Medical Equipment Crashes During Heart Procedure Because Of Antivirus Scan (softpedia.com) 266
An anonymous reader quotes a report from Softpedia: The device in question is Merge Hemo, a complex medical equipment used to supervise heart catheterization procedures, during which doctors insert a catheter inside blood veins and arteries in order to diagnose various types of heart diseases. According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly.
No problem (Score:5, Funny)
Our antivirus is completely up to da
Upgrading to Windows 10......
Re: (Score:3, Insightful)
Many(most) Hospitals and medical centers are still stuck on Windows XP, there's no upgrading to Windows 10.
Re: (Score:3)
seriously. hospital IT has to lag way behind, often because vendor software doesnt support newer OS versions. I know a medical center that has thousands of desktops and only started rolling out windows 7 last year.
I was an intern there 5 years ago, and i was on the team that was deploying XP SP2 [yes, 2, not a typo] at the time.
many of their software vendors are the frickin worst.
there were some scanner pcs, like for x-rays or MRIs or something, i don tknow what, that ran Windows NT or Win2k--i would not be
Re:No problem (Score:5, Interesting)
Having worked in biochem, it's not the hardware vendors causing the lag, it's the FDA-mandated cGMP validation and certification process that takes for.fucking.ever and has to be repeated for every tiny little change. Yes, it helps ensure quality and consistency, but it is painfully slow and discourages change, however desirable.
Re: (Score:3, Insightful)
The only sane way to develop such a thing would be for the vendor to be responsible for the entire software stack from the firmware on up. This sort of stuff should never be built on Windows in the first place!
Re: (Score:3)
I really can't tell if you're joking or not. I guess you are, since you are very far from reality.
If you did mean this to be taken serious, I'd like to see you give a cost estimate for building a "hello world"-app as per your proposal.
Re: (Score:2)
I'm not saying you should be redeveloping an entire OS every time. I'm saying that you should maintain a fork of the OS along with your application. In life-safety-critical situations, you need to have complete control of the environment in which the software is running.
Re: (Score:2)
Your fork will contain all the vulnerabilities (known and unknown) that are present at the time of the fork.
The problem here is negligence in not patching the vulnerabilities when possible. If you're going to patch when possible, you might as well run with a standard release - delayed to give time to validate said release for acceptable regressions. This is sort-of what's done today, except that many validations are indefinitely delayed, until a substantial problem is reported.
Re: (Score:2)
Re: (Score:3)
Because Windows is designed at every stage to be a general purpose computer. It is marketed primarily to corporate and home users. But these are specialized machines. They may not have a UI that conforms to any Windows standard, there is absolutely no need for a "desktop", they're always turn-key systems. Windows brings no advantages to the system unless it's as a display platform, in which case you separate the Windows machine from the medical machine and have them be independent (ie, take X-rays from
Re: (Score:3)
But these are specialized machines. They may not have a UI that conforms to any Windows standard, there is absolutely no need for a "desktop", they're always turn-key systems. Windows brings no advantages to the system unless it's as a display platform, in which case you separate the Windows machine from the medical machine and have them be independent
Indeed, and this was the case here. The equipment itself didn't run windows, it did it's stuff and sent data to monitoring / logging software on windows via a serial link. The display and monitoring software was what froze. But more interestingly it froze entirely because someone didn't RTFM when they setup the machine.
Idiots and crappy programmers are OS agnostic.
Re: (Score:3)
Ordinarily, FDA will not need to review software patches before a device manufacturer puts them in place. FDA views most software patches as design changes that manufacturers can make without prior discussion with FDA. ......For example, manufacturers need to seek FDA's approval or clearance before installing a software patch if it would change who it’s for, what it does, or how it works (a change in the indication for use), and/or it would make the device less safe and effective.
Re: (Score:2)
You ARE aware that CE and XP are about as airtight as a sieve by now, yes? That users can't fuck with stuff is a HUGE claim when you make it for an OS that has not been patched for years but that has received new exploits on an almost daily base.
RT OS for Reatime tasks (Score:5, Insightful)
Picking an OS that clear says not use it for real time possible life endangering task is a huge mistake!! QNX, RT_Linux, and more!!! Hello!!!
Re:RT OS for Reatime tasks (Score:5, Insightful)
I have often wondered about this. Does Microsoft sell Windows license with a EULAs that don't contain prohibitions for uses cases like these?
The Microsoft software was designed for systems that do not require fail-safe performance. You may not use the Microsoft software in any device or system in which a malfunction of the software would result in foreseeable risk of injury or death to any person.
In most other engineering professions if you picked a component specifically labeled and sold as not fit for use case you'd be taking on all kinds of liability. Can you imagine if an architect decided to build a parking deck and spec'd concrete be mixed from a cement product labeled "not for structural use?"
I can hear the lawyers salivating at the very idea. Yet Windows is used in off label ways seemingly all the time.
Re: (Score:2)
I completely agree with you, but this case isn't like a Da Vinci surgery robot crashing (or going haywire!) in the middle of the surgery. It's more like the camera/imaging equipment crash. Yeah, the cardiologist was probably pissed/confused and the OR techs and nurses were freaking out a bit, but I doubt the patient was in any actual direct danger from the crash. Any danger would indirect, such as prolonging the procedure and exposing the patient to more anesthetic, or rendering the procedure futile and the
Re: (Score:3)
I don't know, I mean IANAHS (I am not a heart surgeon) but it seems to me that we are using all kinds of imaging equipment to do things like laparoscopic surgeries that we could not have done before. This isn't like the lane departure warning sensor in your car failing, where you can just drive like you always used to do. Its seems very possible that the loss of imaging equipment in the OR mid surgery could throw the entire plan off in away that very well could endanger the patients life.
Even monitoring e
Re: (Score:3)
Except the camera is how they see. You should look up the procedures for heart catjorization and how they put in stints. It is scary if you go blind at the wrong time.
Re: (Score:2)
Yeah, the cardiologist was probably pissed/confused and the OR techs and nurses were freaking out a bit, but I doubt the patient was in any actual direct danger from the crash. Any danger would indirect, such as prolonging the procedure and exposing the patient to more anesthetic, or rendering the procedure futile and they'd have to try it all over again the next day.
Those are all bad enough. Surgery is serious business, and forcing a surgery to be botched so that the patient has to go through with it agai
Re: (Score:2)
I sure hope the patient in this case sues the hell out of everyone involved here for using a Windows-based solution.
In that case the patient won't get very far with his case. The point the patient *could* try to win the case on is whether the GxP-process included testing on the operating system used for the procedure, and the other software on it. What were the installation instructions for the software and where they obeyed to the letter? If it says "Install on windows XP and use whatever you like because it will run" it's likely the vendors are liable. If it says otherwise, the hospital may be liable.
Of course, liable
Re: (Score:2)
Picking an OS that clear says not use it for real time possible life endangering task is a huge mistake!! QNX, RT_Linux, and more!!! Hello!!!
Absolutely, and I hope the manufacturer gets sued into oblivion followed by criminal litigation for the C-level. There should be zero tolerance for this kind of insane sociopath behavior that trades people's lives for dollars.
Everyone wants to use commodity hardware and a commodity operating system because it saves (a lot of) money and is "easier" to design and develop. The only problem is your Visual Basic 6 heart monitor with a UI written in Flash running on Windows 8 with McAfee and Microsoft fucking e
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Nobody just don't care before it's their precious mommy that is going because of it.
Ain't nobody got time for that.
Re: (Score:2)
I sure hope there's some utterly gigantic lawsuits for this bullshit before too many people get killed. There is absolutely no excuse for using Windows in any life-critical application. Even Microsoft says so in their EULA.
Re: (Score:2)
But they effin' should!
Isn't that their job? To find out whether a system is "good enough" for use in life-or-death situations? How could they possibly approve a system that says ITSELF (i.e. it's not something you find out during testing, but the SYSTEM ITSELF TELLS YOU UPFRONT) it's not up to the job?
Re: (Score:2)
Doctors don't get the ability to mandate the equipment they use. They can insist - but that doen't mean the PTBs are listening.
What's a PTB?
Comment removed (Score:5, Funny)
Re: (Score:2)
Very interesting, usually QNX gets glowing praise, but it does seem like a lot of that praise comes from people who've never worked directly with it and are just passing on the general reputation, much like people saying how great BMWs are even though they've never driven one or worked on one. (How do you know that "German engineering" is so great if you've never actually worked on one of them? FWIW I've never worked on one either, I'm just pointing out this fallacy.)
What RTOSes would you suggest for this
Re: (Score:2)
Manufacturer Narrative from FDA report. (Score:5, Informative)
Based upon the available information, the cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect. The product security recommendations, (b)(4), explicitly state, "the intent of these guidelines is to configure the anti-virus software so that it does not affect clinical performance and uptime while still being effective. To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files. Our experience has shown that improper configuration of anti-virus software can have adverse affects including downtime and clinically unusable performance. ".
Re: (Score:2)
To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files.
Right because there is no possible way the application could have a parsing bug handling patient files, that could lead to buffer overflow and an RCE or anything like that.
Its also true that similar bugs have never been found in commonly used image handling libraries...
Oh wait the second one is definitely not true and the first has at least a non-zero probability.
Re: (Score:2, Insightful)
Which completes excuses the unhandled exception in the product that they clearly knew about, or they wouldn't have so explicitly worded the instructions. I see the manufacturer failed to learn the lessons from the Therac-25.
Any system that requires humans to follow instructions that they read once a long time ago, but must follow exactly on a rarely performed task is an accident waiting to happen.
Re: (Score:3)
Based upon the available information, the cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect.
Fact is, this is exactly what you are going to get when using a Windows based system. You assume at the beginning that all problems are your fault, and that you must anticipate everything.
Based upon experience, they were also at fault because they were using Windows. Never at fault is the Windows operating system.
Re: (Score:2)
You're trolling uncontrollably.
Of course you are 100 percent correct. Unfortunately, reality does not agree with you. A lot of places are using life critical applications with an operating system not ever supposed to be used that way. Since Windows can never fail, and all failures are anyone eles's fault but Windows, I have no idea why Microsoft didn't make them sign a document absolving them of any responsibility when it did fail.
Because like it or not, Windows systems which have the not Microsoft's fault - ever - failures all of t
So the manufacturer knew about the problem (Score:2)
What that says to me is that the manufacturer knew about the problem and shipped it anyway. The usual and customary practice with Windows systems, especially older versions, is to install anti-virus. On critical systems, anti-virus would be considered best practice and not installing AV could be considered reckless. The manufacturer knew that protecting the machine in the ordinary manner would endanger patients and they did nothing to either alleviate the danger (don't CRASH just because an AV scan is runn
Re: (Score:3)
Don't use windows for this (Score:3)
Use some dedicated hardware with a custom software system with only components designed for the purpose of the machine and nothing else. Harden and sanity check the hell out of the I/O and connect THAT to your idiot box.
Re: (Score:2)
Use some dedicated hardware with a custom software system with only components designed for the purpose of the machine and nothing else. Harden and sanity check the hell out of the I/O and connect THAT to your idiot box.
On the one hand, that makes perfect sense, and removes a whole bunch of failure modes.
On the other hand, that makes it a more expensive device to build and maintain, increasing the cost of health care all around, and ultimately squeezing out other components of health care.
Medical devices deal with risk minimization, and that often involves deciding which risks are acceptable. If the device can be sold for $5,000 based on a Windows PC, and $15,000 based on a proprietary hardware stack, and because of that
Re: (Score:2)
You don't need a proprietary hardware stack, you just need a decent RTOS. There's plenty of them out there. But you're not going to be able to use Visual Basic with those.
Re: (Score:2)
An even better idea would be to quit relying upon technology, because it won't always be there for you, as quite handily proven in this case.
If you, as a doctor, need a computer to perform a task that did not originally require one, you're failing the basic concepts of medicine.
Re: (Score:2)
Without technology, doctors wouldn't be able to do a lot of the stuff they can do now.
This is like saying we don't need ultra-reliable avionics systems because we shouldn't rely on technology, so we should just go back to horses and wagons.
Relying on technology is fine as long as you do it right. Using Windows doesn't qualify there. It'd be criminally negligent to use Windows on an airplane's avionics systems, and it's no different for medical systems.
Re: (Score:2)
It's more criminally negligent to utilize general-purpose stuff for specialized medical operations.
This is why we have application-specific hardware.
Re: (Score:2)
You don't need a computer to run a camera. To boot, a single-purpose medical device shouldn't need some massively complex operating system PLUS anti-virus.
So was this out of spec? (Score:5, Insightful)
Re: (Score:2)
To be fair on access scanning can be really harmful to performance and in many cases cause crashes and other I/O problems with applications that do heavy I/O with large files.
AV is basically only a valid approach to security in situations where high availability is not a hard requirement.
Re: (Score:2)
Re:So was this out of spec? (Score:4, Insightful)
oblig:
https://xkcd.com/463/
Clearly, someone is doing their job horribly wrong.
Re: (Score:2)
Re:So was this out of spec? (Score:5, Informative)
Re: (Score:2)
I'm sure it was tested...badly. Looks like an epic fail of cGMP validation.
Re: (Score:2)
Re: (Score:2)
That's what they make epoxy for.
Scanning for viruses during heart surgery (Score:5, Funny)
Sometimes 'antivirus' is a warning sign... (Score:5, Interesting)
Seriously? (Score:3)
Why would anyone use Windows for a real-time critical application? There are small real-time OS's designed just for such applications.
Re: (Score:2)
If anything, blame the FDA. They would have had to approve the software that requires this configuration.
Re:Seriously? (Score:5, Informative)
Re: (Score:2)
The AV software locked the log to perform the scan, and the medical device crashed. They had to reboot the PC to keep working.
While not expected, this sort of failure (logging device unavailable) IS predictable, and IMHO should;t have caused the crash in the first place. I'm a big fan of a "broken windows" style of software assessment. If I can see something broken (no matter how trivial), it makes me start to wonder what other things could be amiss that I can't see.
Or to give a car analogy. If I have a car with mis-matched seams between panels, I'm going to be worrying about what other parts of the car have been treated with t
Re: (Score:2)
So it WAS a flaw in the medical device. An error thrown to indicate logging was non-functional is the proper result for a remote file being locked, not a system crash. Who QA'd this device, Microsoft?
Re: (Score:3)
What kind of messed-up device. This has been solved for ages. First, if the logs are critical, make a local copy. And second, if you send them off, use UDP so that network failures or failure of the remote logger does not block anything on the local machine. You know, like rsyslogd. But I guess this is just another example of cheaper-than-possible "programmers" at work, the kind that does not understand system administration or networking.
Doctor's Computer? Really? (Score:4, Insightful)
"Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. "
I seriously doubt the computer was owned by the doctor. More than likely, it was procured, set up and managed by a team of IT specialist at the hospital/clinic who know little to nothing about the software that might be running on it. Likewise, if the company supplying the software isn't providing a dedicated, hardened box to run the software on, they share the blame as well. Or, I have seen dedicated boxes with all kinds of crap loaded on them by operators who had no clue what the consequences might be. The bottom line here is that maybe computers should be kept out of the operating room. Or maybe doctors shouldn't be allowed to use them.
Was the patient a politician? (Score:2)
If the patient was a typical politician, maybe this was actually a divide by zero error?
So, the computer is connected to the internet? (Score:2)
Really?
Why anyone would put anti virus software on a computer that is isolated from the net, has likely all USB ports disabled etc. is beyond me.
Make the damn boot drive read only, put the data on a different drive/partition ... then you can even keep USB and DVD reader/writer accessible.
Just don't put a windows PC into any network unless you really knwo what you do.
General purpose OS not suitable for critical use (Score:5, Interesting)
. ,even though it wasn't?), and that being able to use their knowledge of Windows is a benefit that will make their system better.
It is easy to fall for the siren-song hype from the marketeers that the general purpose operating system is up to the task (remember Microsoft's marketing push that Windows CE was a real-time operating system
Whether it is a weather application being used on live television, or a computer being used in an operating room, Microsoft has shown that Windows is not a proper steward of serious systems programming.
Re: (Score:2)
At some point, the developers of computers that are used in critical situations (medical operations, battleships, etc) will soon realize that it is to the detriment of their end users to use a general purpose operating system for systems.
It doesn't matter; the developers have no input about the OS to be used. That decision is made by management.
Re: (Score:2)
>
Whether it is a weather application being used on live television, or a computer being used in an operating room, Microsoft has shown that Windows is not a proper steward of serious systems programming.
Heh. Go to any major airport with nice big screen monitors showing flight information and some percentage of them will have Windows dialogue box on them informing you of some problem...
And on the bright side... (Score:2)
It didn't try to update to Windows 10 in the middle of the procedure!!!!
I swear there has to be an international body that can declare Windows as a virus that must be eliminated from the planet before humanity can move forward.
Logfiles? (Score:2)
Whatever happened to a simple audio log? We've got recorders that encode directly to MP3. Just make the recording and copy it into patient files after the end of procedure.
This 'do everything with a computer' mentality is exactly why we have these nonsensical issues happening in the first place.
What if.. (Score:2)
Damnit, it is a MEDICAL INSTRUMENT! (Score:4, Interesting)
MEMO TO IT GUYS: Stop treating medical instruments like they're desktop computers! Find another solution, or AT LEAST be smart about how you're installing your junk on it, IT IS A MEDICAL INSTRUMENT, DAMNIT!
Re:Damnit, it is a MEDICAL INSTRUMENT! (Score:5, Interesting)
The stupidity of some IT people is staggering. We had one case where they put AV on a highly isolated system and then had to compromise its isolation to allow over-the-net updates. When we told them that the system was not isolated anymore and that at the very least the AV vendor could now attack them over the network, they did not even understand what we were talking about. They mumbled something about "all machines must have AV".
Re: (Score:3)
They mumbled something about "all machines must have AV".
That's pretty much the long and the short of it, yes. They don't seem to understand that it's primary function is as a medical instrument, and that compromising that may compromise the health or even the life of a human being. I'm surprised the FDA doesn't get more involved in things like this, since there is extensive testing of any medical instrument before it is allowed to be sold in the U.S., and especially so in the case of anything computerized. Of course I've always thought it was absurd that any med
Re: (Score:3)
Read my sig
why are they using an insecure OS? (Score:2)
why are they using a general-purpose OS, supplied by a company that's known not to care about security (because it costs money and profit), for *life* saving mission-critical software? i don't understand.
Design insanity (Score:2)
Who in their right mind designs life-critical systems around off the shelf operating systems like Windows? There's a reason aircraft computer systems are custom and highly redundant. Medical equipment of this caliber is no different.
What company produced this system? Their accreditation should be revoked.
Re: (Score:2)
It is a question of cost. A Linux/QNX/BSD coder is expensive. A Windows coder is cheap, hence more profit.
maybe (Score:2)
Now doctors will need full admin rights + app admi (Score:2)
Now doctors will need full local admin rights + app admin rights to turn off anything that may get in there way. In some settings (more likely with poor IT in place) may even need domain admin rights so they can over ride / block GPO's.
Re: (Score:3, Insightful)
Re:Windows 10 update will kill human beings (Score:5, Funny)
For what? This was an antivirus scan and the report itself doesn't mention an OS. Furthermore, this crash brought down the whole system. If developers are writing their software to utilize drivers, they ought to make sure those drivers aren't so buggy that the mere stopping of data will tank the entire system...especially a system that should be as close to "bulletproof" as bulletproof can be in the technological sense of the word.
Windows can never fail - only we can fail Windows.
And Bulletproof and Windows never belong in the same sentence.
Re: (Score:3, Insightful)
Re: (Score:3)
Why can't we use bulletproof and Windows in the same sentence? According to the report it was the AV scanner that caused the application to crash. The PC was then required to be rebooted for the application to start working correctly. Arguably the client software is at fault for not being able to recover from a situation where "communications" get lost.
It is not reasonable to single out the OS, the AV software, or the application. The three were combined, along with some specialized hardware as a system with an arguably life-or-death role in the OR. This was a bad choice, for all the reasons previously stated. If you're going to place the system in a role as critical as heart surgery, far more serious attention should have been paid to it's availability and reliability. Yes, the AV scan disrupted things, the OS had no way to know that the application soft
Re: (Score:3)
If this machine running an AV is so intimately tied to a medical procedure having to do with the human heart, I hope to God its not also on the internet and is a standalone machine. As a standalone machine, I don't see any reason for any AV beyond perhaps a scanner if/when a USB drive is inserted. And since the machine in question has an AV that so spectacularly crashed, I'm gonna go out on a limb and speculate it was running Windows.. (shudder)
Re:Windows 10 update will kill human beings (Score:4, Insightful)
Having a Windows based medical system is stupidity in itself. Even having an antivirus scan in embedded software is ridiculous, they should be stand alone devices, not dependent upon some apathetic home consumer company, not connected to the internet, etc. And yet so many developers are so amazingly uneducated and inexperienced that they think Windows is the perfect solution to everything, managers love Windows because they can hire so many cheap ass developers for it and mistakenly think they can save time this way. Maybe Windows is not the flaw, but the Windows mindset certainly is.
Re: (Score:2)
What about the sentence you typed?
Pork Rinds? That or a Chewbacca coffee mug!
Re: (Score:3, Insightful)
There is no need to mention an OS - the only system that such problems with viruses is Windows, and the only OS that embeds a virus scan in the kernel IS windows. No other OS locks data like that.
"as close to "bulletproof" as bulletproof can be"
Certainly leaves out using Windows.
Re: (Score:2)
Antivirus software itself can be the weak link in Windows. I had Avast AV seemingly freeze Windows 7 when I tried to launch my own app on it - even after just building the app with Visual Studio on that box. By 'freeze', I mean not only refuse to run the app, but do it without popping up any notification, and without failing in a way that Windows Explorer can recover from. I would end up with multiple processes in Task Manager that could not be killed from there, and the entire Windows launcher frozen.
Th
Re: (Score:3, Insightful)
This is what I don't get. Why the hell is AV software running on a realtime apparatus?
1: If AV software is needed for legal eagle reasons, code a scanner for embedded use that runs -only- when the machine is offline and not doing anything. When the switch to online it is flipped, any scans and such get stopped immediately.
2: A medical machine should be air-gapped anyway, with firmware updates done via files on a signed SD card. There should never be a vector for introducing malware onto a machine witho
Re:Windows 10 update will kill human beings (Score:4, Insightful)
This is what I don't get. Why the hell is AV software running on a realtime apparatus?
1: If AV software is needed for legal eagle reasons, code a scanner for embedded use that runs -only- when the machine is offline and not doing anything. When the switch to online it is flipped, any scans and such get stopped immediately.
2: A medical machine should be air-gapped anyway, with firmware updates done via files on a signed SD card. There should never be a vector for introducing malware onto a machine without physical access.
3: Have the designers even done testing where the AV software (or even worse, GWX) fires up during a procedure? This is basic Q&A here, and for the astronomical cost of medical equipment, should be assumed that this was done.
From TFA, I'd lay the blame of this at the feet of the device maker. They need to use a real OS, or at least ensure that there is no state their environment can get into that can cause this.
The AV software wasn't running on the medical device, it was running on the Doctor's computer. The Doctor's computer has a software app that gathers data from the medical device and, it seems, that there is some requirement for the medical device to be able to read this data as well. Or perhaps the App has some command and control functions. Either way, the AV software ran, freezing up the app on the doctors computer and causing the medical device to crash.
In my opinion, the hospital should have an air-gapped dedicated system for this instead of relying on the doctor's laptop.
Re: (Score:2)
For what? This was an antivirus scan and the report itself doesn't mention an OS. Furthermore, this crash brought down the whole system. If developers are writing their software to utilize drivers, they ought to make sure those drivers aren't so buggy that the mere stopping of data will tank the entire system...especially a system that should be as close to "bulletproof" as bulletproof can be in the technological sense of the word.
Alternatively, only certify the software to run on hardware they provide and configure; since there is no way that can anticipate what else will be running on a non-certified machine. Even with a certified machine, unless you make it impossible to load anything else someone will find a way to load a program that crashes yours. I had that happen on a server we installed to run a specific program; despite clear warnings not to install any software on it someone did and crashed our program. their excuse, "We s
Re: (Score:3)
From the connected article, the antivirus software on the doctors' PC was configured to run a scan hourly, and when it was scanning the application's folders, it froze access to the files in those folders. The application was designed to require real-time access to its data, and failed spectacularly when it was blocked, crashing the computer. Fortunately, the situation was not time-critical, and the doctors were able to take the time to reboot the computer and restart the application without endangering the
Re:Windows 10 update will kill human beings (Score:5, Insightful)
IIRC the EULA of every Windows version so far said that the OS must not be used in life-or-death critical operations.
Not that it isn't used in, say, nuclear plants (which are explicitly cited in the EULA, btw), but if you use something that is clearly not good enough for the job, and even tells you that it's too crappy for important tasks, well, you can't really complain, can you?
Re: (Score:3)
Not that it isn't used in, say, nuclear plants
It's not. There's not an industrial control system in existence nuclear or otherwise which runs it's control routines on a windows platform. They run on proprietary code embedded in control processors which happen to take input from a piece of software over the network which may be based on Windows. Should that piece of software (or the underlying OS) go down, nothing at all happens and the controllers happily keep controlling.
Windows is nothing more than a TV remote control in this case. The TV doesn't mag
Re: (Score:2)
Re: (Score:2)
I see what you did here, tehehehe
Re: (Score:2)
Any fancy software that displays information on a client PC and feeds clinical data into a patient records system should be epiphenomenal to the operation of the equipment.
But it seems like the hardware may have forgone having an embedded display and on-device control of the essential features, delegating those to a pc terminal.
Re: (Score:2)
Name a browser that hasn't had a vulnerability that can be used to install malware (Hint: even Lynx as had them)
Re: (Score:2)
Too expensive. Medical equipment already comes with an often insane price-tag.
Re: (Score:2)
In my experience, a design-flaw this fundamental is due to coders that do not understand system administration and networking and have no clue about the failure-modes to be expected. Quite common these days.