Slashdot Mirror
Hospital Equipment Infected With Conficker
nandemoari writes "Recently, the Conficker/Downadup worm infected several hundred machines and critical medical equipment in an undisclosed number of US hospitals.
The attacks were not widespread; however, Marcus Sachs, director of the SANS Internet Storm Center, told CNET News that it raises the awareness of what we would do if there were millions of computers infected in hospitals or in critical infrastructure locations.
It's not clear how the devices (including heart monitors, MRI machines and PCs) got infected. Infected computers were running Windows NT and Windows 2000 in a local area network (LAN) that wasn't supposed to be Internet accessible, but the LAN was connected to one with direct Internet access.
A patch was released by Microsoft last October that fixes the problem, but the computers infected were reportedly too old to be patched."
I'm surprised that NT4 is still run. But then again I often see it running on older equipment in stores, call centers and hospitals I guess.
I guess that's the other meaning of "Nosocomial infection"...
Does it bother anyone else that "critical medical equipment" was running Windows NT or 2000? Don't get me wrong - I like to bash MS as much as the next /.'er but XP is almost to sunset - Shouldn't they be running something a little newer?
DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
So if a patient dies due to a (computer) virus and the virus writer gets caught can he be charged with manslaughter or something?
Negative moral value of force outweighs the positive value of good intentions.
Hospital equipment running Windows NT... Virus or no, I wouldn't want my life to depend on that machine. "Yeah, I hooked him up to the EKG and it just keeps saying device not recognized."
Maybe not, but cars have been removed from the market for similar reasons. Notoriously insecure systems should never be used in hospitals.
It's not clear how the devices (including heart monitors, MRI machines and PCs) got infected. Infected computers were running Windows NT and Windows 2000 in a local area network (LAN) that wasn't supposed to be Internet accessible, but the LAN was connected to one with direct Internet access.
Critical medical equipment running Windows and connected to the Internet? YOU'RE DOING IT WRONG! The sheer stupidity of humans never ceases to amaze me.
"A patch was released by Microsoft last October by November that fixes the problem"
What the fuck. Am I missing something here, or is that indeed awful proofreading and nonexistent editing?
I can totally understand why these systems were still running NT or 2000. If it ain't broke, don't fix it, right?
But if it ain't supported anymore, and it's completely closed-source, you literally CAN'T get fixes for vulnerabilities discovered later on. At least with an OSS product, you'd be able to hire a developer to fix the specific vulnerability on the existing system.
Don't you wish your girlfriend was a geek like me?
1) Vendors of these devices almost across the board disallow local IT admins to put any windows patches on the machines
- this is due to FDA requirements for approval, and the vendor is "covering" themselves
- also, they usually have a list of "qualified updates" that is usually MONTHS behind MS's patch cycle (not surprising given the sheer number and speed of holes that are found)
- usually the vendors claim that THEY will apply patches regularly, in practice, they almost NEVER do
2) Vendors typically disallow these machines to be on the active directory
- this is because they can't stand troubleshooting/supporting issues in their software due to GPO's being pushed down, software management software, etc etc
3) To everyone screaming how idiotic it is that medical devices have Windows on them: you may be a geek, but have clearly never worked in a real enterprise environment. Windows is embedded on so many devices in the world (medical and otherwise) that you would never even know existed. Why? Because it's widely supported, has huge hardware support, and is surprisingly OPEN to developers to hack it into whatever they need it to be. And windows programmers are a dime a dozen.
4) To everyone screaming how idiotic it is that medical devices are connected to the internet getting infected - Do you even know how Conficker spreads? It spreads quite easily across a LAN, attaching to Windows file shares. See MS08-067 for more info. Many of these devices are on a LAN with no DNS (although plenty are on the 'net). Why? Again, because vendors insist that they be connected so they can VPN in and support them (often using LogMeIn, Webex etc).
THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE
Nothing new here.
In Portugal I came across with at least 12 servers in major hospitals.
Suddenly I have this horrible urge to write a virus called "Swine Flu" that only attacks medical systems..
On some hardware even installing windows updates will void the warranty and that same hardware also has to be on the network.
This SPAM was brought to you by a heart monitor!
http://www.beanleafpress.com
"Hi it says I need to upgrade my RAM, what is that?"... "RAM is a part of your computer, if you have more of it, you can expect it to run faster... tell me what your computer is running and I'll see if I can help you out."... "Uh, right now the computer is running Bob's heart and lungs for him."
The article says "A patch was released by Microsoft last October ..." The availability of a patch doesn't mean squat. Before a patch can bve installed on medical equipment, the hardware vendor has to validate the patch. In other words, the vendor has to test the ever loving crap out of the software to insure it does not conpromise patient safety.
The fact that cornflicker got on life safety and mission critical systems at all raises the question of why anyone would use a consumer grade operating system for mission critical systems or for life support systems. At a minimum, these systems should have been running Unix or Solaris. Vx Works or Linux are also good, but require a higher level of computer engineed to implement.
This is just plain lunacy.
So, we have Conficker infecting hospitals now. And meanwhile, after Conficker's payload goes live, there's a massive outbreak of swine flu. And conficker spreads spam... spam is a pork product... COINCIDENCE?!
No kidding!!! What do you say at this point?
Bridgestone wasn't committing a criminal act. They had a flaw with their product.
Under US law, there are situations where you can be prosecuted if during the commission of a crime you cause something more severe to happen. One that has happened successfully is criminal being prosecuted for murder during robbery, even when they themselves didn't fire the shot that killed someone. However because the reason the death happened was their robbery, they are charged.
Now as it would apply to this, I don't know. You'd have to ask someone who's an expert in this area of law and even then this is untested so it would have to be decided in trial. However it is the sort of thing that can happen. If you commit a crime and in doing so cause other harm to happen, even if it wasn't direct or your direct intent, you can still be charged at least in the US.
$tupid fail
Kind of makes you wonder what percentage of the prestigious Windows market share is special purpose devices like this (or mundane devices like cash registers.) I know Case equipment (CNH) uses WinCE on almost everything. At least that is pared down to the essentials.
In any case this seems like lazy engineering if the item is vulnerable to viruses.
-- My apologies if the above facts contain any opinions, or vice versa! --
The question here is this: did the sub-human wankers who created this ever consider this possibility? Now that it's happened, do you think they give a shit? Is there a chance that someone is saying, "Gee, maybe this wasn't such a good idea..." right about now?
...Complete lack of surprise.
I work with some hospital software ... Recently, a bittorrent client was found on the main server of one of our products. We have very strict protocols regarding product installation and media creation which just goes to prove, once again, the weakest link is the luser.
It's extremely cynical of me perhaps, but I wonder if this isn't some type of pernicious planned obsolesence. Some car makers for many years deliberately made cars to last 20,000 hours (pure folklore, overheard) because they needed cars to fail after a few years to keep the volume of new car sales going.
Wouldn't the same principle work with computers? Something has to make them fail over time or people will make do with the old. Unfortunate that this means NT4 boxes in hospitals might get people killed, but when have the truly greedy ever really cared?
Do not mock my vision of impractical footwear
As I unfortunately found out yesterday, one of the more common ways the virus spreads is through removable drives. If autorun is enabled for removable devices (which it is by default, and no MS basher responses please), Windows will load autorun.inf straight away, infecting you.
A work colleague brought over a USB stick with some music on it, which I happily acquired, along with Conficker. For some retarded reason the resident shield was disabled. After we received an email about it, I noticed this and re-enabled it. I didn't realise I had the virus until this guy came over again with some more music and the AV software exploded in my face with a nice "warning conficker detected and removed" message. Of course that meant "removed from the USB stick" and not "removed from the PC".
Virus scans would no longer run, and I couldn't access most conficker-removal-related websites unless I went through a proxy. Incredibly, the Microsoft Malicious Software Removal tool worked a treat. After using that, rebooting, and disabling autorun in the registry, it's gone.
I blame partly myself for not disabling autorun (security lockdown on these work PCs is ridiculous; I would have had to ask an admin to do it), and for whoever disabled my bloody resident shield.
I hinted to our admin that I wanted Debian instead, but that didn't go down well. :)
tl;dr version: Conficker is bad, mmkay.
Homonyms are fun!
You're driving your car, but they're riding their bikes there.
At least with an OSS product, you'd be able to hire a developer to fix the specific vulnerability on the existing system.
It doesn't work that way.
You botch this assignment and people die.
The hospital does not have the financial or technical resources to validate your work.
It's potential exposure to administrative actions, civil and perhaps criminal penalties is enormous.
Let's assume that the hospital equipment can't be patched enough or in a timely-enough manner to make it safe enough to use with the Internet. To me it's obvious: don't ever allow connections to the Internet in any way.
Critical medical equipment should never have been even remotely connected to anything not 100% secure.
---- Booth was a patriot ----
Is MS Steady State an option?
...
Well then how the hell am I supposed to send my heartbeats to twitter?
Answer that! Ball's in your court.
Considering the high cholesterol content of spam, it's probably already wreaked its share of havoc on heart monitors... it's about time the heart monitors gave something back.
Let me get this straight, we know Microsoft drops support for its OSes and that includes security patches, yet hospital equipment manufacturers are loading Windows on equipment costing millions? Come on folks, what's wrong with this picture.
Atleast with open source, the equipment manufacturer can backlevel a patch or hire someone to do this. They can't do this with Windows or it costs too much for them to do it. I can't imagine getting source access to an unsupported OS is something Microsoft wants. If they don't want it, they price it off the market.
So is anyone in the press bringing up the issue of companies embedding Windows in products which are expected to last more then 10 years like MRI machines and other hospital equipment? This isn't your standard corporate IT department that keeps throwing away good hardware every three to five years.
It's plain and simple, Windows is unsafe and unsupportable in any long life application.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
trouble is conficker can spread through flash sticks too, so it's fairly easy for it to jump from the internet to an isolated network.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
"Well, NT didn't work to begin with, that was the problem" - by Chasmyr (1261462) on Thursday April 30, @06:45PM (#27780347)
NT worked fine to begin with, especially with the equipment certified for it by MS, in its day 1993-1996: This is certain!
(Hardware Compatibility Lists, anyone? WHQL (Windows Hardware Quality Labs) testing as well...)
NT 4.0 onwards, thru 2000, XP, Server 2003, Vista, Server 2008, & soon Windows 7 all/each of them, have their own HCL!
(& possibly NT 3.5-3.51 may even have one also, per this possible evidence thereof, here in the next url below, & this quote from it, from the year 1996:
----
http://bat8.inria.fr/~lang/hotlist/free/abuse/askdrbob-jan96.html
"If a machine is on the HCL for NT 3.5, that doesn't imply that the machine will run later versions of NT."
----
Now, for NT 3.51?
IIRC, I downloaded it from MS' old FTP site ftp://ftp.microsoft.com/bussys/winnt/winnt-docs/hcl/
(& it had a lot of equipment on it that was proven to work with it (especially NT 3.1-3.51, because they were new & had Win9x competition too))...
See here, for all the lists of Microsoft OS that have an HCL -> http://www.microsoft.com/whdc/hcl/default.mspx
NT 4.0's there, alongside even older Win9.x series... & leads to this example thereof -> https://winqual.microsoft.com/download/hcl/NT40xHCL.txt
APK
P.S.=> In other words, there are literal LISTS of tons of devices that "NT Worked with", though you said it did not work (it could be very stable & was Orange Book C2 Secure level granted secure as well)...
So!
That "all said & aside"?
I must ask you a question:
Had YOU ever used Windows NT 3.1-4.0, yourself, & especially back in the days it came out circa 1993-1996? apk
Here's a vaccine: use Unix and Unix-like systems. No medical device should be running Windows. You do see stuff with Unix, such as some CT scans, but the way Microsoft's marketing is strong, you see a lot of stuff on Windows. Also, because it allows for easy installation on a widespread platform.
Here's a big opportunity for open-source developers: ship the whole thing, computer, OS, *and* your image analysis software for microscopy - or whatever (of course, the ugly part for Linux is the GPL - but then there's always a choice of BSD or solaris).
BTW, how come retarded managers get to choose Windows for medical devices, and the NYSE sticks to Linux for their systems? Answer: because there is a shitload of money in the NYSE and big fish at the sea and they can't afford retards managing their IT infrasructure.
On another note, I suspect things are even worse in other corners of the world. For instance, a couple of weeks ago I was having a coffee with the guy reponsible for major IT infrastructure in the government health sector (this in Brazil, and I'll not disclose specific info), and he told me a horror story of how they run very old, unpatched software, that they *can't possibly* upgrade because, as these things go in the developing world, the budget wasn't always there when they needed, so they missed upgrades, and to upgrade the things, they can't just go from, say, version 5 to 7, because Microsoft doesn't work that way...BTW, the guy - a top manager - was clueless regarding, say, OpenBSD. He just bought pre-packaged Microsoft shite. How sad...He did mention that TCO for Linux was higher, because of lack of specialized workers (as opposed to a legion of incompetent sysadmins wannabes we see all the time in the Free Software meetings), and that they had made a half-assed atempt once.
OTOH, the public health sector should run open source software for security reasons. Period. If .mil does, why doesn't .gov?
Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
With the Internet locked out, the only thing left is to train employees never to introduce USB sticks into the system--at the risk of picking up a law suit or loss of employment.
This is why the manufacturers fold their tents every five years and move on.
Don't get sick.
Help stamp out iliturcy.
The university of utah school of medicine and the university hospital were both infected, and though nobody died, it's been a giant PITA to get things cleaned up. IMHO, mismanagement is the cause.
The network is not trusted. Not ever. Not even a lab network with air gap. For the lifetime that these devices are expected to see somebody will defeat the network security, even if they have to invent a parallel port to wifi adapter.
The trick is to never expose services to the network on clients. Ever. Clients are for using services, not providing them. And audit your network periodically to ensure the damned clients haven't started listening without permission. When you implement this policy expect to have considerable disruption as you discover precisely what services are running on clients that are used for important work. It's very scary. Port monitoring can be used also to detect if a client is performing services on a "stealth" port. There's a whole lot more to running a secure network but most people don't even do this much so locking down broadcast and monitoring for slow scanning and other steps are pretty moot.
Also, audit your servers. Each server needs to have services exposed. But it should have those required only. By default all ports should be not listening and this should be checked with snort before the required services are started.
And of course turn off auto run.
Help stamp out iliturcy.
I spent many years developing real-time software for embedded, real-time, and safety-critical systems, and all I can say is that ANYONE who uses Microsoft software for such should be arrested for endangering the public safety! Remember the disaster that was the Denver International Airport automated baggage handling system? That had to be pulled out entirely because after years of effort and 100's of millions of US Dollars? It was built on NT. When I heard about that (before it was deployed), I screamed, saying that it could not possibly work! Well, my opinion was vindicated (unfortunately). So, the fact that many of these safety-critical medical systems which are built with MS software have proven vulnerable to the most pernicious malware we have ever seen, does not surprise me in the least. I hope that the hardware and software companies who have developed and sold these systems to hospitals and such are forced to recall all these systems, and certify them to Blue Book security standards. Shame on them! A good example of why management should not be making engineering decisions, IMHO...
Sometimes, real fast is almost as good as real-time.
..if this causes some patients to die, then there'll probably be 2nd degree murder charges involved or at least manslaughter.
Insecurely designed systems insecurely administered on insecure network insecurely connected to insecure internet run afoul of common problem; patients feel insecure?
I've been offered a job that I declined at a major chain (?) of hospitals in my country (some european country). The IT staff were all complete morons and it was nearly all Windows based RAD/CRUD gui apps stuffed on top of some SQL DB. No security at all. I won't tell you how the doctors log in from their home to that huge network and can access every single patient's records.
But there's light at the end of the tunnel: there have been some hospitals switching to Linux for everything "administrative" and... There are now some very powerful medical app that are... Linux only. Yup, super high-end medical hardware driven by Linux machines. And one doctor was pissed off that I didn't join because he knew the IT staff were all cluesse MS morons and had absolutely zero Linux knowledge. He was badly needing someone who could "integrate" his shinny new $$$ millions Linux-driven machine on the existing infrastructure.
The wind of change is here.
We had a single NAS that everyone had forgotten about get nailed because it ran a version of win2k called "Windows Powered!" which was basically windows 2000 for storage servers. The issue? You can't run service packs, or patches on it that aren't provided by the manufacturer. The manufacturer hasn't released a patch in 4 years. So we essentially had a 1TB NAS sitting there sharing out a virus that we had no way to patch. Once we located it we isolated it, copied everything to a new nas running windows 2k3 storage server via crossover, and then verified the 2k3 box was clean. However that old nas easily infected 20 other machines - including machines which were shipped to hospitals because they will not allow us to install virus scanners (they want to use their own managed scanners). Further, most QA(quality assurance) workstations which are attached to MR, CR, XR, US, NM and other units tend to be running OLD copies of windows with no virus scanners. You can blame konica, kodak, fuji, and the other imaging companies for that idiotic choice.
"A patch was released by Microsoft last October by November that fixes the problem, but the computers infected were reportedly too old to be patched"
This doesn't make technological sense. If they were capable of running the unpatched version, they were equally capable of running the patched version. I mean Conficker ran ok on these old systems.
"that old nas easily infected 20 other machines - including machines which were shipped to hospitals because they will not allow us to install virus scanners"
Interesting, would these other machines have been protected if they did have AV installed. See here where they refer to an arbitrary code execution during path canonicalization'. I think they mean a buffer overflow in the RPC service.
"Before a patch can bve installed on medical equipment, the hardware vendor has to validate the patch"
What are the technological and legal issues in relation to computerized medical equipment. How does one go about validating a patch. Who is responsible when something goes wrong. At least one hospitable has had equipment rebooting during surgery. How do you test the patch, apply patch, scrub up and attend operation, wait for BSOD and click on restore ?
Yeah, let's make sure the medical computers can't get to the internet. Oh wait, that means they no longer work. Now fix it: call the vendor, hear them typing, "Hey, I can't ping that equipment, you must have a network problem. Fix it immediately."
Now while the doctors start to storm the help desk, explain how they chose the wrong requirements for their networked equipment.
Upshot? Doctor puts his thumb down and you are fired. Next person gets the network connection restored. Rinse, lather, repeat.
Yes, I do run a hospital network. If you think your network safety is given a higher priority than the convenience of the equipment configuration and the remote availability for the doctors, you must be stealing something from the pharmacy.
the network that the medical equipment is on should be a closed system with no computers that were ever connected to the internet
You haven't bought any medical equipment in the last 10 years have you? Because if you think medical equipment works without the internet, you are wrong.
Now, whether it should connect is a different story. The fact is it does connect and must connect to provide service.
I'm doing it wrong? Not according to GE who makes some of our CT equipment. They specify the exact networking parameters that better be working. If they can't ping the equipment from the support center in (?)India(?), they claim you're doing it wrong.
Not according to MedQuest. Not according to AGM. Not according to Cardinal Health. They all require internet connections to the equipment.
Yeah, but you keep believing that I'm doing it wrong.
Too bad? If GE can't support your $5million 64-slice CT scanner that's TOO BAD?
I'm pretty sure it would be too bad if no patients could be seen because the equipment is down. It's too bad we can't get remote support. It's too bad we are now paying for something that is not generating revenue. It's too bad the head of radiology is yelling at the network admin. It's too bad the CEO has to decide that the head of radiology (who brings in $5 million per month) or the network admin (who COSTS money) needs replacing.
Here's how it goes:
Doc: I want the scanner to work.
Admin: This was a bad pruchasing decision, it wouldn't be safe. I refuse to connect it to the network.
Doc: I want the scanner to work.
Admin#2: But that wouldn't be safe. I refuse.
Doc: I want the scanner to work.
Admin#3: Right away, sir!
--------
Admin#1: Spare change?
Admin#2: You want fries with that?
Should it be this way? Probably not. Is it this way? Oh, yeah.
Ish. I do not envy you that position, but I understand it.
Can you at least firewall off the equipment down to the bare minimums, like ports 80 and 443? Can you hide them behind a transparent proxy that would bear the brunt of the attacks? Can you maybe access them via Citrix, or a Terminal Services Client, or something that is at least a hop away from the raw internet? Are they at least on a separate partition from the other Windows boxes on your network, so when Dr. Red fires up his laptop and starts spreading malware like wildfire, at least your lab equipment is safe?
It just seems like there are plenty of other mitigation strategies you could use to reduce exposure to these machines without removing
John
I know from personal experience at HCA health care corp, most of their Hospital devices ate stripped down Windows NT 4.0 SP 0 intentionally configured to allow anonymous access, not in a windows domain and the worst part NEVER receive windows patches for any reason due to being EOL and not under a support contract.
The only reason more people donâ(TM)t die on the table to hacker is ⦠well a lot of people do expire the table donâ(TM)t they.
A terrorist attack on the NHS has brought three London hospitals to a halt.
The terrorists, representing an organisation calling itself "Microsoft," apparently used insecure third-party contractors to put a virus-running platform called "Windows" into critical systems in the hospitals, in order to extort money from them on an annual basis.
It is understood that a large percentage of all businesses are infected with the virus, wasting up to 25% of employees' working time and opening the companies to further attacks from related criminal organisations demanding to see all their licenses.
The virus in question, W32.SHILL/SCHOFIELD, takes over the host's IT systems, leading to aches, pains, nausea, vomiting, pumping out prodigious quantities of faeces and a terrible compulsion to spread the infection to others. The patient also walks with a shuddering stumble and asks for their hospital meal to include tasty, tasty brains. Recovery has commenced when they have an overwhelming urge to throw their computer out of the window. "Getting this stuff out of the system makes MRSA look like a walk in the park," said one cleaner, waving his shit-encrusted hands about for emphasis.
When the infection became known, ambulances were diverted to other hospitals. "We have maintained a safe environment for our patients throughout the incident," said a spokesman for Barts NHS Trust, "keeping them in the Clostridium difficile culturing lab rather than risking exposing them to 'Windows.'"
http://rocknerd.co.uk
What about also explicitly educating the less-technical staff about the reasons for these measures ?
Otherwise it would get perceived as "yet another pointless policy IT is putting in to hinder my productivity".
Obviously they would still want web/twitter... so maybe put a few powerful machines running a bunch of vncservers, and allow the staff to do all the twittering/news browsing from there ?
See my subject-line, & this acronym (it's "acronym expansion time" kids, yay!):
Hardware Compatibility List
(Which means if hardware that was tested as working for Windows NT existed it was mostly on that list)
----
"And NT most assuredly DID NOT work, it was an unstable piece of crap, non-functional as soon as you installed anything beyond the OS itself." - by Anonymous Coward on Saturday May 02, @06:27PM (#27801339)
Says you... what about myself (who loved it, only thing I missed @ times & dual booted for, OR, just set up another PC for) was Win9x's superior gaming ablities... for older DOS games WITH SOUND, mainly (I could play them, just no sound).
For REAL WORK though?
Hey - Windows NT-based OS were more stable, better & faster online, & just all around good solid stuff vs. other MS OS'... & many companies felt the same around the year 1997 onwards (NT 4.0 onwards into 2000, & later XP + Windows Server 2003).
What about companies that used it & had no problems, & the fact that many MORE companies have migrated to NT-based OS, especially as servers AND workstations combined since then? They all came from this branch of MS OS, not DOS, not Win9x (in parts that are not "core-kernel" level, just OS shell & commandlines mostly from both)
(Maybe for you, per my subject-line above, it was "not working", lol, & I CAN SEE THAT, based on your lack of understanding just what "HCL" means!)
Heck, do you know what WHQL means, & what they do there, for MS' own labs this way??
----
"It shouldn't have been released it was so bad" - by Anonymous Coward on Saturday May 02, @06:27PM (#27801339)
Maybe NT 3.1 was, & only because it took a LONG time for it to boot up, and it was a LOT slower than NT 3.5x series!
It didn't help that the best PC going back then, based on x86 architecture, was 66mhz Dx/2 or 50mhz DX Intel's, either!
(Thing is though, there were MIPS RISC stuff that ran a LOT faster, that NT was ported & ran on (ALPHA, for one, PowerPC for another, & there were more)... those actually ran it fairly fast).
NT 3.5 onwards?
Hey - You could run WELL on a 486 Dx/4 133mhz, for sure, w/ only 32mb of RAM:
I know, I did so, & MOST OF THE TIME, circa 1994-1997, until NT 4.0 came around! Only gaming was the time I liked Win9x better... that's it, & that's only a FRACTION of the time I spend on PC's each day/week/month/year etc. (a tiny fraction).
APK
P.S.=> Chasmyr (1261462): You posted as "A/C" this time I see, lol... apk
Those who dare to install heart monitoring or other life critical equipment running Windows should be deported to The Hague and tried for crimes against humanity. Those who agree to operate such equipment of their own free will should be fired on the spot.
This is about as insane as controlling an 80 foot crane with a Gameboy. Total madness.
The Hacker's Guide To The Kernel: Don't panic()!