It is not about negotiating a better price for Windows. A lot of government organizations switched last year or, in the case of the South Korean army, long ago.
It's not exactly SK trusted Microsoft. Rather, some idiots had this brilliant idea that if you create a piece of code that hooks directly into Windows kernel and messes around with device drivers, your users will be secure, because how would those evil hackers run keyloggers when your security plugin already hijacked keyboard events.
So far so good, but then how do you disseminate this wonderful piece of security technology? By creating an ActiveX plugin and make every user download and install it before they can use your website. And since those pesky new versions of Windows will keep warning "This program may harm your computer, continue?", we just have to tell users to click "OK".
But what if users are trained to always click OK and accidentally stumbles upon a fishing website? Stupid dummy users, they shouldn't have done that! If they accidentally went to a fishing website, downloaded a bad security plugin, and uploaded all their banking credentials, it's their fault!
IIRC Microsoft practically begged South Korea to please stop using ActiveX, it was never a great technology and it outlived its usefulness a long time ago, could we please move on?
Edit: As far as I remember, real fun started when you needed to access two banking websites. Now their security plugins start to fight each other!
Well... going back further, SK was forced to do something when the US banned all crypto export above 48bit or something stupid. SK wanted 128bit and the only way they could do that was via ActiveX. A few weeks later and every bank and eStore was using the Korean rolled crypto instead of the weaksauce crypto that the browser / OS was rolled out with.
You can trace all of this directly back to the combination of Microsoft and the US Government. Microsoft should have pushed back on the government's stupid demand or educated them on why it was stupid, and the government shouldn't have made that demand in the first place.
> That was more South Korea’s own bad crypto policy’s fault
South Korean here, I wouldn’t say it was the government’s fault to enforce better security/crypto tech on the web when banking, right? To be strict, everything really started because of the US’s IMO useless export restrictions. Then it became a legacy that couldn’t be third of for ~20 yrs. I don’t think the policy was great, but it was reasonable at the time.
It was because the U.S. government placed export restrictions on Rijndael. I mean, the alternative might have been for them to just use Rijndael anyway, and that would probably have been better in the long run, but heh. Now that that stuff is out of the way, I honestly can't see why they don't (or didn't until recently?) allow Rijndael or ChaCha20.
Oh, and some required apps simply don't have mac equivalents. Fun times.
It's funny because S.Korea is otherwise quite advanced. It's just their banking/online shopping is a huge hassle compared to using foreign cards.
In order to use my Korean card online, I had to go to the bank, set a password there (valid for 1 year) and have a randomly generated numbers-lookup card printed. I forget the exact term for it. So when I used my bank's debit card online, I guess it would go "type in the number next to 20 on your numbers card". Totally ridiculous. I just never used it because I realized sites like gmarket allowed foreigners to use their cards anyways.
