ianbetteridge

About

Username: ianbetteridge
Joined: November 2023
Visits: 2
Last Active: July 2024
Roles: member
Points: 269
Badges: 0
Posts: 11

Reactions

24Like0Dislike49Informative

Microsoft blames European Commission for global CrowdStrike catastrophe

ianbetteridge

July 2024

bloggerblog said:

This blunder will push companies to choose Linux over Windows for their infrastructure

This *could* have affected Linux, too. We really got lucky that it didn't, given the amount of infrastructure that runs on it.
Microsoft blames European Commission for global CrowdStrike catastrophe

ianbetteridge

July 2024

M68000 said:

This seems to be totally a QA testing issue. Was any testing done?

So the answer to this is, "it's complicated". Some of this is going to be a bit simplified, but it's accurate enough.

Software on Windows can run in two modes: kernel mode; and user mode. User mode software shouldn't ever be able to cause a BSOD.

Security software needs to run in kernel mode. There are good reasons for this: malware often hides deep in the OS in places where user mode software can't find it. CrowdStrike Falcon works like a device drive, which allows it to reside in kernel mode and access system data structures and services.

"Heck," you're thinking, "so can anyone write a device driver and get their software running in kernel mode?" Well, no: Windows will display a warning unless a driver has passed Microsoft's WHQL testing process. In some cases, Windows won't even allow the driver to run.

Falcon is WHQL certified, so it *should* be pretty robust and not cause a BSOD. But there's a catch: it relies on dynamic definition files, which are deployed to update its configuration. From what I hear, Crowdstrike accidentally deployed one which contained nothing but zeros, which led to a catastrophic error. In other words, they simply deployed the wrong file. No testing will catch that -- it's a file that wasn't meant to be deployed at all.
Microsoft blames European Commission for global CrowdStrike catastrophe

ianbetteridge

July 2024

blastdoor said:

This is basically a golden age of competition in computing platforms and the EC is trying to wreck it.

It's a golden age of competition in computing because the DoJ and EU both took action to rein in Microsoft in the late 90s and early 2000s. Maybe you're not old enough to remember when Microsoft could get away with anything he wanted, but trust me, it wasn't fun. Ask Novell. Or WordPerfect. Or Lotus. All of whom had better products which got steamrollered because Microsoft controlled Windows.
Microsoft blames European Commission for global CrowdStrike catastrophe

ianbetteridge

July 2024

mikethemartian said:

Does Crowdstrike have access to the Linux kernel? If so, has it resulted in any major issues?

Yes it does. And CrowdStrike Falcon has been linked to kernel panics on Linux in the past. This one didn't affect Linux though.
Microsoft blames European Commission for global CrowdStrike catastrophe

ianbetteridge

July 2024

9secondkox2 said:

Yep. The geniuses at the EU made it so cloudstrike can bypass Microsoft safeguards entirely and push their own junk directly onto Microsoft systems.

Sigh. No, no they really didn't do that. Please go and look at this web page.

From there, you can download the Word document called "Microsoft Interoperability Undertaking", which is the agreement that Microsoft is claiming "made" it give kernel access to third parties.

Go to Section C, paragraph 42, which is the undertaking concerning security software. Find the bit which mandates kernel access. I'll wait. And I'll be waiting a long time, because no such mandate exists, despte what certain pundits with bees in their bonnet about the EU might have told you.