Comment on CrowdStrike Isn't the Real Problem
LrdThndr@lemmy.world 4 months agoHow would it not have? You got an office or field offices?
“Bring your computer by and plug it in over there.” And flag it for reimage. Yeah. It’s gonna be slow, since you have 200 of the damn things running at once, but you really want to go and manually touch every computer in your org?
The damn thing’s even boot looping, so you don’t even have to reboot it.
I’m sure the user saved all their data in one drive like they were supposed to, right?
I get it, it’s not a 100% fix rate. And it’s a bit of a callous answer to their data. And I don’t even know if the project is still being maintained.
But the post I replied to was lamenting the lack of an option to remotely fix unbootable machines. This was an option to remotely fix nonbootable machines. No need to be a jerk about it.
Brkdncr@lemmy.world 4 months ago
Because your imaging environment would also be down. And you’re still touching each machine and bringing users into the office.
Or your imaging process over the wan takes 3 hours since it’s dynamically installing apps and updates and not a static “gold” image. Imaging is then even slower because your source disk is only ssd and imaging slows down once you get 10+ going at once.
I’m being rude because I see a lot of armchair sysadmins that don’t seem to understand the scale of the crowdstike outage, what crowdstrike even is beyond antivirus, and the workflow needed to recover from it.
LrdThndr@lemmy.world 4 months ago
FOG ran on Linux. It wouldn’t have been down. But that’s beside the point.
I never said it was a good answer to CrowdStrike. It was just a story about how I did things 10 years ago, and an option for remotely fixing nonbooting machines. That’s it.
I get you’ve been overworked and stressed as fuck this last few days. I’ve been out of corporate IT for 10 years and I do not envy the shit you guys are going through right now. I wish I could buy you a cup of coffee or a beer or something.
Brkdncr@lemmy.world 4 months ago
Last time I used fog it was only doing static image deployment which has been out of style for a while. I don’t know if there are any serious deployment products for windows enterprise that don’t run on windows.
I’m personally not dealing with this because I didn’t like how Crowdstrike had answered a number of questions in their sales call.
Avoiding telling me their vuln scan doesn’t prob be all hosts after claiming it could replace a real vuln scanner, claiming they are somehow better than others at malware detection without bringing up 3rd party tests, claiming how their product was novel when others have been doing the same for 7+ years.
My fave was them telling me how much easier it is to manage but no one on the call had ever worked as a sysadmin or even seen how their competition works.
Shitshow. I’m so glad this happened so I can block their sales team.
timewarp@lemmy.world 4 months ago
Imaging environment down? If a sysadmin can’t figure out how to boot a machine into recovery to remove the bad update file then they have bigger problems. The fix in this instance wasn’t even re-imaging machines. It was merely removing a file. Ideal DR scenario would have a recovery image already on the system that can be booted into remotely, so there is minimal strain on the network. Furthermore, we don’t live in dial-up age anymore.
Brkdncr@lemmy.world 3 months ago
Imaging environment would be bitlocker’d with its key stuck in AD which is also bitlocker’d.
catloaf@lemm.ee 3 months ago
Only if you’re not practicing 3-2-1 with your backups.