Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashdot Asks: In the Wake Of Ransomware Attacks, Should Tech Companies Change Policies To Support Older OSs Indefinitely?

Posted by msmash on from the business-vs-moral-responsibility dept.

In the aftermath of ransomware spread over the weekend, Zeynep Tufekci, an associate professor at the School of Information and Library Science at the University of North Carolina, writes an opinion piece for The New York Times: At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, "pay extra money to us or we will withhold critical security updates" can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more. Microsoft supported Windows XP for over a decade before finally putting it to sleep. In the wake of ransomware attacks, it stepped forward to release a patch -- a move that has been lauded by columnists. That said, do you folks think it should continue to push security updates to older operating systems as well?

4 of 360 comments (clear)

  1. hard question by nomadic · · Score: 4, Interesting

    I honestly can't figure out where I fall on this. I would say for major security issues, yes, though the cutoff should be when production use of that OS get below a certain point, which should be easily monitored, and I don't think XP went below that.

    In any event, that an organization the size of NHS, quite literally one of the largest employers on the planet, did such a poor job on security is disgraceful, especially considering how internetworked all their stuff was.

  2. What if we tied support to copyright? by ToTheStars · · Score: 5, Interesting

    Slashdot generally doesn't like ludicrously-long copyright terms, right? What if we made maintenance a requirement for retaining copyright over software? If Microsoft (or whoever) wants to retain a copyright on their software for 70 years, then they'd better be prepared to commit to 70 years of support. If they want to EOL it after 5 years or 20 years or whatever, and wash their hands of responsibility, that's fine, but then it's public domain. Why should we let companies benefit from software they don't support anymore?

    This could also work for art works, as well -- because copyright exists "To promote the Progress of Science and useful Arts," we could make it a requirement that an author (or company, or whatever) needs to be distributing (or licensing for distribution) a work to have copyright on it. When it's out of print, it enters the public domain.

  3. Re:No by SecurityGuy · · Score: 3, Interesting

    I don't see how you can blame Microsoft if $OTHER_COMPANY uses their software in a way Microsoft doesn't support. IMO, you should be blaming Hitachi here, not Microsoft. As far as critical and irreplaceable goes, anyone who builds critical, irreplaceable services on commodity, consumer grade software, has no one to blame but themselves. Put another way, they may have accepted the risk that this would happen when they stood the service up. The risk has now materialized.

  4. Re:No by Xest · · Score: 2, Interesting

    The irony is that Microsoft does offer paid support for Windows XP, but that the UK's current Conservative government decided to axe the contract a year or two back to save money.

    I wonder how that £5mill saving has paid off now that they're going to have to pay a fucking fortune in sorting it all out and upgrading anyway?