Global BSOD

[StriderX]

I see this was partly the EU’s fault..

Microsoft blames EU rules for allowing world’s biggest IT outage to happen

European Commission deal prevented software giant from making security changes that would have blocked CrowdStrike update, claims tech giant

www.telegraph.co.uk

So you're pro monopoly? What happens when Microsoft has sole command over those millions of computers and does the exact same mistake?

Welp.

 

[n111ck]

So you're pro monopoly? What happens when Microsoft has sole command over those millions of computers and does the exact same mistake?

Welp.

Then MS would get the blame - in this case its the EU’s fault.

 

[Mr Jack]

Microsoft just say sod the EU agreement and block kernel access again anyway.

Yes, it's a great thing if private companies ignore the law!

This situation could have been avoided if the EU didn't shove it's nose into things.

Preventing the establishment of monopolies is a vital part of the state's role in maintaining functioning markets. The EU has been very strong on this, much to the benefit of everyone; they may not have got the detail of every decision but they've definitely had a positive impact overall.

 

[Mr Jack]

Then MS would get the blame - in this case its the EU’s fault.

In this case it's Crowdstrike's fault.

 

[Murphy]

OS's that aren't immune to crashing caused by EDRs you mean? https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/

EDRs APIs shouldn't cause crashes, an Endpoint Detection and Response API should provide documented, safe, secure, ways of accessing low-level kernel functions, if a particular spin of Linux don't provide such a kernel that's their problem.

Unlike Apple and MS the Linux kernel is open source, that means anyone can write anything they want to interact with it in anyway they want, that why you don't grant programs root privileges unless you either trust it implicitly or know exactly what it's doing.

 

[Diddums]

Then MS would get the blame - in this case its the EU’s fault.

Claims like this need a lot more substance.

 

[Murphy]

Claims like this need a lot more substance.

Good luck with that, i suspect you're asking someone for something they don't understand.

 

[n111ck]

Claims like this need a lot more substance.

Which bit of MS’s assessment do you disagree with?

 

[Murphy]

Which bit of MS’s assessment do you disagree with?

None because they didn't mention that they could've written an EDR API so there was a documented, safe, secure, ways of accessing low-level kernel functions needed for Endpoint Detection and Response. (vs what they seem to be implying they did and open up most, all of, the low level kernel functions)

MS's statement is a lie by omission.

 

[Nasher]

Can't beat YOLO patches on a Friday.

MS needs to tell the EU to jog on. What are they going to do, remove windows from all their systems?

 

[Mr Jack]

MS needs to tell the EU to jog on. What are they going to do, remove windows from all their systems?

Fine them.

 

[Nasher]

Fine them.

Oh no! And when they just laugh?

 

[Mr Jack]

Oh no! And when they just laugh?

You don't seem to have a very good grasp of how companies operate internationally.

 

[Vince]

OS's that aren't immune to crashing caused by EDRs you mean? https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/

You mean two distros of effectively the same OS, of which there are nearly 1000 different distros?... and yep it's broke it before but nobody noticed because the install base where it matters is like 10 machines globally... if Linux wasn't a complete cluster with a 1000 distros nobody asked for, people might actually use it.

Shakes fist at Linux for being, well, Linux

An ERD api sounds a solid route to deal with these sorts of things mind... the whole model with how crowdstrike works seems fundamentally flawed... I had actually queued up a meeting with them to have a look at this "best in breed" solution! I guess I'll probably give that one a miss.

 

[Murphy]

An ERD api sounds a solid route to deal with these sorts of things mind

It's what they did with Windows drivers. It used to be a free-for-all with third party drivers until MS wrote a secure, safe, way for drivers to interact with the kernel.

They should've written an API for EDR's but it seems they either didn't bother or the API is allowing EDR's to do something that brings down the OS.

 

[thebennyboy]

Disruptive rather than destructive, but anyone interested in causing mass disruption would be looking at this and thinking, all we need to do is force PCs to recovery mode.

Imagine if this happened to all Windows PCs, not just those with CrowdStrike installed, the disruption would be far far worse

Agreed, although it likely also did cause some destruction given the systems that it was running. Especially if it shut off any devices running any kind of database.