I've heard from someone selling security products that some companies prefer to pay ransonware to a hacker, instead of investing in building up their defense and paying for security products
I agree with the sentiment but this is probably not the case as a sysadmin hardly has any say in this usually. (I've been a sysadmin at software companies for 10 years.)
I've worked in the field as a professional since around that time and as an amateur since 1995.
Things Linux did better at that time:
- installation experience, os: installation of a "pre-installed" Windows laptop could take up to 4 hours before you had finished completely.
- installation experience, additional software: I was good at removing Windows spyware and adware back when that was a local problem. Never had any Linux user with that it problem.
- driver issues: 50/50, since around that time hardware would mostly "just work" unlike Windows were one would typically, again at that time, have to hunt around the Internet or dive for the cd. Reason why Linux don't win hands down was because if something wasn't supported it would often be a dead end until next distro release, sometimes longer.
- end user support, other ux issues: the same, which means Linux probably win with a comfortable margin since Windows had the benefit of everyone "knowing it" and still didn't come out way ahead.
- in addition Linux typically is faster, even to this day, which is a huge issue with some users.
You might have noted I wrote in many areas, not all.
For users who earn their livelihood with Autocad and Photoshop I'll have a hard time recommending Linux. Same goes for people who have tried Linux for a few weeks and still don't like it. It might be preference or it might be stubbornness, I don't care.
But blanket statements like the one I replied to:
> As well as cutting 98% of your workforce as no office employee knows how to work on anything different.
is just plain wrong. The fails here are mostly related to other issues, not dumb users. (I really don't like that idea that all users are so stupid they cannot change adapt.)
this. I think most office workers couldn't care less if they run Windows. But they know those Excel hotkeys as well as any Vim hacker knows the escape key.
As a vim to excel user I’ve always wanted to create an addon that maps vim hotkeys to excel. My only fear is that I’d get too used to it and not be able to use any machine that I sit down at.
So much this. The problem is mostly that this requires executive buy in, and clear explanation of the cost shift associated. Then, even after executive buy in, you have to guard against CISSP "windows on everything" saboteurs who know the C-speak better than you do, not to mention the people who want a vendor product for everything instead of just using industry standard FOSS tooling. To me, there is a lot of market opportunity here, but the MBA side is behind and so the implementation is lagging.
This is why I think one of the key things is in stack standardization (choose best in class foss tools that match requirements, for example, I personally have a gpl or gpl compat requirement), and stack size reduction (which means you don't need every fancy sounding tool that you hear about, make sure the use case is justified first).
People have such a stockholm syndrome relationship with MS (and proprietary sw in general) it's absolutely sickening. For example, I think educational institutions should be teaching and using FOSS first.
Some will whine about no one using linux or not knowing how, and one response I use is "you had to learn how to use windows too, and even it changes things up, just look at 7 to 8/10, so why not learn to use gnu/linux and free yourself from MS?"
I'm studying infosec, so I lean on the "pay for infosec people" side.
But from a company's perspective, if they have to pay 1M for an infosec team over five years, or 1M for a breach once every 5 years, what's the difference? You're still paying the same amount of money.
Perhaps they consider that the employees will be way more productive without all the security barriers that the Infosec team would set up, so paying for the breach is a net gain in this light.
When does infosec start to realize that it's not just about company costs/risks, but the lives of all those users who are going to get screwed when your 'low risk = cheap fix' mentality pays off?
I'm in the Equifax breach (like sooooo many more)... part of my 'general concerns about the world' is whether/when I get my life hacked and have to rebuild.
Let me know where you get hired next, so I can take my business elsewhere.
Equifax cares about one thing: earning profits for its shareholders. They got caught with their pants down. Now other companies can look and try to estimate their expected cost of being breached (probability of being breached multiplied by the dollar cost) vs the dollar cost to upgrade their IT systems, infrastructure, management, company policies, etc etc etc. Realistically, Equifax is probably incapable of doing the necessary changes upfront without a complete overhaul of it's people and leadership structure.
The vast majority of companies will spend the least amount of money possible to pretend that they fixed the problem.
You want companies to care? Then create regulation that protects