Skip to content

EricN Publications

Publications by Eric Niewoehner

Menu
  • Non-Fiction
    • The Garden of the Gods
    • A God Thing
      • Rachel’s Prairie
      • Adolescent Meditations
    • Oakland
      • Old Buildings Can be Creepy
      • Food for Thought
      • Dust in the Wind
      • The Arc of Travel
    • Iconium
    • Thinking Out Loud
      • Stranger than Fiction — The Case of Mary Fulp
      • Social Security – When Will America Face Reality?
      • Is Juneau Running Out of Diesel?
      • The Volkmer Effect on Alaska’s Congressional Representation
      • The Tragedy of Russia
      • Are We In A Recession?
      • Where Does Inflation Come From?
      • The Mail-In Ballot Experience
      • The Debt We Owe
      • The Solution to Paying Off Student Debt
      • Student Debt: Are Colleges to Blame?
      • The Problem of Student Debt
      • Fighting Inflation – A Trip to the Grocery Store
      • Ukraine – Poland 1939 All Over Again
      • Broken: Is Public Education Beyond Repair?
      • Transparency and Critical Race Theory
      • The New Wave
      • The Pro Act and YouTube
      • Almond Abstract and the Pursuit of Happiness
      • Open Letter to Major League Baseball
      • Tribute to Rush Limbaugh
      • Why Parler?
      • Adults in the Room
      • The Invisible Hand
      • Transparency
      • Fake News Update
      • Solution to Fake News
    • Old Friends
      • The Ideological Origins of the American Revolution
        • Sources and Traditions
        • Power and Liberty
        • The Logic of Rebellion
        • A Note On Conspiracy
        • Transformation — From Reaction to Revolution
        • The Contagion of Liberty
      • The Road to Serfdom
        • Introductions — Or Before You Begin
        • The Road Once Traveled
        • Are You A Nazi?
        • Are You A Socialist?
        • Individualism
    • Lessons Learned
      • Change Management
      • Documentation — The Key to Continuity
      • A Lesson in Time Management: The “90% Rule”
    • The Pandemic Journal
      • When Does Ten Percent Matter?
      • Federalism — Or Intentional Chaos
      • Faith (Part II)
      • Faith
      • The Big Surprise
      • Teleworking
      • The Invisible Hand
      • Unbelievable
      • Rethinking Education
      • Perception
      • Selfie and the Mask
      • China
      • Strategic Globalism
      • Risk
      • Media
      • Unknowable
      • Home Schooling
      • Grocery Chronicles
    • When Few Were Watching
    • The Advent Conspiracy
      • What’s Missing
      • Cash Only Please
      • Worship Fully
      • Give More
      • Christmas — It’s a Tide, not a Day
  • Fiction by Eric Niewoehner
  • Technology Publications
    • Technology Blogs
      • A Play on Words
      • Spam Update — How to Avoid Spam
      • Facebook — A Sickening Feeling
      • Can PayPal Be Trusted?
      • Are You Ready to Rumble?
      • The Alaskan Congressional Rodeo
      • The Gift of Gab
      • Facebook – What Say You?
      • What’s Up with Parler
      • Out of Control? – Security Vulnerabilities in Control Systems
      • The Case of Lorie Smith
      • Facebook — Impersonated Accounts
      • The Case of Josh Renaud
      • SHAKEN, But Not STIRred
      • Can GoDaddy Be Trusted?
      • Ransomware and the Mechanical Pencil
      • Tracking Scams in Phone Messages
      • Disaster Recovery — The Case of Parler
      • Computer Vision Syndrome: CVS Update
      • Why Parler?
      • Computer Vision Syndrome
      • Passwords – the Gremlins of Cyberspace
      • Spam Filtering: Mastering Your E-mail
    • The Facebook Safe Space
    • Technical Documentation
      • Welcome to DOGland
      • Windows 10 and Computer Vision Syndrome
      • Sustainable Printing
    • The Tech Community
    • Introducing Substack and Locals.Com
  • Contact
  • About
Menu
A mechanical pencil

Ransomware and the Mechanical Pencil

Posted on July 10, 2021December 30, 2022 by Eric Niewoehner

The following article was first composed in July 2017. For some reason, I never published it. But upon reading it I realized it applies as much today as it did in 2017. Ransomware has bombarded computer systems throughout the US resulting in billions of dollars of damage to the economy. Ransomware dates back a decade, but it really came into focus in 2017 when several major systems were hit with a program called WannaCry.

I just finished remodeling our kitchen. During that journey I collected several mechanical pencils that had been scattered in sundry cups, drawers and boxes. I put them all together, recombined lead and erasers where I could, throwing out broken pencils. In the end I had about six different models of pencils, using two different sizes of lead, and sporting about six different kinds of erasers. My next step was to drop by the local office supply store. What I needed were specific erasers and .7 mm lead. As I beheld this menage of scriptura technology I could not help but compare it with the state of the computer operating system.

When will we realize that the operating system is not a matter of consumption, but of dependability? As it stands today, the desktop operating system is at about the same stature as the mechanical pencil – its useful until the eraser can no longer be replaced. Yet people depend upon it like it is the power grid.

The answer is clearly demonstrated in the outbreak of the WannaCry ransomware. It flourished on Windows XP, an operating system that had presumably suffered “end of life.” What that meant was that Microsoft would no longer be assigning its resources to patch defective software or security vulnerabilities. Like some of my mechanical pencils, no eraser was to be found.

What has surprised some people is that many big-name enterprises were still using Windows XP. From one source I heard that even the US Navy was dependent on Windows XP. How is it that such large operations as the British National Health Service, phone companies, car manufacturers and rail services cannot afford to keep up with the times? The answer is simple – “It is still needed.”

Microsoft was ingenious in designing an operating system that everyday folks could work with. People who did not live through the 70’s cannot comprehend the scale of this achievement, taking technology that was once the domain of geeks in lab coats and pocket-liners and placing it in the hands of people with none or little computer experience. But in creating such an operating system they created a monster, and Microsoft has made substantial revenues because of it yet is bedeviled by a curse. The curse is that it is highly insecure and they have endeavored since the days of Windows NT (1993) to create a secure operating system. In this journey they re-invented the operating system several times. Like the mechanical pencils, each version of Windows rendered everything from games to advanced radar systems obsolete.

Ransomware happens because some computer technologies are still required, such as anything with a 25-pin RS-232 Serial Cable
25-pin RS-232 Serial Cable

Take this example. My first encounter with the obsolete mechanical-pencil-O/S was while working in a medical school. Once in a while I would be asked to go outside my normal activities and help some poor soul with a very unique problem. They directed me to a lab that was packed with sophisticated equipment for chemical analysis. Mind you, this was in the days of Windows 98 and the Pentium processor. They pointed me to an IBM computer with a 286 processor. It ran on DOS 6.1. Behind it was a 25-wire RS-232 cable that connected to one of the analyzers. I raised my eyebrows and asked the doctor, “Ever considered upgrading to Windows 98?” His answer said a lot – “It only works with DOS. Want me to replace a $25,000 analyzer because a $50 serial card on a computer is not working?” They had tried Windows 98 and something was not compatible. I even tried to solve the mystery and discovered the incompatibility was embedded in one of those mysterious COM files. So back to DOS 6.1 to solve the problem.

Today I work on an enterprise network consisting of 45,000 workstations and about 3800 Linux servers. A million dollar investment in monitoring software was rendered obsolete. In this case it wasn’t totally the fault of Microsoft, but Java. For the sake of “security,” older versions of Java were no longer supported. The monitoring software was written in Java. In another case the remote console capabilities no longer worked after IE 11 was introduced. The remote console software had reached “end-of-life.” Yet the equipment they were designed to monitor was still in operation in an amazing 20 year run! One thing you can say about IBM hardware, they made it to last! Unfortunately, software is not designed so well.

This explains why some enterprises opted to remain with Windows XP. “End-of-life” for the operating system was not an option because it would entail end-of-life to mission-critical applications. Microsoft’s invocation of Windows 7 and Windows 10 have been enormously expensive for enterprises. I recall the seismic changes we encountered moving from Windows 98 to Windows 2000. It was an entirely different paradigm. Granted, Windows 2000 was a step in the right direction and Windows XP was a decent platform, it still required a massive investment in training. Windows 2000 required us to re-invent deployment procedures, required new versions of security software, and broke the configuration controls we had built into Novell’s ZEN tools. Needless to say, it happened again when Windows XP rolled out. And I haven’t the space and time to describe what it did to all the underlying applications. Every enterprise has unique challenges. The return rate of investment in some technologies is in decades. EKG monitors, for example, are quite expensive. Does it make sense to throw out a quarter million dollars in medical technology because the operating system needs to change from Windows XP to Windows 7?

Yet we are still being cursed by ransomware and other viral events because we still have an operating system that runs on the same marketing strategy of the mechanical pencil. Like this pencil? You buy it, you love it, and you keep buying the lead and replacing the erasers until one day the replacements are gone. Throw it out and get another. Except in the world of computers, it isn’t that simple because not every operating system is supporting word processors and games, but medical monitors, chemical analyzers, railroad control systems, and environmental controls. Combine this perspective with the lack of perspective of the NSA, you get a disaster. There is a theory out there that WannaCry was born from the bowels of NSA. The discovered the vulnerability in Windows XP and failed to disclose it. Instead, the kept the vulnerability a secret. The code leaked out to the wild and criminals ran with it.

Linux Penguin Logo

The solution is for operating systems to grow up, along with programs such as Java and browsers. They need to discard, or at least considerably lengthen, their idea of “end-of-life.” Enterprises need to realize that if they are going to invest and use technology over a ten to twenty year period, they better stay away from Microsoft. Windows is a mechanical pencil: practical, easy to use, but will soon have an end-of-life termination. The alternative is an O/S that is scalable and respectful of the older technologies that still depend on it. That O/S is Linux. It makes me wonder if the day will come when the Linux philosophy extends to on-board computers in cars, medical monitors, transportation and industrial controls?

Update in July 2021

The year 2021 may go down in history as a turning point in IT security. Ransomware struck at one of the vital energy supply conduits when it paralyzed the fuel pipelines run by Colonial Pipeline Corporation. Several other operations were hit subsequently. People wonder how this could happen. Unfortunately, mainstream media is not very good at providing specifics. There are usually vague references to “phishing”, the need to “update your software” and “maintain data backups.” How is it that large operations like Colonial Pipeline seem so vulnerable?

As the article explains, “updating your software” is not always as straightforward as you would think. For most of us on our home computers, a Windows upgrade may only affect us when we see our old computer games no longer work. The same, when applied to a business enterprise, can be just as devastating as a ransomware attack.

The solution is not all that simple. On the one hand, moving critical desktops over to Linux may be one step to consider. The Linux operating system is substantially more backward-compatible and provides a stable platform over decades of operation. Another solution is to isolate at-risk technologies by simply removing them from Internet access. This was done in the hospital where I worked and the same can be applied to other applications. This could have been a consideration in the management of the Colonial Pipeline attack.

Beyond question, the most at-risk systems in regards to ransomware are the average, everyday computer workstations. All ransomware attacks come over the Internet and most are delivered through “phishing” ploys, often highly sophisticated and socially engineered to fit into the workflow of the victim. There is no excuse for these systems to NOT be using the latest operating systems. They should be all current in regards to updates and anti-virus indexes. The software needs to be current. Almost all malware attacks have one common denominator – a vulnerability in the operating system or in application software. As far as criminals are concerned, these exploits require that systems be weeks, if not months, behind in upgrades.

Applications that can only run on old operating systems or programming platforms must be isolated from the Internet. For that to work, we may have to go back to the 1990’s and explore an interesting possibility. That I will save for another article.

As we move from Windows 10 to Windows 11, it is interesting to see the early reviews and once again hearing of issues that beset previous versions of Windows. Some hardware is rendered incompatible and some programs fail to run. That leaves computer users unable to upgrade and eventually exposes them to malware. Looks like it is just one more click of the mechanical pencil.

© Copyright 2021 to Eric Niewoehner

Read More Technology Blogs

Share on Social Media
twitter facebook linkedin emailtelegram

Related

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

EricN Publication Logo
  • Facebook page for EricN Publications
  • LinkedIn page for EricN Publications
  • Twitter page for EricN Publications

Recent Posts

  • Facebook Phishing — Have You Been Hooked?
  • The Garden of the Gods
  • A Lesson in Time Management: The “90% Rule”
  • Documentation — The Key to Continuity
  • Stranger than Fiction — The Case of Mary Fulp

Trending Posts

Historical Top Reads

E-Mail: A Method to the Madness
Welcome to DOGland
Sustainable Printing
Computer Vision Syndrome
Non-Fiction
Spam Update
Technology Publications
Oakland
The Advent Conspiracy
Technical Documentation

Categories

  • A God Thing
  • Advent Conspiracy
  • Alaska
  • Bernard Bailyn
  • Documentation
  • Economics
  • Education
  • FA Hayek
  • Facebook
  • Faith
  • History
  • Lessons Learned
  • Life
  • Missouri
  • Non-Fiction
  • Oakland
  • Old Friends
  • Pandemic Journal
  • Politics
  • Security
  • Social Media
  • Tech Blogs
  • Technology
  • Thinking Out Loud

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • September 2021
  • August 2021
  • July 2021
  • April 2021
  • February 2021
  • January 2021
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • November 2018
  • August 2018
  • April 2018
  • February 2017
  • November 2016
  • October 2016
  • July 2016
Copyright Notice

All articles are copyrighted material from Eric Niewoehner.

  • Facebook
  • LinkedIn
  • Twitter
© 2023 EricN Publications | Powered by Minimalist Blog WordPress Theme