The EC once again shows how clueless grandstanding politicians can cause havoc. The EC taking lefts and rights from Apple, Meta and now Microsoft. The only way to beat these ignorant folks is to band together and that’s what looks like is exactly happening. Nice!
The EC is a big risk to Global Security as this bad update could easily have been malicious. Microsoft should let EC demands apply to the EU and not the whole world.
I hope Apple does not give in to their stupid demands. Apple should sell the watered down versions of their products in the EU. People who want the full products can buy from the UK and other non EU countries.
Apple already gave in to the demands. Third-party solutions have the same access as Apple built-in solutions for malware and virus protection.
The difference is, Apple built-in solution doesn’t have full kernel access unlike Microsoft solution.
If Microsoft makes a mistake it could crash countless PCs worldwide, just like Crowdstrike did this time. Because of EU demands third-party vendors have the same privileges.
The issue is direct kernel access, it’s not that the European Commission is demanding equality between first-party and third-party software.
The problem last week had nothing to do with the EU. It was sloppy coding, sloppy testing and with little to no resilience built into the whole process.
If the EU didn’t FORCE Microsoft to give sloppy third parties like CloudStrike the same security and update status it gives its internal OS teams, then the “sloppy developers” would not even be able to foist this crap on the world.
It’s absolutely the fault of the brain-dead EU policies. Today it’s cloud strike. Tomorrow it will be anyone else.
And now the EU is hoping to turn Apple into the same kind of disaster by removing the guardrails Apple has invested so heavily into.
The EU puts Joe developer over the big companies that are responsible for ensuring critical system stay working properly and disaster ensues. It’s the exact scenario we’ve been talking about since this crap started.
The entire set of policies from the EU relating to American tech companies needs to be reset and left alone. The new commission candidates would be wise to trash that nonsense on the first day in office.
Otherwise, it will be more of this snd in faster succession.
EU forced MS to provide a level playing field - in other words, MS can't sell their security solutions with "only our solution has the permissions to make your computers safe. We don't give the competition that access".
What they obviously could do is to provide APIs rather than direct kernel access. Like Apple does. It's not like MS hasn't had a decade and a half to fix that.
This seems to be totally a QA testing issue. Was any testing done?
So the answer to this is, "it's complicated". Some of this is going to be a bit simplified, but it's accurate enough.
Software on Windows can run in two modes: kernel mode; and user mode. User mode software shouldn't ever be able to cause a BSOD.
Security software needs to run in kernel mode. There are good reasons for this: malware often hides deep in the OS in places where user mode software can't find it. CrowdStrike Falcon works like a device drive, which allows it to reside in kernel mode and access system data structures and services.
"Heck," you're thinking, "so can anyone write a device driver and get their software running in kernel mode?" Well, no: Windows will display a warning unless a driver has passed Microsoft's WHQL testing process. In some cases, Windows won't even allow the driver to run.
Falcon is WHQL certified, so it *should* be pretty robust and not cause a BSOD. But there's a catch: it relies on dynamic definition files, which are deployed to update its configuration. From what I hear, Crowdstrike accidentally deployed one which contained nothing but zeros, which led to a catastrophic error. In other words, they simply deployed the wrong file. No testing will catch that -- it's a file that wasn't meant to be deployed at all.
That seems to be the explanation. An empty file passes all the failsafe checks. So an empty file was loaded and this was followed by an attempt to execute. It all went downhill from there LOL. Now the CEO is coming to be grilled by Congress in the US. I wonder if companies can get any compensation from CrowdStrike as this is so clearly an error that could have been prevented.
The irony is, we actually have a much more competitive market today than we did 25 years ago. Back in 1999, there was Wintel and not much else. Apple had about a 2% marketshare of the PC market, there was no smartphone market, almost all of the RISC guys were throwing in the towel out of fear of Intel, AMD was barely hanging on, etc etc.
Today, we have three major platform companies (Apple, Google, and Microsoft), not just one. We have real competition between Intel and AMD plus multiple very strong ARM-based competitors and RISC-V on the horizon.
This is basically a golden age of competition in computing platforms and the EC is trying to wreck it.
Back then, we had DEC Alpha with multiple operating systems, Sun SPARC, PowerPC with multiple OSes, MIPS (mostly SGI), Itanium on the way...
This is basically a golden age of competition in computing platforms and the EC is trying to wreck it.
It's a golden age of competition in computing because the DoJ and EU both took action to rein in Microsoft in the late 90s and early 2000s. Maybe you're not old enough to remember when Microsoft could get away with anything he wanted, but trust me, it wasn't fun. Ask Novell. Or WordPerfect. Or Lotus. All of whom had better products which got steamrollered because Microsoft controlled Windows.
Wintel won the desktop look around, however they lost the Mobile market and the EU and DOJ had nothing to do with it.
MS PR could have been professional and stayed silent. Now they say that the core of Windows is at risk and on a global scale! Add a full attack on authorities for an 18 year old agreement that MS "forgot" to implement. Attacking authorities might work in US. In most other regions this is a 100% PR disaster. MS should be happy that the EU Cyber Resilience Act is not yet in place or the fine would have been 2,5% of global revenue. Stupid PR team.
Microsoft is pulling the usual IT buck passing when something goes wrong with the computers. That was the standard response of IT at the company I worked for all computer F ups it was never the tools or the software choice.
Nothing to do with Microsoft and everything to do with the EU giving unscrupulous developers unfettered access.
There should be a class action suit against the EU from all counties and corporations as well as all individuals affected.
While cloud strike deserves criticism, it’s not really their fault entirely. Any developer will have mistakes. But the big lawmakers, who are trying to steer the world where they want - bear responsibility for throwing the toddlers into the deep end of the pool and then doing nothing when they can’t swim.
Reverse these stupid policies.
my issue is, this was not a mistake if they had tested this on 1 pc, they would have isolated the issue this was not a case of if you this update MAY cause issues it would CERTIANLY cause issues since it references an area of memory that is NOT valid on ANY windows pc running windows 10 or 11
fi this was an issue with users who had Crowdstrike and a specific version of winzip for example then it would be a mistake, because they can't account for all software ever released
but this would have caused a freshly formatted windows 10/11 pc to crash, even if it had ZERO added software
And because the EU forced Microsoft to allow any developer to have the same level of access to the OS Microsoft does, you have developers who are human, hurried, make mistakes, are sometime unscrupulous, etc. with access way above their pay grade.
Nothing MS can do without breaking their OS AND COUNTLESS software packages that are entrenched in just as countless number of businesses.
The EU simply needs to recognize the mistake and reverse course. It’s not up to the software company to handicap itself and its partners in order to fix a stupid policy decision.
Or Microsoft could correct their OS? The EU should call Microsoft buck passing bluff and say rewrite Windows Kernel access for third parties now.......
Falcon is WHQL certified, so it *should* be pretty robust and not cause a BSOD. But there's a catch: it relies on dynamic definition files, which are deployed to update its configuration. From what I hear, Crowdstrike accidentally deployed one which contained nothing but zeros, which led to a catastrophic error. In other words, they simply deployed the wrong file. No testing will catch that -- it's a file that wasn't meant to be deployed at all.
Thanks for the WHQL reference. I been through that process on a couple of occasions delivering kernel mode drivers for proprietary hardware. I assume proprietary kernel mode drivers are much less common today because of the availability of high speed I/O via standard interfaces like USB, HDMI, DP, Ethernet, etc.
I would agree that this is not a testing issue, but I do think it is a configuration management issue as alluded to by @Imagladry. The bogus file should not have been included in the release package if it was not intended for release. It also seems reasonable that in cases where they do intentionally deploy a dynamic definition file they would recognize and key in on the unique checksum value for a zero-filled file rather than only looking at the file size. But in all fairness, this stuff can happen and can serve as a learning moment, to put it mildly. But OMG, this is one hell of an expensive learning moment. Heads will definitely roll, armies of lawyers will appear from every direction, and some folks are going to spending a lot more time with their families.
MS PR could have been professional and stayed silent. Now they say that the core of Windows is at risk and on a global scale! Add a full attack on authorities for an 18 year old agreement that MS "forgot" to implement. Attacking authorities might work in US. In most other regions this is a 100% PR disaster. MS should be happy that the EU Cyber Resilience Act is not yet in place or the fine would have been 2,5% of global revenue. Stupid PR team.
MS PR could have been professional and stayed silent. Now they say that the core of Windows is at risk and on a global scale! Add a full attack on authorities for an 18 year old agreement that MS "forgot" to implement. Attacking authorities might work in US. In most other regions this is a 100% PR disaster. MS should be happy that the EU Cyber Resilience Act is not yet in place or the fine would have been 2,5% of global revenue. Stupid PR team.
Or cut off the EU, see how well they function.
If they do Microstation might actually make a Mac version of their cad software or Bluebeam might make it to Macs or iPads as a on device program.
Comments
If Microsoft makes a mistake it could crash countless PCs worldwide, just like Crowdstrike did this time. Because of EU demands third-party vendors have the same privileges.
The issue is direct kernel access, it’s not that the European Commission is demanding equality between first-party and third-party software.
What they obviously could do is to provide APIs rather than direct kernel access. Like Apple does. It's not like MS hasn't had a decade and a half to fix that.
That seems to be the explanation. An empty file passes all the failsafe checks. So an empty file was loaded and this was followed by an attempt to execute. It all went downhill from there LOL. Now the CEO is coming to be grilled by Congress in the US. I wonder if companies can get any compensation from CrowdStrike as this is so clearly an error that could have been prevented.
Or Microsoft could correct their OS? The EU should call Microsoft buck passing bluff and say rewrite Windows Kernel access for third parties now.......
https://en.wikipedia.org/wiki/2024_CrowdStrike_incident#Analysis_of_causes
https://www.msn.com/en-us/news/technology/why-did-crowdstrike-update-only-hit-windows-blame-the-eu-microsoft-says/ar-BB1qrhaj
I would agree that this is not a testing issue, but I do think it is a configuration management issue as alluded to by @Imagladry. The bogus file should not have been included in the release package if it was not intended for release. It also seems reasonable that in cases where they do intentionally deploy a dynamic definition file they would recognize and key in on the unique checksum value for a zero-filled file rather than only looking at the file size. But in all fairness, this stuff can happen and can serve as a learning moment, to put it mildly. But OMG, this is one hell of an expensive learning moment. Heads will definitely roll, armies of lawyers will appear from every direction, and some folks are going to spending a lot more time with their families.