Microsoft Windows has always been unsafe.

This post from X linked here; it's not mine but sums up my personal and professional stance on Microsoft Windows. It's the most unsafe operating system...and I took that position back in 1992.

Quoted below:

I am a Microsoft security architect.

In 1994, researchers discovered RC4 was fundamentally broken.

We made it the default cipher in Windows anyway.

By 2000, every machine on Earth was running it.

We called it "battle-tested."

Technically true. It lost every battle.

In 2013, more researchers confirmed it was still broken.

We published a knowledge base article thanking them for their passion.

In 2015, the entire industry formally deprecated it.

We kept it enabled by default.

Compatibility is more important than security.

Security is just compatibility with not being hacked.

Hospitals ran their patient records through it.

Banks authenticated their transactions with it.

Fortune 500 companies trusted their crown jewels to it.

The Ascension breach happened. 5.6 million patient records. 140 hospitals offline.

Ransomware walked through our cipher like it wasn't there.

It basically wasn't.

Senator Wyden called it "gross cybersecurity negligence."

He demanded an FTC investigation.

We released a statement thanking him for his continued partnership.

After 26 years of careful consideration, we've made a decision.

We're going to disable RC4 by default.

In mid-2026.

We're giving everyone 18 months notice.

Because we believe in thoughtful transitions.

We've been thoughtfully transitioning since the Clinton administration.

Two Clintons could have run for president in the time we've been "evaluating options."

Some things are just hard to kill off.

Like a legacy cipher.

Or institutional momentum.

Or the phrase "we take security seriously."

We do take it seriously.

We just don't take it urgently.

Urgency is for startups.

We're a mature organization.

We mature our vulnerabilities like fine wine.

26 years.

That's not negligence.

That's commitment.