The WannaCry, or WannaCrypt, ransomware that attacked mostly networked computers running unpatched Windows operating systems last month did not affect many non-networked home computer users, but that doesn’t mean those users will avoid future attacks. The computers of home users are often just as vulnerable as those used by banks, hospitals, and other large institutions. They are less likely to be attacked only because they aren’t generally tied into a larger network and because loss of their data is not critical. Home users also have less money, or access to Bitcoin, than large institutions, making an attack on them not as worthwhile for hackers.
Cat using computer; photo by EvanLovely.
Any computer running any operating system connected to the internet is vulnerable to ransomware, malware, viruses, and a host of other exploits. Macintosh and Linux operating systems are partially less vulnerable than Windows, but not invulnerable. The same goes for the Android and iOS mobile phone platforms. Frequently updating an operating system with patches downloaded from the operating system provider is key to maintaining security. An equally important best practice is to avoid human error in daily computing, such as being wary of web links or attachments in suspicious emails, and even being careful of clicking on ads from unknown providers on sketchy websites. The internet is a teeming public square where pickpockets mix with everyone else, and where some side streets and alleyways lead to unwholesome places, increasing the likelihood of something bad happening.
All this seems like common sense and fairly common knowledge, so why are large institutions with professional Information Technology (IT) staff on hand nonetheless vulnerable to cybercrime exploits that home computer users who are conscientious about updating their software and careful when visiting the internet can usually avoid? Are the IT departments incompetent? The answer is they apparently do their best most of the time, like anyone else with a job to do, but their efforts are many times hobbled by that second factor mentioned above – human error. And the larger the organization and the more computers tied into the network, the greater the chances for one small human error to multiply throughout the organization. IT specialists are also hobbled by the unwillingness of higher ups to let go of outdated operating systems like Windows XP. The WannaCry ransomware targeted unpatched, networked Windows XP computers.
From Woody Allen’s 1969 movie Take the Money and Run, a job interview presumably for an IT position, with a nod to the old TV quiz show, What’s My Line?
Here we have blame enough to go around for everyone: from the executives who, whether out of cheapness or reluctance to overhaul their company’s computer systems, failed to modernize; to the IT specialists who, whether from incompetence or overwork, failed to install vital patches to an outdated operating system; to the end users or user sitting at a computer who, whether out of ignorance or foolishness, clicked on a malicious link or fell for a phishing scam, and then passed it on to co-workers. What made the WannaCry ransomware especially vicious was its ability to exploit the very minimum of human error in order to replicate throughout a network. Computer experts are still not certain of the attack vector WannaCry used to gain initial access. The patch Microsoft issued months earlier should nevertheless have protected Windows XP computers, human error or no.
1940 Oldsmobile Station Wagon advertisement. You rarely see Woodies like this on the road these days!
Windows XP was Microsoft’s most popular operating system ever, and it’s understandable many users are reluctant to let it go. There are a lot of reasons Microsoft has tried to move on from Windows XP, as popular as it remains, and at this stage those reasons, good or bad, believable or not, are beside the point. The fact is Microsoft is moving on. For computer users to cling to Windows XP at this point is like automobile fanciers who own vintage cars: Yes, having a fine old car can be engaging, but don’t expect there will be many qualified mechanics available to work on it, or driving it on interstate highways will be a safe and effective means of travel in the 21st century. Windows 10, the up to date model of Microsoft’s operating system, has plenty of faults, among them being a data hog that is far too chatty with its home base so that it can mine the user’s personal data for sale, a lesson Microsoft learned well from Google, but at least it’s safely built for travel on today’s internet, the information superhighway, as Al Gore called it. Drive safely.