Microsoft has done some really silly things lately but the firm’s response to the WannaCryptor ransomware that spread around the world at the weekend is nothing short of admirable.
Sure, you still need to use the latest CPU and Edge to stream Netflix in 4K but if you run Windows XP you’re safer from the ransomware than you were a week ago.
Now Microsoft president and chief legal officer Brad Smith has penned a blog post that slams governments for hoarding vulnerabilities and calls out users for being careless.
“This attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect,” Smith wrote.
To Microsoft’s credit a patch for the legacy software – Windows XP – was deployed at the weekend.
But the real problem child in the tech industry at the moment is our own governments. As we saw in the Wikileaks dump earlier this year, government organisations hoard vulnerabilities and don’t make them known. The problem with this (as we’ve now seen) is that malicious individuals can also find those vulnerabilities and sow havoc around the world.
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” says the Microsoft president.
To those that think the comparison to a Tomahawk missile is unfounded just look at how the UK’s National Health Service was brought to its knees by a few lines of code.
In lieu of this weekend’s attack we mirror Smith’s calls for collective action. “We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now,” said Smith.
For those that fear being hit with WannaCry we have included a few precautions you can take below.
- Update your software and insure that any other PCs on our network have been updated as well.
- If you don’t have an anti-virus installed we urge you to install one. Any fears you have about how an anti-virus will impact your performance will disappear once you find your files encrypted and inaccessible to you.
- If you have an anti-virus make sure that it is updated.
- Treat emails with caution. Mouse over hyperlinks to check the target URL and verify that the email is who it says it is from. Look at things like the file extension of attachments and if you aren’t sure whether something is legitimate ask somebody in your IT department or a friend.
- If you work in a company and your PC starts behaving strangely contact the IT department immediately.
- If you find yourself needing to download software we urge you to pay proper attention to what it is you are installing. Often free software will be packaged with ad-ware by a third-party. Where possible only use official websites to download software.
- In the rare instance that you download a malicious file pay attention to the file extension. Often malicious files won’t be labelled as an executable (or .exe) file but will run upon double-clicking. Take note that malicious software can run automatically but for the most part it requires you to run it. That means that if you downloaded the file and haven’t run it you can delete it and carry on with your day. We do advise you scan your computer in this instance as well.
[Image – Public Domain Pixabay]