[simne]

I few times touched with subject, must say, this is mostly comedy or parody.

Because, regulators are extremely conservative, devices have extremely long lifetime.

Example, people asked me, where to buy USB flash with two tails - they used old embedded Windows on integrated into medical device computer, and regulations require to remove network devices, even prohibited to connect network USB dongle (sure, guy tried, but network drivers disabled in OS).

Interest, that people could install on that computer 3rd party applications, even games.

And that two-tail flash used to integrate those computer to medical database of organization - for me, this is just security WTF.

So, in reality, old systems live within old rules, which just don't know modern off-the-shelf technologies, and even when it is possible to make upgrade to modern safety techniques it is not considered.

As alternative example, not ideal, but.. Japanese new regulations on skyscrapers, where to got permission to build, builder required to create special account, on which deposit full sum of money, to safely collapse building and return land to state it was before.

[simne]

And, when this medical computer was manufactured (from marks on case), I already have developer documentation on secure SIM card with integrated Java, so it was possible to totally eliminate all external drives, and make "over-the-air" upgrades via GSM network, enhanced with software security running on SIM, which I think much better way of security implementation, than limit USB to storage (which is not secure now).