You've all read and heard about the major ransomware cyber-attack which hit hundreds of countries. Lots of companies as well as hospitals have been impacted, with their computers and local network being compromised by a "ransomware" (you no longer have access to your documents, until you pay a ransom to the hackers).
Now, there is something I do not understand. From what I read, the hackers exploited a Windows security hole, which was discovered by the NSA. Also, it's said that Microsoft patched this hole some months ago. So does it mean that all these computers compromised were not patched? I don't understand how this is possible!
Firstly, Windows update is turned ON by default. So all computers running Windows should be up to date, right? So how is it possible that so many computers were still not updated?
Secondly, it seems that this is mostly companies (and hospitals) which have been the target of this attack. And that is another point that I do not understand at all. I would assume that these kinds of sites are again more sensitized to security issues than individual people. Companies have system administrators, who's job it is to keep the computers and network equipment up-to-date. So I don't understand how they can be infected through a security hole which was already fixed.
Finally, I am reading all the recommendations from States, medias, etc., which are telling that to defend against this attack, "we" must update our Antivirus / Security Suites. But these software automatically update themselves already! So what's this bullshit recommendation? It makes me think that medias are trying to sound clever, and be the ones which know first and best, and giving advise, without really know what they are talking about.
I am not saying that with an antivirus you are 100% safe, but with Windows Update ON, and an antivirus, there is no nothing more that an individual can do.
If they want to give useful advise, they should tell people to install an antivirus, and be careful not to open e-mail attachments, and pay attention when Windows asks you to authorize(or not) an application to do something.
By the way, be careful folks. We never repeat it enough:
- install an antivirus on your computer. There are free versions and subscription ones.
- don't open e-mail attachment, even if the come from known contact (it's easy to spoof the identity of a sender).
- be careful of message boxes that Windows is showing to you. Most of time, when an application is trying to do something particular, Windows will ask you to authorize or not this application to proceed. So be careful of these messages.
May 13, 2017
This is not exactly it. Computers which have been impacted are running "old" versions of Windows (such as Windows XP, Windows Server 2003…). These versions reached their end of life, and are no longer maintained (updated) by Microsoft. This means no patch were deployed for these old versions. This is it the problem.
Companies shouldn't be totally blamed for still running old version of Windows. There are plenty of legitimate reasons to still run them. For example, more recent version of Windows might not be compatible with the hardware these companies are using. Who ever tried to get Windows 10 knows what I mean. From one generation of Windows to another, Microsoft drops support for such or such hardware components. Also, companies are often running proprietary software (which means they develop it themselves), and these software might not be able to run on recent version of Windows. You would be surprised to see how many computers in manufactures or assembly chains are still running Windows NT !
In spite of the fact these old version of Windows are no longer maintained, Microsoft just released a patch for them. Now, of course, we will always be able to criticize Microsoft, and argue they could have done it earlier, knowing how this security hole could be exploited at mass scale.
So it's not juts a matter of keeping your Windows Update and Antivirus update to date. The problem is deeper and more complex. This is pointing to the question of how to deal with a generation of hardware and OS, and how companies can afford to update their whole park of computers on a regular basis. "Supposedly", this problem is coming to an end with Windows 10. From what I understood, Microsoft announced that from now on, there will be no more new generation of Windows. So, it means that now, there will be only updates of Windows 10, which suggests that, if a computer can run Windows 10 "now," there will be no more risk to end with an outdated Windows. But only the future will tell.
I wish good luck to all those who have been impacted by this ransomware virus, and hope they'll recover from it.
May 15, 2017