Windows use in medical spaces (Re: vintage computers in active use)

On 2016-05-27 8:38 PM, Cameron Kaiser wrote: Therac is not the same threat at all. What seems to be missing from the process that leads to specifying Windows is, indeed, threat modelling. The threat of a virus scanner disabling the machine is not the same as a virus disabling the machine, and so on (a proper enumeration of threats would be quite long). The point is that the threat model for a "discrete stupid device" is VERY different from the threat model for Windows. Human error obviously appears in both lists (and can be mitigated!) And these aren't the only 2 options, either... I think we can all agree that when the outcomes are as bad as this, then the engineering process was faulty. A virus scanner (or virus) is a very easily foreseen problem. --Toby