There's a lot of blame being thrown around, and I think it's all merited, but an inordinate amount needs to be on the users. I don't know how many times I've heard things like: "I don't think I'll update to Windows 10" or "That update has been nagging me for months" or even security advocates saying "Windows 10 is a privacy nightmare, I'll stay on 7". Being on the latest secure upstream isn't a nicety, it's what you have to do if you want any semblance of a secure environment. If you don't like upstream, jump to another.
It's definitely not end-users either. There's a grocery store that just went up nearby that I saw Windows XP splash screen on when one of the cashiers rebooted. No joke, new store, Windows XP computers that handle money. Microsoft may have cultivated this nightmare, but it seems everyone wants to live in it.
> Being on the latest secure upstream isn't a nicety, it's what you have to do if you want any semblance of a secure environment.
Windows 7 is in extended support to 2020. So as far as I know security wise still up to date.
> There's a grocery store that just went up nearby that I saw Windows XP splash screen on when one of the cashiers rebooted.
The cash register may be even running with a user interface written in VB6. Don't attach it to an external network and it will work just fine. No need to invest in new hardware/software when you can get it old, working and cheap.
> Windows XP computers that handle money.
In what way do they handle money? A computer virus isn't going to steal paper money and the device operating the card reader should have been sufficiently separated to begin with.
Do you really think that the machine does not handle credit cards a well? Provide a daily management report? Report inventory? Provide a Facebook interface between customers via the big blue E icon?
> Do you really think that the machine does not handle credit cards a well?
I don't know about the U.S., but as far as I know were I live these card readers have to be almost completely separate systems. The connection between these two should only exist to a) set the price to pay and b) confirm that a payment was made.
> Provide a daily management report? Report inventory?
No longer managing money directly, so the possible abuse for financial gain is quite restricted. You could argue that someone manipulates the reports in order to skim some money for himself, however that would be a rather targeted attack with someone on the inside profiting and could be detected when the physical goods no longer line up with the reported values.
> Provide a Facebook interface between customers via the big blue E icon?
* Predicate the commercial viability of your software on the basis of technological illiteracy
* Blame the technologically illiterate 'luser user' when things go wrong
* Try and profit from it even as you blame said 'luser user'
The best lesson for Microsoft would be if it incurs a tremendous loss to its reputation, and more importantly its bottom line, because of some issue like this.
It is strange to see people talking about how they took an exception and released a patch for Windows XP this time. Generally, such an exception is the very definition of CYA. If not, why don't they do it for all patches? Read: if the security hole can be used as a way to convince the 'luser user' to pony up more money, don't release a patch. But if the issue is so high profile (for example linking MSFT to a three letter organization), then better issue a patch and CYA.
It's definitely not end-users either. There's a grocery store that just went up nearby that I saw Windows XP splash screen on when one of the cashiers rebooted. No joke, new store, Windows XP computers that handle money. Microsoft may have cultivated this nightmare, but it seems everyone wants to live in it.