Thinking. Writing. Philosophising.

Email Github LinkedIn

WannaCry and the Hardware Perspective

Posted on June 1, 2017 — 5 Minutes Read

Infecting more than 250,000 computers, in 116 countries, was not an easy feat, and to have accomplished such in merely days, there we have the worst ransomware outbreak in history. Investigations were done and much was revealed. Like all ransomware, WannaCry’s goal was to extract ransom money from the infected by encrypting the computer data and thereby holding them hostages. Ransom payment was in Bitcoin which was the cryptocurrency of choice of the day for its lack of regulation and anonymousness.

One of the reasons that WannaCry was able to cause a global pandemic was its ability to spread across an internal network like a wild fire, by leveraging an exploit known as EternalBlue, which took advantage of a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. Some paid the ransom. Some had their data backed up in an offline storage and did not bother. Some decided that their data in hostage was not worth it. Eventually a kill mechanism built-in to WannaCry was discovered by accident, and there, it was spreading no more. Questions are still unanswered as to why WannaCry would shut itself down if it finds that a certain URL is active. One thing to be agreed is that the kill mechanism was likely to be built in by intention.

Some of the early affected computers were on Windows XP, which were left wide open to the attack since Microsoft ended support for them on April 8, 2014. One would think that Windows XP was most vulnerable. Post-mortem analysis did not agree however. It was identified that Windows XP constituted less than one in a thousand affected computers. For sure Windows XP wasn’t out of favour. With 7.04% of market share, it was the third most popular operating system globally. One reason for this low infection rate was, a bit ironic perhaps, that Windows XP tended to crash when infected before WannaCry could finish installing or go spreading around. More than 98% of the infected computers were in fact identified to be running different variants of the then-current Windows 7, for which Microsoft had, two months before the outbreak warned of the security vulnerability known as WannaCry and released security patches for it. Needless to say, the problem was with the users not keeping their Windows 7 computers on the latest security update. The root issue however was perhaps with Microsoft, together with its various hardware vender partners, for having commercialised a computer as a mere mechanical hardware, and for having reinforced such false belief over the years.

A computer consists of as much software as hardware. Hardware is the physical platform on which software works wonder. Hardware capacity is as such the defining limit to which what software could perform and how fast and efficient software could perform it. Distributed computing allows a task to be distributed by software on multiple hardware platforms. It is however mostly for enterprise uses. For most people and businesses, the limiting character of the hardware platform, along with our tendency to resort and to reduce to the first-order understanding of the physical, gives rise the hardware perspective, of viewing computer, similar to a motor vehicle, as a hardware of mere physical parts. Such perspective misleads people into neglecting the software component which, in this day and age where every computing device is connected, in one way or another, requires perhaps more security and performance maintenance than its hardware counterpart.

This long-developed and stubborn hardware perspective was perhaps one of the reasons that people left their computers open for a ransomware attack for which a security patch was available. Software developers of operating system or applications were well aware of this. It was however only after a few developers who had massive financial success with subscription pricing instead of the age-old purchase pricing that brought change to the picture. Such pricing strategy on the one hand reduces the initial commitment compared to purchase pricing. It also transforms the cost, from one of ownership to one of use, that is from capital expenditure (CAPEX) to operating expenses (OPEX) in business term, making the decision a much easier one to make, with much less resistant from Finance and other bookkeeping departments. Subscribers are guaranteed of latest feature updates for performance as well as security maintenance. On the other hand, such repeated streams of cash flow, of an amount that does not bat an eye to the individual users, together yield a reliable and consistent cashflow for the developers. Both Microsoft Windows and Apple macOS as well as most other software developers are either on subscription pricing or are migrating to it. With this novel commercial model, hopefully will come a change in the hardware perspective and that maintenance, security and performance, will be applied to both the hardware and the software which runs on top.