Musk Says He’s Deleted CrowdStrike From Systems After Outage - Kotaku In Action 2

Musk Says He’s Deleted CrowdStrike From Systems After Outage (www.bloomberg.com)

posted 123 days ago by Questionable 123 days ago by Questionable +69 / -0

61 comments

61 comments share save hide report block hide replies

You're viewing a single comment thread. View all comments, or full comment thread.

Comments (61)

sorted by:

▲ 2 ▼

– NotCreativeName 2 points 122 days ago +2 / -0

the EU that normie-baiters (such as Asmongold) love is partially responsible.

Just because a complaint was filed doesn't actually mean eurocrats would have sided with Symantec. Though Microsoft certainly wouldn't have helped their case given Live OneCare was advertised within windows.

And that YCombinator poster is sorta wrong, what Microsoft intended to prevent was AV makers from patching(or rather brain surgery while being awake) the Windows kernel(yes they were THAT intrusive) not remove kernel drivers altogether. Instead after the complaint MS just extended the filtering APIs(which are more useful in kernel mode rather than user mode if accessible and are a more cooperative way of doing things) and maintained KPP(hell VBS is an offshoot of it by using virtualization to further prevent unauthorized patching)

permalink parent save report block reply

▲ 1 ▼

– smokeypanda PRO 1 point 122 days ago +1 / -0

Thanks, I'm not that intimately knowledgeable about Windows or malware, and only use it for some games. What I found interesting from HN is that some company had crowdstrike on a Debian machine and that it hosed that system (not recently) due to a specific version and configuration crowdstrike didn't test. To me crowdstrike seems irrelevant for linux land, as opposed to other enterprise practices such as apparmor/selinux and app sandboxing, but I'm not a corporate sysadmin. I originally was on hacker news to skim how newsworthy crowdstrike was before this incident.

permalink parent save report block reply

▲ 1 ▼

– NotCreativeName 1 point 120 days ago +1 / -0

What I found interesting from HN is that some company had crowdstrike on a Debian machine and that it hosed that system (not recently) due to a specific version and configuration crowdstrike didn't test.

I've heard about those issues, but it wasn't exactly caused by Crowdstrike itself(though having it would trigger it). Rather it was caused by a Linux kernel patch that broke something in eBPF(the module responsible with providing filtering capabilities in Linux) which Crowdstrike uses in lieu of a kernel driver(though you can switch if you want, and a temporary workaround was exactly that). A similar system is available on macOS too, and Apple actively discourages kernel drivers(or kexts as they're called).

Windows unfortunately is rather limited with regard security applications that don't use a kernel driver.

permalink parent save report block reply