As I am sure some of the more technological mined people know not all the blame can be laid at Microsoft's door but just as certainly some of it can. Microsoft's unending quest for an operating system, rotten at its core, to be an ease of use operating system the doors that remain in the kernel core and DLL files are just as culpable as the user-base of it.
The new worm wreaking havoc on Microsoft Windows machines is called Cornficker (also known as Downadup and possibly other names as well) is a case of same old same old as far as the worm code is concerned as apparently it is a rework on some much older worm code base. So, why are we subjected yet again to an estimated 3.5 million Microsoft Windows machines being infected with a variation on a theme worm such as this Cornficker is?
There is one main reason why the infection is so quick and prolific and that reason is the general population not installing critical updates that became available as lng ago as last November. So, the blame game surely points at users. Yes? Well, yes and no. Yes because when Microsoft declares something as critical it is worse than that. They have regularly claimed some patch or other as being severe when the world plus dog knows it to be a very very critical hole indeed so when Microsoft say some patch or other it is critical then it is indeed very very deeply critical. No because if Microsoft did it right they would force ALL critical patches onto user machines and not even give the user a sniff about doing it either. There are those who claim such a strategy as that is open to abuse and that anyway Microsoft can't do this without the express consent of the machines owner as it could fall foul of various Laws governing remote access, and more importantly changing files on a remote machine which could be classed as hacking,
But those who create such a fuss about a forced installed patch are surely missing the point. For every one of those who complain about such a thing tens of thousands of machine get infected to create yet another botnet on the back of Microsoft's operating system. I have long held that the vast majority of compromised machines are compromised because of user incompetence. When I have build a machine for someone and at their behest installed a Microsoft operating system one of the first things I do is turn on auto updates. If, as is invariably the case, the machine comes back "because it is running slower now" the very first thing I do is check that auto updates are still set to on. Then I check the the virus and malware programs are still being run and still set to auto update their definitions files. Invariably it is these three things that have been turned off due to them "being an annoyance". So, that is a clear case of user stupidity and has nothing whatsoever to do with anything Microsoft may or may not have done.
So, in the end who should get the blame? Microsoft for not forcing such critical updates and patches onto people who know no better and also users for being stupd enough to turn off the very applications designed and installed to protect them from such things as this latest worm. Now, I have been building and using machines since before the very first IBM machines rolled into the general public view and, of course, I am acutely aware of user borne stupidity. For me though the blame lays half way between Microsoft and their users of.
One thing that is for sure over this latest mess is that once again Microsoft Windows, for all its stupid users, it shown to be the broken by design mess it really is.