As you (hopefully) will have heard by now, starting on Friday and over the weekend over 200.000 computers in more than 150 countries were struck by a massive ransomware cyberattack called "WannaCry". The malware encrypted files on the computers and asked for $300 worth of Bitcoin for the keys to release them. Those computers were mostly running Microsoft’s Windows XP, released in 2001. Support for the OS ended in 2014, which basically means that users were left vulnerable for security holes detected after that time. So, is this all Microsoft's fault?
Many organisations still run older Windows versions like XP however. According to Netmarketshare 7.04% of all computers run it, making it the third most used operating system in the world. And Microsoft knows this as well.
In fact, Microsoft makes money of those users (mostly companies) by making them pay for security updates. This could be seen as its own form of ransomware.
Yesterday, Microsoft released a free patch for Windows XP, which obviously came too late for most victims. This same patch was released in march of this year to newer Windows versions, before it was made public that NSA exploits were stolen by hackers.
Had Microsoft released this critical update for Windows XP as well, the damage would have been significantly less severe.
On mobile, Google’s Android suffers from a fragmentation problem, because so many people have devices that don’t receive the latest security updates.
Google is trying to change this starting with Android O, which should it make it easier for device makers to update their devices thanks to Project Treble. But as explained by Ars Technica’s Ron Amadeo, this only solves one of many update hurdles.
Microsoft made its latest OS, Windows 10, a free upgrade. This makes it easier (and cheaper) than ever to get the latest security patches. But not everyone or every company choses to update. Why? Because company software relies on legacy drivers or hardware. Or because it runs on lower-end hardware in Africa. Or because of the same reason why you still sit in that old chair: it still does the job.
So is Microsoft to blame? I think so, but so is the software industry as a whole. There should be new standards for software support and security should be a key pillar in every iteration of development. This is even more critical when in the near future all of our devices might be smart.