Sounds like an extreme statement, right? Well, not according to some people in some undisclosed US hospitals. Their machines running Windows OSs were infected with Cornficker . I can understand how they felt. Patching systems which are running critical software is always trouble. I’ve been in this situation so many times. A web server running an electronic claim server software, another one running an inventory management software, or a machine controlling an MRI device.. You name it. People in charge of these machines know that in case something goes wrong due to upgrade process, they are in big, big trouble. So they say: “don’t fix it if it is not broken”.
Of course this argument goes out of the windows when a worm takes the control of the machine. That’s hell on earth. I won’t go into windows bashing here, since the penetration rate of MS in operating systems makes them such a huge target, that it is hard to miss it in case you want to throw something at it. (don’t read this as it is not MS’s fault).
In old times, worms were not such an important threat, since an IT department which takes its job serious would be enough to disconnect the network from the rest of the world. Now all systems are either being built or re-engineered toward connectivity, and we have a problem. Sometimes I feel glad that I’m not running a production system anymore, at least not for the last two years or so.