Bro­ken Win­dows

Patch­ing up old sys­tems pro­longs the prob­lem

Financial Times USA - - FRONT PAGE - Richard Wa­ters richard.wa­ters@ ft.com

Imag­ine a world in which cars have a life of only two or three years, but where cus­tomers are happy to keep upgrading mod­els given ex­cit­ing new uses for their ve­hi­cles. That de­scribes the PC busi­ness in its hey­day. The com­bi­na­tion of in­creas­ingly pow­er­ful chips from In­tel and oper­at­ing sys­tems from Mi­crosoft made pos­si­ble new ap­pli­ca­tions. Cus­tomers were happy to switch to new machines. But what hap­pens when the rea­sons to keep upgrading re­cede and the streets start to fill with old — and po­ten­tially un­safe — bangers?

That prob­lem struck home with a vengeance with last week’s global con­ta­gion of the ran­somware known as Wan­naCry. An es­ti­mated 7 per cent of PCs — and an un­known num­ber of other pieces of dig­i­tal equip­ment — still de­pend on Win­dows XP, which dates from 2001. Mi­crosoft stopped pro­vid­ing its stan­dard sup­port for the soft­ware in 2014. That meant users did not au­to­mat­i­cally get fixes if new flaws were un­cov­ered, which is not un­usual for such a com­plex piece of soft­ware. The un­patched soft­ware pro­vided fer­tile ground for the mal­ware.

The re­sults high­light the prob­lems caused by a busi­ness model that was not de­signed for keep­ing tech­nol­ogy on long-term life sup­port. While soft­ware mak­ers are not legally li­able for their prod­ucts, com­pa­nies like Mi­crosoft typ­i­cally pro­vide fixes for a set pe­riod. At some point, how­ever, the cost of pro­vid­ing main­te­nance to a dwin­dling num­ber of machines makes it un­eco­nomic to continue.

Cus­tomers can­not say they were not warned. Mi­crosoft put them on no­tice that XP’s days were num­bered when it moved the soft­ware on to “ex­tended sup­port” in 2009 — an indi­ca­tion that the clock was tick­ing. It ended up sup­ply­ing fixes for an­other five years: after that, us­ing an un­patched ma­chine with XP was like driv­ing a car when no one would vouch for its safety.

But mov­ing to a new IT sys­tem is not as sim­ple as buy­ing a new car. Com­pa­nies some­times run cus­tom ap­pli­ca­tions for some tasks, and may face high costs if they have to re­write them to run on a new oper­at­ing sys­tem. The soft­ware is also em­bed­ded in pieces of equip­ment de­signed to have a much longer life than the av­er­age PC. The UK’s Na­tional Health Ser­vice has MRI scan­ners that de­pend on XP — although it was not the MRI machines that suc­cumbed to the ran­somware at­tack and forced hos­pi­tals to turn away pa­tients. As a re­sult, Mi­crosoft has been left with a predica­ment. On the one hand, it has an obli­ga­tion to its cus­tomers — and other road users — to make sure all the old ve­hi­cles on the streets are safe. On the other, it has to per­suade peo­ple that the only truly safe op­tion is to buy a new car.

Its an­swer has been to keep pro­vid­ing patches — but only if cus­tomers pay for high-priced “cus­tom” sup­port con­tracts. The cost of these ar­range­ments es­ca­lates over time, with prices ris­ing to $1,000 a year for each de­vice. The price might seem rea­son­able to keep an ex­pen­sive piece of gear like an MRI ma­chine in ser­vice, although it far ex­ceeds the cost of to­day’s cheap­est PCs. This gives cus­tomers a fi­nan­cial in­cen­tive to up­grade their equip­ment. In­stead of bit­ing the bul­let, how­ever, some choose sim­ply to drop the tech in­sur­ance.

The ar­range­ment risks tar­nish­ing Mi­crosoft’s rep­u­ta­tion — and not just be­cause it pro­duced the flawed soft­ware in the first place. The com­pany makes no friends by charg­ing high prices for cus­tom sup­port. It also ends up in a po­si­tion where it has the patches needed to make all XP machines safe but then with­holds them from some users. The sever­ity of the Wan­naCry at­tack forced it to bend last week and make the fix avail­able free of charge to all.

The ran­somware shock may fi­nally prompt more XP users to up­grade. Mi­crosoft may also end up re­think­ing its pol­icy and pro­vid­ing all ur­gent patches for old soft­ware free of charge, although it has given no indi­ca­tion yet of do­ing so.

There is also rea­son for op­ti­mism with the shift to cloud com­put­ing. This busi­ness model in­volves cus­tomers pay­ing a reg­u­lar sub­scrip­tion to use tech­nol­ogy as a ser­vice: it is up to the cloud com­pa­nies to main­tain IT sys­tems to the high­est stan­dards so that ser­vice lev­els do not suf­fer. Mi­crosoft has been work­ing hard to con­vince Wall Street that this also opens up a much big­ger mar­ket for the tech com­pa­nies.

Old IT sys­tems, how­ever, of­ten live many years longer than their de­sign­ers ex­pected. De­spite the re­crim­i­na­tions left in its wake, Wan­naCry is not likely to mark an end.

The sever­ity of the Wan­naCry at­tack forced it to make the fix avail­able free

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.