maddogdrivethru.net

Standard practice is to have periodic backups of a system and to have at least two copies at all times, but preferably 3+. The backup process typically involves checking for file consistency (is the copy over here different than the copy over there?) and does not generally involve any elements of the OS, which is to say: you have two-plus copies of the OS on different drives in different locales (and preferably in different regions even). The backup systems have heightened security and restricted access . . .

I've had only one systems admin course and one OS course so I'm definitely no expert, where as the guys that made the malware almost certainly ARE experts. But I suspect that, depending on how this malware works, failing to follow best practices and/or taking short-cuts on best practices is probably a major contributing factor to how it gained a foothold.

With an "ideal" Active Directory setup, the malware would have to not only infect the OS on its initial target machine (which in itself might have been thwartable with better practices), but it would then have to fool the consistency checking and backup process AND manage to infect the backup OS, which would likely mean doing things that the infected OS never did in the first place.

One thing is good to know, NHS is still using Windows XP for economical reasons. How wise that is?

More because of dumb ass reasons. Windows 7/10 isn't expensive. Having someone with the brainz to actually manage the install though, is hard.

I dunno about the NHS personally but I do know a bit about local government IT systems, and they are shockingly bad, as IT departments in the public sector are run by idiots or bureaucrats, but never techies.

Ah it hadn't even dawned on me that they were using an older OS. Most likely it is Windows Server 2003 (which was introduced shortly after XP and incorporated some of XPs improvements, and is more or less the concurrent server OS to the XP era).

There is a distinction between client OS and server OS in Windows (not so sure for Linux).

For example: all the terminals and work stations at NHS might be running Win XP, but the network would have it's own OS which runs the server(s) which the "client" machines interface through. When malware manages to attack a specific enterprise like NHS then it must have breached not only the client OS but more importantly the server OS (in fact, it might even be possible to skip attacking the client OS altogether depending on the method of introducing the malware).

Assuming that Nero's comment about NHS "using XP" is accurate (meaning that many or all client machines run XP) then it may well be that the server systems being used were of the same vintage, i.e., Windows Server 2003. If that is the case, then yeah: that would pose a very serious security weakness.

Windows takes a lot of flack (much of it justified) for constantly putting out new OS; but in truth there are often good reasons for it, as older OS were discovered to have serious flaws like security weaknesses. I still use Win 7 myself and don't intend to change for my personal machine. Win 10 seems to have been received with a lot of fanfare by most and a lot of criticism by some (mostly having to do with the UI), but I've heard more than one expert whose opinion I respect say that Win 10 is the most secure client OS yet. I'm not sure if that applies to the concurrent server OS (which I believe is Windows Server 2016) but it would certainly make sense, given that the client OS is largely designed "from" the server OS or at least to articulate with it effectively.

At least since Windows Server 2012 (the server OS that I'm familiar with from the one "network admin" course I finished) it is possible (and this is a somewhat foggy memory from about a year ago when I was taking the class) for client machines to be using a variety of client side OS, even (if memory serves) non-Windows OS (which is important in many industrial circumstances where robots, assembly line mechanisms, cash-registers, etc., might be running some strange niche OS). So, it is possible that . . . even IF most or all the NHS client machines still use XP, that the server OS is in fact the most up-to-date (or at least 2012 or later).

On a 2012 Active Directory (and possibly even since 2008) a network might have a mixture of client machine OS, but I think XP might be the oldest compatible.

or better yet..an actual air gap between the front line system and the back-up. Part of the problem I think is the complexity and demand for 24 hr a day access for an electronic medical record. Critical lab results and x-ray results for example have to be up to date by the minute or there is chaos. Ditto order entry for meds.

Even worse, the x-ray/MRI database is usually a proprietary thing that has to liason with the main EMR. Ditto lab results which are often managed by a contract lab with its own system. Ditto billing which is, believe or not, often DOS based.

Then you have add on software that Medicare essentially requires and it is a real nightmare. Often there are liasons with outside electronic record systems for the physicians so they can get results in their offices or even write orders or notes remotely.

All you need is interruption for 1 day and a big hospital can loses tens of millions and piss off all the patients and doctors who then might go elsewhere.

And that is why a senior network admin literally IS GOD!

On some techie board I was reading recently I encountered a new term: BOFH "Bastard Operator From Hell," who might also be referred to as "hacker in the making."

Well, not assuming anything. If You Still Use Windows XP, Prepare For the Worst. And NHS meets the challenge.

Sad, but true.

Hopefully this is old news: America's feared nuclear missile facilities are still controlled by computers from the 1960s and floppy disks

But then Mail is not reliable source.

But having nuclear missiles controlled by 8¨ floppies is kind of cute.

Positive side is that nuclear silos can not be hacked.

Sort of like the "Battlestar Galactica" solution to the malicious cylon: unplug ALL the computers!