Comment on CrowdStrike unhappy with “shady commentary” from competitors after outage
JigglySackles@lemmy.world 2 months agoIn what way did Microsoft fuck up? They don’t control Crowdstrike updates. Short of the OS files being immutable it seems unlikely they can stop things like this.
themeatbridge@lemmy.world 2 months ago
Microsoft gave CrowdStrike unfettered access to push an update that can BSOD every Windows machine without a bypass or failsafe in place. That turned out to be a bad idea.
CrowdStrike pushed an errant update. Microsoft allowed a single errant update to cause an unrecoverable boot loop. CrowdStrike is the market leader in their sector and brings in hundreds of millions of dollars every year, but Microsoft is older than the internet and creates hundreds of billions of dollars. CrowdStrike was the primary cause, but Microsoft enabled the meltdown.
patrick@piefed.social 2 months ago
Microsoft did not "give Crowdstrike access to push updates". The IT departments of the companies did.
The security features that Crowdstrike has forces them to run in kernel-space, which means that they will have code running that can crash the OS. They crashed Debian in an almost identical way (forced boot loop) about a month before they did the same to Windows.
Yes, there are ways that Microsoft could rewrite the Windows kernel architecture to make it resistant to this type of failure. But I don't think there are very many other commercial OS's that could stop this from happening.
breg@sh.itjust.works 2 months ago
You’re absolutely right, here is an in-depth explanation from Dave Plummer, the guy who wrote the task manager: youtu.be/ZHrayP-Y71Q
Passerby6497@lemmy.world 2 months ago
They have to give that access by EU ruling: