[flukus]

> The problem lies in our defensive infrastructure and our ability to roll out patches responding to incidents.

The problem is corporate IT (or management) think they can create some sort of stable environment, driven by fear of having things break. Organizationally they need to accept that they are operating in a dynamic and hostile ecosystem and that the risk of worms is higher than the risk of some random app breaking on a windows patch.

[CamperBob2]

Organizationally they need to accept that they are operating in a dynamic and hostile ecosystem and that the risk of worms is higher than the risk of some random app breaking on a windows patch.

Except it's not. The account used by the hackers has supposedly earned about 4 Bitcoins so far. Meanwhile, many people from home users to professional IT personnel can recall incidents where Windows Update has broken something that worked fine before. Up to and including installing a completely new version of Windows, force-fed to unwilling customers with intentionally-deceptive practices.

[21]

I know more times when updating Ubuntu made the machine unbootable than for Windows.

[dotancohen]

I'm a CentOS desktop user at work and Ubuntu at home. I love my Linux. Objectively, the parent poster is correct. For all MS's faults, I've had no less problems updating Ubuntu systems than I've had or seen with MS systems.

That said, CentOS is _rock solid_. The packages are old, but maintained by Redhat upstream and do not break on updates. The only thing I recall seeing break on a CentOS update, including point releases, are Firefox and Thunderbird extensions as Mozilla apps are updated eight version numbers from one ESL release to the next.

[flukus]

What type of update? Dist upgrades can be broken, but I've never had issues with general updates.

[dotancohen]

Mostly problems with the graphical stuff. More than once I've had to log in via a text console and mv ~/.kde somewhere else to start X, or move some ~/.Xfoobar file. Once some ~/.Xfoobar file filled up the entire /home/ partition due to some X error. I've also had problems with some network card driver on a new install, I can go through my posts on unix.SE if you want more detail.

I simply remember that Ubuntu should only be updated when I've got a spare day to fix any potential issues, whereas so far CentOS can be updated before each shutdown.

All this is from the perspective of a desktop user. I use both on various web servers and I've found both to be reliable. I'll use CentOS where I need absolute stability but on my cloud instances I'll happily use Ubuntu and get the latest PHP, etc.

[tragic]

This is a little misleading. The cost of the attack to businesses, governments etc is vastly greater than the laughable amount of money actually raised by the criminals.

A doctor who needs to look at an X-ray and comes up against WC is not going to pay up on her credit card. She will call the IT department to 'fix the broken computer'. But she still won't be able to look at the damn X-ray.

[flukus]

This is only a single particularly large attack, the same sort of thing happens to machines everyday on a smaller scale. The future potential for attacks like this also go way beyond the current attack.

I do agree MS needs to shoulder a lot of the blame here, but would they have acted differently if IT departments didn't block updates?