Musk Says He’s Deleted CrowdStrike From Systems After Outage - Kotaku In Action 2

Musk Says He’s Deleted CrowdStrike From Systems After Outage (www.bloomberg.com)

posted 123 days ago by Questionable 123 days ago by Questionable +69 / -0

61 comments

61 comments share save hide report block hide replies

You're viewing a single comment thread. View all comments, or full comment thread.

Comments (61)

sorted by:

▲ 1 ▼

– smokeypanda PRO 1 point 122 days ago +1 / -0

Thanks, I'm not that intimately knowledgeable about Windows or malware, and only use it for some games. What I found interesting from HN is that some company had crowdstrike on a Debian machine and that it hosed that system (not recently) due to a specific version and configuration crowdstrike didn't test. To me crowdstrike seems irrelevant for linux land, as opposed to other enterprise practices such as apparmor/selinux and app sandboxing, but I'm not a corporate sysadmin. I originally was on hacker news to skim how newsworthy crowdstrike was before this incident.

permalink parent save report block reply

▲ 1 ▼

– NotCreativeName 1 point 120 days ago +1 / -0

What I found interesting from HN is that some company had crowdstrike on a Debian machine and that it hosed that system (not recently) due to a specific version and configuration crowdstrike didn't test.

I've heard about those issues, but it wasn't exactly caused by Crowdstrike itself(though having it would trigger it). Rather it was caused by a Linux kernel patch that broke something in eBPF(the module responsible with providing filtering capabilities in Linux) which Crowdstrike uses in lieu of a kernel driver(though you can switch if you want, and a temporary workaround was exactly that). A similar system is available on macOS too, and Apple actively discourages kernel drivers(or kexts as they're called).

Windows unfortunately is rather limited with regard security applications that don't use a kernel driver.

permalink parent save report block reply