A zero-day exploit of M$’s OLE, one of its tools of lock-in,“The Sandworm vulnerability is being actively abused to attack Swiss banking customers, Danish security consultancy CSIS has warned.” is now being used to rake Swiss banking customers who have not patched.
“Secunia estimates 12.6 per cent of UK users are running unpatched operating systems, up from 9.7 per cent the previous quarter. In addition, one in 10 third-party programs on the average PC are exposed due to failures in installing the latest security updates.”
Of course, this damage could have been mitigated by promptly patching when M$ releases their “Patch Tuesday” updates or sooner in an emergency. That’s the point. Consumers are not IT-people. They don’t know about this stuff. They just know about the speed and convenience of PCs on the web. That other OS is supposed to be “easy to use” but that’s just PR in the ads. It’s also easy to lose all security, have the system slow to a halt or crash. Sometimes, M$ gets it wrong and the patches don’t work. Consumers eventually buy another machine or take the box in for repairs to get it working again.
Even proper IT-people have problems with M$’s zero-day vulnerabilities. Sometimes the malware-writers take the clues and have exploits released in hours so the patching has to happen at an inconvenient hour. I remember working over my lunch hour to patch >100 systems. We used WSUS and automatic updates on the clients but always a few would need to be reminded and then there were the servers… I hated Patch Tuesdays because a convenient time for release in Redmond, WA was the middle of my work-day where I lived. Basically, unless the world has IT-people working 24×7 the world is vulnerable for several billion PC-hours every month even if they patch religiously.
Then there’s GNU/Linux which is relatively free from malware, about 1K times more free, and keeps getting better with each release.
Of course, one should patch GNU/Linux systems too, but they do very well unpatched. The great beauty of GNU/Linux for consumers is that there are hundreds of distros and the typical malware-artist can’t hack them all simultaneously whereas “the monopoly” is a single big fat target. So, better code, fewer malwares and diversity all work together to protect consumers whereas the salesmen running M$ seek to make life “easy” for both consumers and malware-writers. I choose freedom. I use Debian GNU/Linux.