Comment on CrowdStrike downtime apparently caused by update that replaced a file with 42kb of zeroes
ChairmanMeow@programming.dev 3 months agoIf AV suddenly stops working, it could mean the AV is compromised. A BSOD is a desirable outcome in that case. Booting a compromised system anyway is bad code.
CeeBee_Eh@lemmy.world 3 months ago
You know there’s a whole other scenario where the system can simply boot the last known good config.
ChairmanMeow@programming.dev 3 months ago
And what guarantees that that “last known good config” is available, not compromised and there’s no malicious actor trying to force the system to use a config that has a vulnerability?
CeeBee_Eh@lemmy.world 3 months ago
The following:
There’s a load of other checks that could be employed. This is literally no different than securing the OS itself.
This is essentially a solved problem, but even then it’s impossible to make any system 100% secure. As the person you replied to said: “this is poor code”
ChairmanMeow@programming.dev 3 months ago
The 3rd party service is AV. You do not want to boot a potentially compromised or insecure system that is unable to start its AV properly, and have it potentially access other critical systems. That’s a recipe for a perhaps more local but also more painful disaster. It makes sense that a critical enterprise system does not boot if something is off. No AV means the system is a security risk and should not boot and connect to other critical/sensitive systems, period.
These sorts of errors should be alleviated through backup systems and prevented by not auto-updating these sorts of systems.
Sure, for a personal PC I would not necessarily want a BSOD, I’d prefer if it just booted and alerted the user. But for enterprise servers? Best not.