Slashdot Asks: In the Wake Of Ransomware Attacks, Should Tech Companies Change Policies To Support Older OSs Indefinitely?

In the aftermath of ransomware spread over the weekend, Zeynep Tufekci, an associate professor at the School of Information and Library Science at the University of North Carolina, writes an opinion piece for The New York Times: At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, "pay extra money to us or we will withhold critical security updates" can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more. Microsoft supported Windows XP for over a decade before finally putting it to sleep. In the wake of ransomware attacks, it stepped forward to release a patch -- a move that has been lauded by columnists. That said, do you folks think it should continue to push security updates to older operating systems as well?

No

No. You can't support legacy software forever. If your customers choose to stay with it past it's notified EOL then they are SOL. Any company using XP that got hit by this can only blame themselves.

Re:No

[jellomizer]

I will need to agree with conditions. If the Tech company is selling service contracts for that product, they will need to update it. However like XP and older, where the company isn't selling support, and had let everyone know that it off service, they shouldn't need to keep it updated. Otherwise I am still waiting for my MS DOS 6 patch as it is still vulnerable to the stoner virus.

Re:No

[AmiMoJo]

The people providing support should be the ones making MRI scanners, ATMs and other expensive equipment that only works with XP. Even when XP was brand new, did they really expect those machines to only have a lifetime of around 10 years? Microsoft was clear about how long support was going to be provided for.

It seems that people are only just waking up to the fact that these machines have software and it needs on-going maintenance. The next decade or two will be littered with software bricked but mechanically sound hardware, everything from IoT lightbulbs to multi-million Euro medical equipment.

In fact it's already happening. You can buy DNA sequencers on eBay, less than a decade old and original price $500,000, now barely worth the shipping because the manufacturer abandoned support.

Re: No

[Dread_ed]

If you own a Chevy, Dodge, or Ford and the airbag is defective and recalled it won't matter if you are out of warranty. The device will be fixed free of charge by your local dealer. Any safety recall would be handled the same way. The retailer's service facility will repair it free of charge.

With the news of how medical records and devices were affected, one might begin to wonder if software should be subject to the same kind of recall system. Personally I think it feels a little one sided for software companies to create buggy and easily penetrated software that results in loss on the user's end and all the company has to say in return is "You need to buy this new (equally buggy and easily penetrated!) software that is more intrusive and gives us access to more of your marketable metadata."

Is this yet another example of how dollars equal speech, leading to a loopback fucking, where our own money is used by large corporations to buy lawmakers and make sure protections for customers are never passed?

I would like to hear dissenting opinions as well as corroborating ones.

Silly idea

[argStyopa]

Should they go back and patch Win95 while they're at it? Make Win386 rock-solid in the face of current virii and ransomware?

By that same logic, you could insist that Ford go back and install safety glass and airbags on any existing Model T's still running.

The simple fact is that OS's are a treadmill. It's a not a typewriter that you buy once and use until it breaks.

Look, I think OS firms *should* support 'the last few versions' - say whatever was current 10 years ago (ie in MS's case, Win2007). But to go back further, or to MANDATE that?

If you can't be bothered to run reasonably current OSs, then you're going to be as safe as you deserve.

hard question

[nomadic]

I honestly can't figure out where I fall on this. I would say for major security issues, yes, though the cutoff should be when production use of that OS get below a certain point, which should be easily monitored, and I don't think XP went below that.

In any event, that an organization the size of NHS, quite literally one of the largest employers on the planet, did such a poor job on security is disgraceful, especially considering how internetworked all their stuff was.

Re:Blame Windows 10, in Part

[DontBeAMoran]

I've installed Windows 10 on my PC and TRY BING TODAY it's not that bad.

What if we tied support to copyright?

[ToTheStars]

Slashdot generally doesn't like ludicrously-long copyright terms, right? What if we made maintenance a requirement for retaining copyright over software? If Microsoft (or whoever) wants to retain a copyright on their software for 70 years, then they'd better be prepared to commit to 70 years of support. If they want to EOL it after 5 years or 20 years or whatever, and wash their hands of responsibility, that's fine, but then it's public domain. Why should we let companies benefit from software they don't support anymore?

This could also work for art works, as well -- because copyright exists "To promote the Progress of Science and useful Arts," we could make it a requirement that an author (or company, or whatever) needs to be distributing (or licensing for distribution) a work to have copyright on it. When it's out of print, it enters the public domain.