@fsf I caution against that argument, as it hinges entirely on a legitimate (bug) security vulnerability---it could have happened with GNU/Linux systems as well. It made use of ETERNALBLUE which exploits a Samba flaw (now known as CVE-2017-0144). It's unfortunate, but the conversation would naturally degrade to Linus's Law, which itself is a faulty open source argument---one could use Heartbleed and Shellshock to counter (where the single points of failure are two of the most widely used free software projects in the world).

Microsoft had even released a fix, but people didn't upgrade. That's a problem regardless of whether software is free.

While it's tempting to poke holes in our enemies, I can't find a good excuse to attack Windows for being exploited by ETERNALBLUE or WannaCry. But I'd be more than happy to attack it for many of the other points your link mentions (https://www.fsf.org/windows). One big difference between exploiting Windows vs. GNU/Linux is that Windows already is a virus---it didn't need WannaCry to hold its users for ransom. ;)

@hedgemage @fsf Just to clarify: I don't believe in security without free software. My caution was because I felt it would degrade to the open source argument that free software is technically superior, which can fall apart quickly. Especially with those seasoned in attacking the free software community.

With regards to Linus's Law: OpenSSL and Bash had many eyeballs over the years. Humans miss things, or the right eyeballs aren't looking. But they're still eyeballs. Free software allows _anyone_ to audit the software, but whether the right people do is another story. But it's still essential that this be an option.

@fsf