back to article Yeah, WannaCry hit Windows, but what about the WannaCry of apps?

WannaCrypt crippled 230,000 Windows PCs internationally, hitting unpatched Windows 7 and Windows Server 2008 and computers still running Microsoft's seriously old Windows XP, though the latter wasn't responsible for its spread. The initial reaction was a predictable rush to patch Microsoft’s legacy desktop operating systems. …

  1. Gordon Pryra

    As the author points out

    It doesn't matter how long the support is for if none can be arsed to make use of it.

    Easier to say "it was the Koreans" than say "we are managed so badly we sit around the table and laugh about it rather than patch anything"

  2. JimmyPage Silver badge
    Megaphone

    Reaping what you (don't) sow.

    The problems associated with downtime due to rebooting (and in this day and age only kernel updates should need a reboot) could be offset by a decent business continuity framework with dual servers.

    Upgrade one while the other carries the load, and then switch and upgrade the other.

    Of course that requires a finance department that accepts the "cost" of such redundancy is the "price" of permanent uptime. Which IME, they rarely do. Although they CAN tell you - to the penny - how much it's costing the firm when 1,000 employees can't do their job because downtime is needed to patch a server.

    1. Paul Crawford Silver badge

      Re: Reaping what you (don't) sow.

      It is not just the down-time of a reboot, as at least that can be scheduled, but you have the cost of some fault causing failure as well. Proper redundancy in the hardware/software should allow a painless continuity for both planned and unplanned events.

    2. Anonymous South African Coward Silver badge

      Re: Reaping what you (don't) sow.

      Beancounters - the natural enemy of all BOFH's.

  3. midcapwarrior

    "Putting aside the Linux kernel, which tops the CVE list this year (in previous years it struggled to make the top 10), ".

    Putting aside because there nothing to see here.

    1. Anonymous Coward
      Anonymous Coward

      “Self-satisfaction especially when accompanied by unawareness of actual dangers or deficiencies”

      Lol.

  4. RobinCM

    Control freak

    I would much rather be the cause of outages and problems with my own systems through applying updates, than not apply updates and have some malware/hacker get into them and mess them up.

    I know which updates I've tested and applied, and when I did it. Who knows what the malware/hacker has done, or how long they've been there doing it for.

    The risk of not updating outweighs the risk of updating.

    1. Anonymous Coward
      Anonymous Coward

      Re: Control freak

      "The risk of not updating outweighs the risk of updating"

      Surely that depends on how well the updates are documented and how well they've been tested in the circumstances relevant to any particular installation?

      E.g. if all your connected cameras and associated apps unexpectedly stop working, and they're a critical part of some safety/security monitoring setup (highway traffic management, airport security) and you didn't see it coming, and your end users suddenly can't see what's going on on the roads or in the airport etc, then what?

      Not a hypothetical example:

      https://www.thurrott.com/windows/windows-10/76719/microsoft-broken-millions-webcams-windows-10-anniversary-update

  5. Ellier

    Dont ask how many

    In doing tech support for quite some time for various people and orgs, one of my pet peeves is the C++ runtime from 2005 being found on machines. This article should be required reading for some OEMs (cough cough).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019