Post by David Turner
I, as I'm sure you all do, get viruses emailed to me (or attached) or
malicious crap being sent all the time.
I run centos on pcs here. When I double click on an attachment (just for
fun) it asks me what I want to do, open the file (and then I have to
choose an app with which to open it) or save it.
CENTOS/UBUNTU/DEBIAN MINT are all free. What the hell is the NHS
thinking? I know they have Redhat servers there. Why oh why would anyone
choose to use MS$???
The NHS applications/interfaces are all web-based from what my ex
bro-in-law told me.
Post by Bill Gunshannon Post by Paul Sture Post by V***@SendSpamHere.ORG
... and I thought NHS was on VMS. Colin???
At least some of it was/still is, but this particular nasty is attacking
Windows workstations, of which the NHS has plenty.
Apparently Microsoft have issued a relevant security patch for Windows XP,
If it were only attacking workstations they would not have lost all
their data to ransomware. Sounds like servers, whatever they are
running, are getting hit, too.
Your information is incomplete (at best).
To begin with, NHS IT is not a single uniform
empire across the UK, even where IT hasn't yet
There are browser-based apps, but the chances of
them *all* being standards-based vendor-independent
apps are approximately zero (IE6 is still required
in some places, allegedly).
The general concept of using open standards for
safe cost-effective interoperability (let alone
open source) is largely unheard of at senior level.
Big vendor-supported consortia seem much more likely
to win projects (and then repeatedly fail to deliver
Why is it this way: beancounters and lawyers in
senior 'managament' is a large factor. Clueless
beancounters have believed the vendor (and IT
manager) hype that a Windows setup is not just
cheap to buy, it's cheap to run.
Maybe it might be cheap to run if some other
suckers are foolish enough to repeatedly pick up
the costs of failure, as seems to have happened
so far (not just in the NHS, not just in the UK).
Which leads to lawyers. Lawyers involved with
procurements like to have someone they have heard
of that they can sue. Some people like to have
pieces of paper like SLAs too.
Whether anyone's successfully sued a Windows
'solution provider' (or any other vendor) is left
as an exercise to the reader. Same goes for the
value of the SLA (vs the cost and value of
competent design and delivery).
MS in the UK have historically had strong contacts
at various levels e.g. up to Cabinet Office, and
have succeeded in playing a major part (directly
or indirectly) in major projects such as NPfIT
(NHS Programme for IT, later renamed to Connecting
for Health). Open standards and open source rarely
figure in this picture any more.
MS and others manage to achieve this commercial
success despite a record of repeated failures, as
do many other private and public sector IT
suppliers. It's helpful at the procurement stage
to have a big name and big bank accounts (BT,
Are dodgy attachments all that relevant in
the big picture? When a "specially crafted
JPG file" can be used for either or both of
unauthenticated code execution and/or local
unauthorised privilege escalation (and there
are *lots* of those around, known and unknown),
you don't really need people to click on
dodgy attachments with embedded macros and
such (or even just PDF attachments) for
systems to be attacked.
Have a lot of fun.