Ransomware defense.

I think questions need to be asked about the involvement of the security services here.

They discovered the vulnerability but did not report it, instead they wrote an exploit called Blue Thunder on which the WannaCrtypt exploit is based.

In fact it was only discovered that they did this because of leaks.

Microsoft issued fix on March 14th along with two other Critical issues fixes.

Tarambor wrote: »

Linux is not secure. Linux distros contain software packages that have their own wide gaping hole sized vulnerabilities and with vulnerabilities like this and the one disclosed by Google the other week, would be most unlikely to be fixed as quick as Microsoft did. Microsoft have a very good track record for fixing exploits and those who got hit by the one in the news did so because they didn't keep their software up to date as Microsoft released a fix through Windows Update 2 months ago.

Difference is few Linux desktops get exploited because it isn't as profitable due to the small market share. You'd be as secure as Linux running Windows 98.

I was thinking about this the other day (in context of the NHS thing). One big difference is that Linus is very insistent on keeping kernel interfaces backwards-compatible. One reason cited for not updating from Windows XP is that custom programs may no longer run. But with linux, it should be possible in principle to upgrade to the very latest kernel without touching any of the user-mode stuff at all. (I don't know if works like that in practise, but that's the theory. Obviously custom drivers may have to be updated from time to time as the internal kernel interfaces change, but that should be well documented, and it should be possible to speak to the kernel specialists directly for help. And if a new kernel doesn't work, you can trivially boot into an older one until issues can be resolved.)

Also, the user-mode packages generally don't need root access. And network daemons and services typically run with their own uid/gid, so if they're compromised, they have limited scope to trash the entire system. Obviously a compromise to a program you're running in your own account, such as a browser, can trash all your personal data - bit harder to mitigate against that.

I'm not entirely convinced that MS are better than the free software community at fixing flaws, but not taking that one on. It's partly down to whether the problems are discovered by the good guys (developers notified before going public) or the bad guys (exploit happens first).

Tarambor wrote: »

Unfortunately the kernel is the least of your worries. More of a problem is the graphical server and the desktop manager, other packages which your application may rely on which have been regressed and configuration file relocations in newer versions of Linux distros. Even some CLI bash commands commonly used a few years ago can no longer be found in some distros. An example would be ifconfig which is one I recently came across in Arch Linux that no longer exists because the distro dropped it as a default part of the distribution quite some time ago.

That's just down to the distribution using different packages by default. You can use net-tools (which contains ifconfig) instead of iproute2 if you want. They're available in the Core repository:

https://www.archlinux.org/packages/?q=net-tools

If the NHS were going to use GNU/Linux, they'd develop their own custom distro. So it would be up to them if they wanted to stick with one package or migrate to another.

I run Vista and have been told there is a patch even though it is no longer supported. I have update checking but it just hangs at "checking for updates". Any advice?

eset12345 wrote: »

obviously you don't drive.

not a day goes by that some lemming doesn't attempt to commit suicide.

common sense, that thing that's not all that common.

I do drive actually but that wasn't my point. And anyway if somebody wants to commit suicide by being run over they'll have to look for a car coming anyway. Pointless jumping out into the middle of the road and then not getting squashed or hit, really.