MS gives them access, so they’re responsible.
Comment on Microsoft points finger at the EU for not being able to lock down Windows
admin@lemmy.my-box.dev 3 months ago
Personally, I don’t see the issue. Microsoft shouldn’t be responsible for when a third party creates a buggy kernel module.
And when you, as a company, decide to effectively install a low-level rootkit on all your machines in hopes that it will protect you against whatever, you accept the potential side effects. Last week, those side effects occurred.
0x0@programming.dev 3 months ago
admin@lemmy.my-box.dev 3 months ago
I disagree. As someone else in this thread said: if you compile a buggy Linux driver that crashes the system, it’s still the fault of the driver.
0x0@programming.dev 3 months ago
I’m not exempting Crowdstrike and I’m not sure the comparison holds: linux is a kernel, mot a corporation.
Try Ubuntu or RedHat, would they be liable?
admin@lemmy.my-box.dev 3 months ago
My answer might surprise you, but no. Your source code, your binary, your responsibility. Not that of the platform, the compiler, or the company that supplies it.
cheddar@programming.dev 3 months ago
Linux does not certify drivers though. Microsoft does.
admin@lemmy.my-box.dev 3 months ago
It is my understanding that this driver had not been (re) certified by Microsoft, though. So in that case, I stand by my statement.
If it had been, I’d agree with that blame.
henrikx@lemmy.dbzer0.com 3 months ago
I bet you love your locked down iPhone too
0x0@programming.dev 3 months ago
Why would I buy an Apple product?
NOT_RICK@lemmy.world 3 months ago
Come on, conform to their baseless assumptions so their insult can stick!
OfCourseNot@fedia.io 3 months ago
Hard to say yet, if Microsoft is responsible or not. The thing is they certified it, as a stable and tested driver. But it isn't just a driver, but an interpreter/loader that loads code at runtime and executes it. In kernel mode. If Microsoft knew this they're definitely responsible for certifying it, but maybe crowdstrike hid this behavior until it was deployed to the customers.
zewm@lemmy.world 3 months ago
It was my understanding that this wasn’t certified. Crowdstrike circumvented the signing process.
Railcar8095@lemm.ee 3 months ago
The driver was signed, the issue was with a configuration file for that’s not part of the driver.
cheddar@programming.dev 3 months ago
A configuration file shouldn’t crash the kernel. I don’t understand how this solution could pass the certification. I don’t know the criteria of course, but on the surface it sounds like Crowdstrike created a workaround, and Microsoft missed or allowed it.
mriguy@lemmy.world 3 months ago
Maybe it should be. At least part of the package that’s signed.