Global BSOD

So was crowdstrike deployed during either of previous nhs ransomware attacks - is it of proven merit versus microsoft offering ;

can imagine all the IT teams excuses well we weren't the only muppets with our diversity approach.
 
Heres a more basic explanation of the EU’s culpability for those that struggled with the telegraph article.

Yea, very basic. So basic in fact that it's highly misleading.

I mean since when has "allow developers to offer apps through third-party marketplaces and websites" been even remotely similar to allowing third party code to run in ring 0 when even device drivers are restricted to level 1 privileges.
 
It looks like CrowdStrike may have released a proper remote fix for this now. It updates on boot and quarantines it's own file to stop the BSOD but you have to opt in to get it. If true, it should make things much easier for a lot of people!
 
Yea, very basic. So basic in fact that it's highly misleading.

I mean since when has "allow developers to offer apps through third-party marketplaces and websites" been even remotely similar to allowing third party code to run in ring 0 when even device drivers are restricted to level 1 privileges.

Where does it say they are similar? The apple angle here is because its an apple focussed website.
 
Where does it say they are similar?
Do you know what implied means.
The apple angle here is because its an apple focussed website.
No, really! I would never have guessed that a website called macrumors was an apple focussed website. :cry:

As you seem to favour listening to what apple focussed websites have to say on the issue lets check what a more knowledgable apple focussed website has to say...

Apple’s protections meant Macs weren’t affected​

It didn’t take long to understand how one faulty update from a third-party company could create an IT disaster on such an unprecedented scale.
These programs have to be given access to inspect the very core of the computers’ operating systems for security defects. This access gives them the ability to take disrupt the very systems they are trying to protect.
Macs weren’t affected because Apple doesn’t allow security apps to have such deep-level access to the operating system. Instead, macOS itself does the type of monitoring performed by CrowdStrike, then allows security apps to see the results.
The root of the problem is that CrowdStrike’s tools run at very deep levels on Windows. On the Mac, they can’t run at those levels – anymore. Apple’s Endpoint Security Framework is a modern API toolkit designed to help security vendors build security solutions for the Mac. It was introduced in macOS 10.15 Catalina and provides a comprehensive set of tools and services to monitor and secure endpoints.
The framework allows developers to monitor various security-related events, such as file system access, process creation, and network connections. This enables real-time monitoring of activities on a Mac, but it does it in a way that protects user privacy and also limits how low a level it can run.
(Source)
And...

9to5Mac’s take​

Apple was right. Building a modern enterprise API for endpoint detection was not easy, and the entire industry had to transition with them. Apple’s framework is how it should be done. An endpoint security tool should not be able to crash a system to the point where it’s unusable.
This is one of the ways Mac users are able to protect themseveles against things like the CrowdStrike outage from happening. When Windows PCs were offline on Friday, customers and businesses alike could rely on their Mac.
Because of Apple’s ecosystem and things like the Endpoint Security Framework, the company is significantly less exposed to third-party problems like what we saw with CrowdStrike and Windows PCs.
(Source)

In your, and some others, rush to blame the big bad EU you missed the fact that some people may actually know what they're talking about, that MS blaming a ruling by the EU from 16 years ago would be exposed as the ass covering that it is.

That MS should've done what Apple did of their own accord more than 4 years ago.
 
Do you know what implied means.

No, really! I would never have guessed that a website called macrumors was an apple focussed website. :cry:

As you seem to favour listening to what apple focussed websites have to say on the issue lets check what a more knowledgable apple focussed website has to say...

(Source)
And...

(Source)

In your, and some others, rush to blame the big bad EU you missed the fact that some people may actually know what they're talking about, that MS blaming a ruling by the EU from 16 years ago would be exposed as the ass covering that it is.

That MS should've done what Apple did of their own accord more than 4 years ago.

That Apple is better than MS is not in doubt- the issue is that MS is bound by the seriously flawed agreement with the EU.
 
That Apple is better than MS is not in doubt- the issue is that MS is bound by the seriously flawed agreement with the EU.
No. The point is MS could have, should have, done what I've been saying and what Apple did, more than a decade ago.

Your hatred of all things EU is blinding you to the fact that MS should've provided an API so security vendors had a framework that allowed them to monitor various security-related events, such as file system access, process creation, and network connections.

e: If the agreement with the EU is seriously flawed then how did Apple manage to provide a framework that allowed third parties to monitor various security-related events without compromising the kernels ring 0 security privileges?
 
Last edited:
No. The point is MS could have, should have, done what I've been saying and what Apple did, more than a decade ago.

Your hatred of all things EU is blinding you to the fact that MS should've provided an API so security vendors had a framework that allowed them to monitor various security-related events, such as file system access, process creation, and network connections.

e: If the agreement with the EU is seriously flawed then how did Apple manage to provide a framework that allowed third parties to monitor various security-related events without compromising the kernels ring 0 security privileges?

The articles all clearly state MS is bound by the agreement whereas Apple isnt.

Your bizarre infatuation with a bunch of third countries trading arrangements is blinding you to the fact that the EU is essentially a protection racket to enable its own **** poor tech sector to leach of bigger and better non EU companies. Something which has now led to the largest IT outage in history.
 
The articles all clearly state MS is bound by the agreement whereas Apple isnt.
Which is irrelevant because being bound by an agreement has nothing to do with how you do something, if you understood what you were talking about you'd know that.

As i keep telling you it's possible to provide security vendors with a framework that allowed them to monitor various security-related events, such as file system access, process creation, and network connections without breaching the kernels ring 0 security privileges.
Your bizarre infatuation with a bunch of third countries trading arrangements is blinding you to the fact that the EU is essentially a protection racket to enable its own **** poor tech sector to leach of bigger and better non EU companies. Something which has now led to the largest IT outage in history.
What! What does that have to do with MS's decision not to provide security vendors with a framework that allowed them to monitor various security-related events?

e: Maybe it would help if we established your level of knowledge WRT kernel level security privileges, like do you even know what they are, what I'm referring to if i said the kernels protection rings?
 
Last edited:
Which is irrelevant because being bound by an agreement has nothing to do with how you do something, if you understood what you were talking about you'd know that.

As i keep telling you it's possible to provide security vendors with a framework that allowed them to monitor various security-related events, such as file system access, process creation, and network connections without breaching the kernels ring 0 security privileges.

What! What does that have to do with MS's decision not to provide security vendors with a framework that allowed them to monitor various security-related events?

e: Maybe it would help if we established your level of knowledge WRT kernel level security privileges, like do you even know what they are, what I'm referring to if i said the kernels protection rings?

Where is your evidence that the agreement with the EU says they could do that?

Where is the furious rebuttal from the EU?

As I said your bizarre obsession with a bunch of third countries trading arrangements is the problem.
 
Which is irrelevant because being bound by an agreement has nothing to do with how you do something, if you understood what you were talking about you'd know that.

As i keep telling you it's possible to provide security vendors with a framework that allowed them to monitor various security-related events, such as file system access, process creation, and network connections without breaching the kernels ring 0 security privileges.

What! What does that have to do with MS's decision not to provide security vendors with a framework that allowed them to monitor various security-related events?

e: Maybe it would help if we established your level of knowledge WRT kernel level security privileges, like do you even know what they are, what I'm referring to if i said the kernels protection rings?
Cut the kernel in half, count the rings, and you can age it approximately
 
Where is your evidence that the agreement with the EU says they could do that?
I literally just posted it, i even told you that's what they did with their driver framework back in the day. If you had at least some knowledge of what kernel protection rings were you'd have all the 'evidence' you'd want.
Where is the furious rebuttal from the EU?

As I said your bizarre obsession with a bunch of third countries trading arrangements is the problem.
Why would someone refute something that has nothing to do with them?

You're the one who's got a "bizarre obsession with a bunch of third countries trading arrangements", i keep trying to tell you it's got nothing to do with the EU but you keep beating that drum for some weird reason.
 
Microsoft shall ensure on an ongoing basis and in a Timely Manner that the APIs in the Windows Client PC Operating System and the Windows Server Operating System that are called on by Microsoft Security Software Products are documented and available for use by third-party security software products that run on the Windows Client PC Operating System and/or the Windows Server Operating System. These APIs will be documented on the Microsoft Developer Network, unless open publication would create security risks. In such circumstances, Microsoft will provide third-party security vendors with access to such APIs pursuant to a royalty-free license and on fair, reasonable and non-discriminatory terms.

For others reading, this would appear to be the particular clause from Microsoft's public undertaking in 2009 that they're pointing the finger at, saying it's all the EUs fault.

To me, all that says is that MS will offer third party security software access to the same APIs as it's own security software has - so if that by extension means third party security gets kernel access, that can only be because Microsoft has chosen that by setting its own products up that way.
 
I literally just posted it, i even told you that's what they did with their driver framework back in the day. If you had at least some knowledge of what kernel protection rings were you'd have all the 'evidence' you'd want.

Why would someone refute something that has nothing to do with them?

You're the one who's got a "bizarre obsession with a bunch of third countries trading arrangements", i keep trying to tell you it's got nothing to do with the EU but you keep beating that drum for some weird reason.

You are desperately tring to change the subject - no one is denying there could be an alternative technical solution - the issue is whether the EU agreement allows for that.

Lets try again...

Where is your evidence that the agreement with the EU says they could do that?

Where is the furious rebuttal from the EU?
 
For others reading, this would appear to be the particular clause from Microsoft's public undertaking in 2009 that they're pointing the finger at, saying it's all the EUs fault.

To me, all that says is that MS will offer third party security software access to the same APIs as it's own security software has - so if that by extension means third party security gets kernel access, that can only be because Microsoft has chosen that by setting its own products up that way.
Exactly. They could've chosen to write a framework that allowed them to monitor various security-related events, such as file system access, process creation, and network connections without compromising the kernels security, but instead they choose the path of least resistance and gave third-parties the same levels of access they had.
Just provide some evidence then.
I already have, the problem is you lack the knowledge to know that i have.
 
Exactly. They could've chosen to write a framework that allowed them to monitor various security-related events, such as file system access, process creation, and network connections without compromising the kernels security, but instead they choose the path of least resistance and gave third-parties the same levels of access they had.

I already have, the problem is you lack the knowledge to know that i have.
Just admit you cant provide ANY evidence and give it up, seriously.
 
You mean other than the mountains of evidence I've already provided that you lack the ability to recognise as such. :cry:

Keep digging man!

Lol someones kernels are in a panic.


Can someone else help us out and point out this evidence they have apparently posted that states the EU agreement allows for alternative solutions? There’s mountains apparently.
 
Back
Top Bottom