Schleswig-Holstein, Germany’s most northern state, is starting its switch from Microsoft Office to LibreOffice, and is planning to move from Windows to Linux on the 30,000 PCs it uses for local government functions.
Concerns over data security are also front and center in the Minister-President’s statement, especially data that may make its way to other countries. Back in 2021, when the transition plans were first being drawn up, the hardware requirements for Windows 11 were also mentioned as a reason to move away from Microsoft.
Saunders noted that “the reasons for switching to Linux and LibreOffice are different today. Back when LiMux started, it was mostly seen as a way to save money. Now the focus is far more on data protection, privacy and security. Consider that the European Data Protection Supervisor (EDPS) recently found that the European Commission’s use of Microsoft 365 breaches data protection law for EU institutions and bodies.”
The idea that a state government is unnecessarily at the mercy of any corporation is hard to comprehend. Especially, as in this case, a foreign corporation.
Open source shouldn’t only be the standard for governments. It should be the minimum requirement.
IMO it should be further than that.
Open source software is, more often than not, used as digital infrastructure.
Governments around the world should absolutely be investing in open source software and actively contributing to it.
They do. https://code.mil/
There is a FSFE campaign that claims all publicly-funded institutions should only use Free Software.
Good, we need to stop supporting products that try to strong arm you into a perpetual subscription.
If governments actually employed most of the development teams who build their services, and cut out most of the private middlemen consultants, managers, sales staff etc they could 1) build an engineering and cybersecurity capability without surveillance capitalism, focused on data security and privacy 2) save money 4) create productivity multipliers by unifying and sharing code for common functions across governments around the world 5) return our tax dollars to us through FOSS software that benefits us, instead of enriching big tech corporations who are already richer and more powerful than most nation states.
For example, covid tracking apps — instead of every dumb cunt government paying tens/hundreds of millions for consultants to reinvent the wheel or reskin someone else’s code, they could have had in house devs coordinate common FOSS codebases and collectively saved 80+% of the cost. This is the same for most standard or common services using bespoke or proprietary software and systems.
Politicians are criminally corrupt idiots though, so they’ll continue enriching big tech and surveillance capitalism at the expense of civilisation.
If governments actually employed most of the development teams who build their services, and cut out most of the private middlemen consultants, managers, sales staff etc
You mean this? They’ve been working on it for a while, this is about adopting stuff they’ve already done.
For example, covid tracking apps
Germany’s is open source. Developed by Telekom and SAP, most of the money didn’t go towards development (it’s simple enough of an app, after all) but infrastructure and end-user support. You can’t just tell random FLOSS people to deal with 80 million DAUs.
Yes. I’m aware there are a few who appear to be moving in the right direction, but I have strong doubts it’ll become more than an outlier.
You’ve got my vote
Example: https://www.theregister.com/2024/04/05/local_council_tech_struggles/
Maybe if they collectively owned a software company it would be more responsive.
Let me tell you a story about proprietary software:
The German police force have a contract with a software firm that wrote their program to file and archive emergency calls. Basically just a form that goes to a database. Now, one day, an update got pushed. The problem with that update was that the hotkey for quitting out of the current form (q) now also fired when inside an editing field. The software firm did not acknowledge that as a problem and it took months of complaints to fix and it cost the taxpayer around 300,000€ in “maintenance fees”.
As someone who works with government agencies as a software developer: they are absolutely awful.
You’ll get no specification at all, those you do get will change at least three times and every stupid little decision needs at least 20 people from different states, cities or agencies to agree.
Yes, the bug is pretty bad, but I’m also very sure that what you’re describing is not the whole story.
That bug should have been a hotfix. Or a rollback.
You never worked with bureaucracy, did you?
From a technical standpoint, you are absolutely correct, but reality and bureaucracy don’t always match.
I’ve had instances, where we had glaring holes in our security, but were not allowed to fix them, because the datacenter (operated by a public agency) only does deployment in a fixed schedule.
I’ve had officials of some sort who wrote in the contract, that each and every change has to be on the staging environment for at least one week for testing and signoff.
It’s absurd and stupid, but realistically, you often can’t change it.
I did, that’s why I’m talking about it.
In my experience, what you say is absolutely true, but glaring bugs like that are deployed as a hotfix.
That’s one of the reasons why dataport (who are going to do the migration as the state’s IT consultant / dev house) was founded in the first place: So that IT can work like IT does and not be beholden to bosses who think in bridge construction terms in one place, and tax collection terms in another. Now those bosses are mere clients of an inter-state agency that does nothing but IT, and IT can speak with authority when it comes to IT matters.
That won’t change a thing, unfortunately.
My employer currently works with a bunch of agencies and I’ve been involved with some of them. I can deliver the best product ever with the best process and lightning fast deployment - if the client doesn’t get its shit together, you won’t deliver on time/in budget.
Anecdote I’m currently part of: an agency bought a new app, we’re 98% done, we could go live on Tuesday. But there’s one agency/department/guy (I seriously don’t know) who has to confirm that the data of our staging system reached their system and was processed correctly. This agency however doesn’t react. At all. And because it’s something like 5mm outside of the jurisdiction of the agency that is our direct client, there’s nothing we can do. So the system is just sitting there waiting.
I could go on and on. Dataport is a good idea, but if all their clients are overworked, understaffed or straight up incompetent, there’s not much they could do.
But there’s one agency/department/guy (I seriously don’t know) who has to confirm that the data of our staging system reached their system and was processed correctly.
There’s no “their system”: The boxes under the desks of civil servants are managed by dataport, talking to backend infrastructure managed by dataport.
If there’s some new administrative procedure agencies or ministries want their civil servants to do and it can’t be implemented because it’s under-specced or just incoherent then dataport gets to send that spec back saying “fix your shit”: It’s not like the agencies have a choice in who’s running their infrastructure. The tax office can’t do jackshit if the fire inspector doesn’t like their new plans either. If things are implemented as specced and people complain and want a rework then dataport can say “well it’s your budget, not ours”. If they do that all the time at some point the court of accounts will take them aside for a polite conversation. Just this one thing, making IT external to whatever it is that the agency is doing, provides lots of accountability.
That is: The solution isn’t so much to eradicate bullshit but to make sure that it stays in the silo where it got generated.
but if all their clients are overworked, understaffed or straight up incompetent
I think you don’t understand. It’s not about “physically reached the machine under the desk” it’s “was processed correctly by a system”. Operations can only tell if a technical error occurred, they have no idea what the data is supposed to look like. So dataport can do jack shit.
IT de facto already is outsourced, there’s hardly any internal IT left, simply because the pay is shit. I’d get at least 1k less after taxes if I’d do the same work for the agency, not a contractor.
And if you think his joke is funny in this context, it’s not. I work with these agencies everyday. They are structurally broken, but most people there are really passionate about what they’re doing.
This isn’t going to happen.
This headline comes up every year that it’s time for the government to negotiate contracts with Microsoft. Once they get the best price they think they can, they will accept it and issue a news release that “we’re staying in Windows after all”.
It’s lame, but it’s what is going to happen.
I remember some city in Germany actually doing it some years back and then eventually giving up and switching back.
googles
It’s a little unclear exactly what software was and wasn’t switched, but sounds like it’s Munich, and now they’re back on LibreOffice again.
By 2006, the city had started a concerted effort to move away from Microsoft products and onto Linux. Fast forward to 2013 and 80% of all workstations in the government and related organizations were running LiMux. However, Microsoft’s Windows and Office services were still used.
As we reported back in 2017, the government made a controversial decision to abandon open source and return to Windows.
A newly elected government in Munich, Germany has said it will aim to use open source solutions in its offices. In doing so, the government is moving away from Windows and Microsoft Office despite committing to the products several years ago.
https://en.wikipedia.org/wiki/LiMux
LiMux was a project launched by the city of Munich in 2004 in order to replace the software on its desktop computers, migrating from Microsoft Windows to free software based on Linux.[citation needed] By 2012, the city had migrated 12,600 of its 15,500 desktops to LiMux. In November 2017 Munich City Council resolved to reverse the migration and return to Microsoft Windows-based software by 2020.[1][2][3] In May 2020, it was reported that the newly elected politicians in Munich, while not going back to the original plan of migrating to LiMux wholesale, will prefer Free Software for future endeavours.[4]
EDIT: I guess I should have just read the other comment responding to the parent, which mentioned Munich.
Amd just after Munich announced it will go back to Windows, Microsoft decided to move its German central to Munich. What a coincidence.
Munich did exactly that in 2017, so let’s see how far Sleswig-Holstein is willing to go, hopefully they won’t be falling for Microsofts sweet talk.
The reason Munich switched back to Windows, when users were just fine working with Limux, was a corrupt politician who ordered the return to windows, probably pocketing a hefty bribe in the process.
Source?
https://www.zdnet.de/88202452/stadt-muenchen-erwaegt-abkehr-von-linux/
The article from 2014 explains how this was mostly a political quarrel, with a former administration transitioning away from Microsoft (which as a US corporation has no business in any government administration of another country), and the conservatives pushing (under a “social democrat” mayor, admittedly) to go back to MS against technological advice.
Im Stadtrat hingegen steht den Berichten zufolge eine fraktionsübergreifende Mehrheit hinter LiMux. Bettina Messinger, Sprecherin der SPD-Fraktion für Personal, Verwaltung und IT, sagte Heise Online, dass man keine neue Haltung zu dem Thema habe. Sie bezeichnete die Umstellung auf Linux als „mutige Entscheidung“. Kritische Stimmen und Beschwerden seien im EDV-Bereich nichts Ungewöhnliches. Man müsse LiMux und das Umfeld nun stetig verbessern und nutzerfreundlicher gestalten. Unter anderem sei dafür mehr IT-Personal in der Verwaltung nötig.
Auch die CSU-Fraktion unterstützt LiMux weiter. Deren IT-Experte Otto Seidl nannte Schmidts Kritik „eine sachfremde Einzelmeinung eines Juristen“. Die Grünen warnen Heise zufolge vor einem „teuren Schildbürgerstreich“, sollte die Stadt zu Microsoft zurückkehren. Demnach wollen die Abgeordneten in einer Ausschusssitzung klären, woher die Beschwerden stammen.
In other words: the “manyfold complaints” were an “ad populum” argument without sources and were most likely made up.
!remindme 1 fiscal quarter
This is the sexiest thing Germany has done since that German couple that drives the Porsche in Super Troopers.
Good!!! I hope other governments follow.
Good. Now, you want to make a bigger impact? Do the schools.
This might actually happen in Germany
Unrelated to the question but on the picture:
The AI nicely drew a german city but … put the naziflag on the ships Rather than the current german flag.
Why is that image even there? It’s not in the original article unless my adblocker is removing it for some reason.
EDIT: before anyone states the obvious, yes, I know how OG metatags work. What I’m asking is why would they chose that particular image, with the penguins and all, to accompany an article like that, and not, say, just a regular stock image of a German city?
Even stranger, the filename in the URL implies that this was potentially even intended: https://regmedia.co.uk/2024/04/04/shutterstock_kiel.jpg Almost makes me wonder if some intern put an AI image there for shits and giggles to see if anyone notices.
Finally, where exactly do you see any Nazi flags? All I can see is a red, white, and black livery, which ARE the colors that the Nazis used, but not in that arrangement. There are no swastikas anywhere (as far as I can see), so it seems as if this rather the flag of the German Empire, which also used the same colors, but predates the Nazis by a good 60 years.
A stock image of Kiel is really not out of place for an article about Schleswig-Holstein, it being our capital and all. It’s also a fleet base. And you can find vaguely similar towers there.
What doesn’t make sense is the rest: The penguins, the what galleons I think with Imperial livery, Schwarz-Rot-Gold in combination with Imperial livery, what looks like a Lübeck flag (of all cities!) but rotated, and whatever the other flag is supposed to be. This is Kiel’s flag, for reference. Oh: Half-timbered houses. Those look like copy+pasted out of Swabia or something.
Okay but the penguins do make sense, right? Penguins are like the mascot of linux
Penguin, singular. Also none of them are fat and content enough to be Tux but fair point, that’s probably how they ended up there.
Its a meta property in the HTML. Viisible to software, but not shown in the article.
Afaik, it was the flag of the Third Reich from 1933 to 1935 (so before the Swastika flag).
It’s actually way older. It appeared first as official flag in 1867 for the north German federation, was adopted in 1871 to be the flag of the German Empire and was no longer in official use in1919 (albeit nationalist groups kept using it).
After that, you’re right.
More Info here: https://en.m.wikipedia.org/wiki/Flag_of_the_German_Empire
Or more noticably all the southern hemisphere penguins
Wasn’t it Munich who did that a few years back, only to backtrack sometime later?
Yes, it was Munich. And all things considered it worked quite well for a while.
After a while AFAIK the then new mayor called himself a “Microsoft fan” and tried to get Microsoft to build their new German HQ in Munich. So I am pretty sure there is no connection whatsoever between canceling Limux and switching back to Windows and Microsoft building a huge campus in Munich Freimann…
I fully expect this to get backtracked almost immediately. From my experience most government employees can barely handle a browser upgrade with a UI change, and they will 100% throw a collective fit if their Word and/or Outlook goes away.
It’s not just office, SH and many other parts of the German government have been slowly replacing the entire O365 suite with OpenDesk, which is an open source product based on Matrix, Jitsi, LibreOffice, and a few other tools.
The goal is to have a fully integrated solution for calender, chat, calls, documents, cloud storage, etc.
My employer is developing parts of that solution and we recently switched our internal communication over to it, and tbh, it’s working really well.
Now is the perfect point in time to do it, with the GDPR ruling regarding O365 and Microsoft fumbling the migration between old teams and new teams.
You are right. But what epic dunces.
Employer could pass the savings onto the staff with a payrise though.
“Staff who learn to use these new Linux applications will receive a bonus/payrise. Staff who do not will go to corner and wear the special hat”
I think trying to sell a switch to opensource as a saving is wrong on two counts…
Firstly it just sets the platform up for hatred. “We know you guys like expensive wine at the Christmas party, but this year we decided to get cheap-but-still-ok wine! Yaay, go team!”.
Secondly, any savings should be poured straight back into training and support. Users should be able to ask dumb questions like “how do I create a new word document” and get a more or less instant response.
Eh, it’s civil servants. They’ll be sent to training, if it turns out they can’t be trained they’ll have choice between quitting or working where their qualifications suffice. Have them walk dikes to find rabbit burrows if need be.
Which is good, since M$ Office is still one of (if not the) biggest security holes in all of software due to its macros and how no one uses them securely.
Also also doing things the OS way will lead to less changes in the long run since Microsoft can and will change their layouts as they please, but a well maintained FOSS-fork can stay one way indefinitely.
I genuinely hate AI art
This one is terrible because it’s like a montage of a penguin colony over a generic historic painting of a port city. Very little creativity and quality control. I’d just combine some actual photo of the Kiel port and penguins jumping out of water. (Not necessarily these two)
What you actually want is a nice picture of either a market place or seafront promenade and a fat and content (as usual) Tux munching a Fischbrötchen
Cool but that would require some cultural awareness, and the reporters cannot be bothered.
Cool but that would require some cultural awareness, and the reporters cannot be bothered.
You mean collage? I agree. I think your suggestion would work best if it was also made to look like an obvious collage. If it was accurately photoshopped to look like the penguins were actually there it would look silly.
Right? The rash of AI images used in journalism is genuinely troubling. It seems like at least 50% of news article thumbnails I see are AI these days.
And, like…are those penguins in the back cheering with human arms? Is that an orca jumping out of the water? What the fuck is going on.
Damn I didn’t even notice. Guess I don’t really look at the pictures.
I wonder what they will choose for their base. I was surprised LiMux was based off Debian since Suse is headquartered in Luxembourg City. I personally would welcome a large organization choosing Suse products as we need more competition for RHEL (which would be a huge boon in productivity since we won’t need like 3 projects to spend a decent amount of time repackaging RHEL).
According to an old interview, pretty much whatever: They’re saying “five big distributions are suitable”.
They’re starting the switch with apps, not the OS. From a technical POV it’d be nice to see NixOS as it’s devops / managed deployment heaven. It also happens to be European and, just like Debian, it’s a community distro.
For a project of this size, doubly and triply if it gets even more states as users, it absolutely does make sense to have your own release channel, have a team working on nothing but pushing patches (security and otherwise) onto an LTS branch and upstream as well as integration testing for the precise desktop you’re shipping to users: The states are paying them to support a desktop, not an OS to run whatever on.
Nix does have an interesting package manager.
The states are paying them to support a desktop, not an OS to run whatever on.
Don’t they need money to fund both aspects? Is there any support to lean on someone goes with Nix?
A lot of governments in the US pretty much go through Microsoft for simplicity. There’s a lot of software obtained from a single vendor. I suppose that’s why rhel is so popular.
Dataport is big enough (5200 employees) to support that kind of thing themselves, and they precisely are the single vendor for the participating states (it’s an inter-state public corporation). More than twice the employees Suse has, quarter the size of RedHat.
Good to know. I did not realize that this team was this large. I hope it works out.
Redhat and Debian are separate projects, tmk.
I don’t know if you understood my original post, it was too get an alternative to an enterprise distro with vendor paid support. In this regard the alternatives to Debian are more OpenSuse and Rocky, not RHEL (this is not a comparison of quality).
Yeah, the other alternative would be to set up a consultation company that is based around Debian. I guess that is what Dataport is supposed to be then, the support. It’s s different route but still works.
Switching to an open-source project is easy, but the concern is more about the context in which they are used and how long they will persist in using these. It might be more convenient for the government to initially try Linux for some pilot projects that require less human intervention. This is because I’m not sure how familiar civil servants are with Linux and LibreOffice. On the other hand, open-source projects don’t provide after-sales services and may have technical or compatibility issues. It requires time for them to get accustomed to them.
According to the article,
- They are also migrating backend infrastructure such as emails servers etc.
- They already have Linux migration experience in some German states as well as the current proposer.
- Companies such as RedHat, Canonical and OpenSuse do offer enterprise level support. So open source software doesn’t have “after sales” support is a myth.
- They say that the goal of the migration is privacy and security, no necessarily cost driven. They may very well be prepared to pay a premium for enterprise level support.
- They have already identified compatibilities issues in their previous project. They got them because they mixed Windows and Linux, the article says. That’s why they migrate everything to Linux this time.
Your clarification helps me understand their swtiching. Thanks 👍
They’ve thought about that too, and see training as vital where others before them have failed. Also OS and programs will look somewhat similar to what users are used to, from what I can recall.
Producing documents or e-mails can’t be that functionally different, right? Many don’t need much more than that. However, I could see integration of third-party software as a challenge, but one that in most cases could be easily overcome.
Producing documents or e-mails can’t be that functionally different, right?
If you do complicated stuff in docx and then try open it in something like Libre the formatting will be interpreted differently.
Source: I partly create forms for templats in Libre/OpenOffice at work.
I wish my country would also stop subsidising M$ and transition to Linux as well.
Yeah for the simple stuff LibreOffice will be just fine but for anything complex like mail merges and such it’s probably going to require a lot of work re-doing things.
When someone uses a text editor like LibreOffice, whenever someone mentions complex tasks, I’d imagine writing a thesis, a series of books, a big ass report or the like. Mail merges sound like something another app should do…
Yeah LibreOffice will do things like mail merges, but I mean it will probably require relearning the process. It will be different than the process they used with MS Office.
If you just porting over simple things like letters and simple documents you should be able to move back and forth between MS Office and LibreOffice with few changes.
Maybe soon a unified CSV handling might be possible.
I can confidently say that CSV support is one of those problems that even the brightest computer scientists will be pondering for the decades to come.
Supporting CSVs sounds like an easy problem, but it’s not. It’s like a whole different complexity type. Time complexity, space complexity, and now, the dreaded subclass between spec complexity and organisational complexity.
You can’t just make the users agree which delimiter to use and how quotes are supposed to work. That’s nearly impossible. No no no.
Commas are too common, we should go with semicolons. And
\n
and UTF-8 by default. And a header that defines changes from defaults, plus metadata such as data logger model and settings. These are some significant quality-of-life improvements but I’d guess it will take another file extension before that happens.I just don’t like that CSV exists as a format and has no standards currently. If you remove commas from CSV then you’re taking the C out of CSV.
SCSV (semicolon separated values) at least sounds like an upgrade to CSV. Or maybe just use something that is flexible but is standard like JSON?
Yeah, SCSV would work, with a .ssv file extension for FAT compatibility.
JSON is overkill, tabular data is often recorded by 8-bit devices. Yes, you can use a dishwasher to cook salmon, but building a dishwasher is difficult and it can break in many more places. Each piece of salmon also needs to be carefully wrapped.
Yeah, I get what you mean. I’m so overprotective of my dishwasher I actually pre-scrub plates very quickly so not to clog the dishwasher (which is pretty similar to sanitizing inputs for putting them in a database I guess). 😊 It’s still much faster than doing the dishes by hands.
But the point is something simple can run on a simple device with minimal supervision.
At that point why not use TSV?
ASCII 0x1f, unit separator and 0x1e, record separator. There’s also 0x1d group separator and 0x1c file separator.
Both CSV and TSV have been a mistake from the start it’s not like they’d be suitable for binary data anyway and not using ASCII control codes specifically made for in-band messaging of record fields means they ate into the printable characters (and yes \n and \t are printable, they move the print head that’s a printing action).
If you want binary compatibility either use bencode or throw ASN.1 at it. The important thing is to have a simple enough data model, don’t try to save code in the base compatibility version, evaluate the whole sheet before export if you have to. Using sqlite as interchange format is a bit hacky, but honestly defensible especially with the code (which kinda is the spec) being public domain.
I love this, but having used ms office extensively for work, we all know it has many more features. Libreoffice isn’t a drop in replacement, but maybe with the increased user base it can become one.
It really depends on the needs.
When my entire company (10k employees) switched to LibreOffice, it was almost fine. There was like 50 ppl who were frustrated at breaking changes. But many adapted and it was a pretty clean transition.
As for LibreCalc, fuck that. What a nightmare. Employees resorted to creating Google accounts to use Google Sheets instead. We still don’t have a solution, and if one particular director gets his way, that whole department might switch back to Windows just for Excel.
Meanwhile another german city (munich) is going back to MS
but maybe with the increased user base it can become one.
You think the state will contribute? I highly doubt that. At best it will be gov specific functionalities.
Well, Munich decided to switch back around the time Microsoft was negotiating about building their Germany HQ there. There have been allegations of backroom dealings, but I dunno if there’s ever been anything proven. There is a very big, very shiny building with a sign that says Microsoft near where I lived when I was there, though.
Though I also read some articles about them partially going back to FOSS, so who knows what they’ll do in the end.
You’d need a massive increase in tech support. Likely more than you’d spend on ms in the first place. Seems a political gambit or a political gaff.
Good. This makes them less vulnerable to the malware that Windows innately is.
I wouldn’t say that Windows is malware itself, but rather it wasn’t created with a security-first stance, which we absolutely need for all OSes going forward. I say this as someone who ditched Windows as my DD (“I use Arch, btw”). I left Windows more for their policies and subscription models that are becoming increasingly anti-consumer.
With that said, let’s not pretend that Linux is immune as has been proven in the past week with xz and liblzma being compromised. Yes, it took 3 years to get to the point their long game paid off, but it still happened through a series of credibility social engineering steps by a single person. (Yes I know others were also trying to do exactly this, but only Jia Tan was successful)
(Yes I know others were also trying to do exactly this, but only Jia Tan was successful)
The reason you know is because the target software is FOSS. Care to bet other similar schemes have been successfully pulled off with proprietary software?
You only know this happened because one dev was benchmarking their system and noticed a 0.5s anomaly in resource usage, and was able to track it down to this. For every one of these that are caught, there are countless more that slip past.
I actually look at it a completely different way. There are so many users optimizing and digging into the core of open source versus proprietary that with so many randoms actions there’s less “vulnerable” dark spots available. If we think there’s a limitless X amount of vulnerabilities (since we don’t know the true ceiling limit), open source will always be “X (vulnerabilities) - 1” compared to proprietary. Completely a math metaphor but gets the point across, It’s a path that lessens the impact which we should be striving for over profit/monopoly motives.
There are so many surveillance built into proprietary software, countries like U.S. probably can just ask for any information from Apple, Google, Facebook, Microsoft.
On the other hand, countries like China and Russia would probably need to compromise these product like Jia Tan did. Except for Apple, because every apple service in China is maintained by a Chinese company with no encryption allowed.
deleted by creator
Of course, there can be malware for open-source systems such as Linux, but it’s generally caught and patched a lot faster.
In the enterprise space, Windows isn’t an issue at all.
This is because enterprise manages security properly - layered, minimum perms to perform a task, etc.
Windows laptops have been tightly locked down since the early 2000’s, including USB ports.
I’ve never seen a virus or malware on a machine in enterprise, and if it were to occur, the most it can damage is the local machine, as network shares are minimal (most data is kept in databases), the shares with write access are limited to small user groups, etc.
Users simply lack permissions to change stuff, so malware lacks it too.
This is because enterprise manages security properly - layered, minimum perms to perform a task, etc.
Apparently Microsoft itself isn’t Enterprise?
I’ve never seen a virus or malware on a machine in enterprise…
Change Healthcare - https://www.msn.com/en-us/money/companies/change-healthcare-hack-what-you-need-to-know/ar-BB1kvg2t
MGM Grand - https://www.cnn.com/2023/10/05/business/mgm-100-million-hit-data-breach/index.html
HP Enterprise - https://apnews.com/article/russian-hackers-hewlett-packard-enterprise-microsoft-sec-breach-cozy-bear-d4e88ded0a47d010216e11f41132f72c
Here’s 12 more - https://www.kaspersky.com/blog/ransowmare-attacks-in-2023/50634/
Users simply lack permissions to change stuff, so malware lacks it too.
Oh something is lacking in your world and I’m not talking about permissions.
Have you been near some sort of news in the last years? Corporations using windows get hacked regularly and they are far off from having everything in a database somewhere. You have no fucking clue. What you are describing is the dream of corporate security newbies, but no big corporation let alone some state government is anywhere close to that.
They have massive shares, where all the people can read and overwrite everything, they open all attachments directly on their machine and click away all warnings without reading them. (Who needs USB if you can mail malware directly?)
This is hell and in Germany dozens of smaller or bigger government networks were hacked and massive amounts of data encrypted last year alone.
I can from personal experience that there is a huge push to get much more secure in the local government space in the US, including adhering to NIST 800-53, and be audited on it. It’s not foolproof, but it’s a much needed step forward towards preventing big events becoming breaches. But if they are a breach they’ll be lower impact. It’s painful to get there, but I’ve been involved heavily in the conversion in policies and procedures to get there.