot speak to whether they whitelist applications, but neither can you.
That's the reason why I wrote, "stop putting" instead of "throw all of your PCs out of the window". Just like they migrated away from DOS they should start planning to migrate away from Windows to more modern, sandboxed solutions. There are ZERO reasons why a cash register shouldn't boot from a read-only filesystem, run AV, and so on.
All of the hardware that's attached to workstations in our hospital are designed for windows. Certain departments have specific needs as well and depend on software that is Windows only. After decades of Windows it develops an insidious grasp that is difficult to escape, even moreso when your entire industry is dependent on Windows.
Switching over to windows wouldn't just be extremely costly from an IT perspective but would require millions of dollars in new hardware. We are in the red in part because of the pandemic, existing problems in our industry accelerated by the last few years, and because a large percentage of our patients are on Medicare, which the fed govt shrinks fixed service payments for every year.
I can't imagine convincing our administration to switch over to Linux across the hospital without a clear, obvious, and more importantly short-term financial payoff.
I'm working for a company that has no Windows boxes at all, anywhere. Sure, some Windows software has no alternatives. We're running all of those programs in VMs.
Does this make financial sense? Probably not in the short run, which is an issue for most companies nowadays. But in the long run? I think it's the right choice.
It is not the hardware designed for windows but the driver code, which is most probably written in basic C, which most probably can be cross-compiled for usage outside Windows – so instead of millions of dollars in new hardware it is really thousands in porting the drivers and GUIs to the new platform. What works on windows in 90% cases is an easy porting job for the manufacturer, they just won't be doing it unless someone stops paying for windows version and be willing to pay for alternative platform port.
Anyway, i totally agree with you. The convincing part here is short of clear and obvious for administration types. Until MS finally bricks it's OS and renders it totally unusable they can continue to do whatever shit they want and keep mocking their loyal customers forever.
Well, there’s this one app, written in VB6 using lots of DCOM that produces XML and XSLT transforms that only work in IE6, and the entire organisation depends on it, and the nephew who built it is now a rodeo clown and is unavailable for consultation.
1/ imagine running >1000 legacy applications, some never updated in 20 years
2/ imagine a byzantine mix of local data centers, VPCs in aws/gcp/azure
3/ imagine a IT departament run by a lot of people who have never learned anything new since they were hired
That would be your typical large, boring entity such as a bank, public utility or many of the big public companies.
Yeah, there is no law of physics preventing this, but it's actually nearly impossible to disentangle an organization from decades of mess.
People have continued to run old management systems inside of virtual machines and similar solutions. You can sandbox it, reset it, do all kinds of wondrous things if you use modern technologies in an era-appropriate way. Run your old Windows software inside of a VM, or tweak it to run well on Wine if you have the source. The reason this mess happened is that all of those software are literally running a desktop OS in mission critical applications.
I have worked as an embedded engineer for a while and I can't count the number of nonsensical stuff I've seen incompetent people running on unpatched, obsolescent Windows XP and 7 machines. This mess is 100% self inflicted.
I think these are just technical excuses, but the real answer lies somewhere in the fields of politics and economics. If people in charge are to make a decision – then us tech nerds are going to migrate and refactor 1000 applications and update 20 years of byzantine code mess. I saw entities so large and boring they can barely move one step – changing rapidly and evolving once their economic stability is at stake, and this is a great example of such a disruption which can push them into chasm of change.
