Unless you have been on Point Nemo for the weekend, you are probably aware of the biggest ransomware outbreak in history: WannaCry. Like any other ransomware, WannaCry could have been avoided by adopting two simple best practices:
- Keep your operating systems up-to-date
- Take backups regularly
IT professionals have always recommended these best practices. However, there is an increasing number of people who justify disabling automatic updates. I call these people anti-updaters.
Anti-updaters are particularly active among Windows users. They usually claim that Windows Update’s interruptions are impairing their productivity.
While I understand that Windows Update can be annoying, its interruptions do not justify turning it off. For instance, Microsoft released the critical MS-17-010 patch that addresses the vulnerabilities exploited by WannaCry two months ago. This means that the PCs infected by the ransomware were at least two months behind with patches. Automatic updates would have prevented many of these infections.
I tried to argue with an anti-updater. I suggested that her tutorial for turning automatic updates off on Windows 10 fosters an irresponsible behaviour. The following is an extract from the conversation:
Anti-updaters such as @geeklil at @CNET are no different from anti-vaxxers—they should be banned from the IT industry. #WannaCry https://t.co/1eNmfwNX0i
— Alessandro Rossini (@alerossini) 13 May 2017
@alerossini @CNET LOL. You guys, um, know that you can update software manually, right?
— Sarah (@geeklil) 13 May 2017
@geeklil @CNET IT professionals do, but most people either don’t know or don’t care.
— Alessandro Rossini (@alerossini) 13 May 2017
@geeklil @CNET Disabling automatic updates is among the primary causes of the spread of ransomware. That’s why your article is dangerous.
— Alessandro Rossini (@alerossini) 13 May 2017
@alerossini @CNET This is a how-to piece. I don’t know what to tell you aside from “don’t read how-to articles as advice.”
— Sarah (@geeklil) 13 May 2017
@geeklil @CNET That’s a flawed argument. Your article does foster irresponsible behaviour among the non-techies.
— Alessandro Rossini (@alerossini) 13 May 2017
@alerossini @CNET Nope. CNET is for both techies and non-techies.
— Sarah (@geeklil) 14 May 2017
@geeklil @CNET The fact that CNET is also for techies does not respond to the argument that your article fosters irresponsible behaviour among non-techies.
— Alessandro Rossini (@alerossini) 14 May 2017
@geeklil @CNET That’s a logical fallacy of avoiding the issue: when an arguer responds to an argument by not addressing the points of the argument.
— Alessandro Rossini (@alerossini) 14 May 2017
@alerossini @CNET Every article written isn’t for every person. I’m not really sure what you want me to do about that.
— Sarah (@geeklil) 14 May 2017
@alerossini @CNET Now, if it were a piece *advising* people to turn off auto-updates, you’d have a point. But it’s not.
— Sarah (@geeklil) 14 May 2017
To me, this way of arguing is problematic, as it spreads misinformation about automatic updates. Like scientists are fighting against anti-vaxxers, I believe it is time for IT professionals to fight against anti-updaters.
We may not have seen the full extent of the WannaCry attack, as the ransomware may spread again when people go back to work on Monday morning and turn their PCs on. Perhaps individuals and organisations will learn the lesson this time. Nevertheless, I hope you will join me in this campaign to stop people from disabling automatic updates, regardless if they are techies or not.