Musk Says He’s Deleted CrowdStrike From Systems After Outage
(www.bloomberg.com)
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (61)
sorted by:
Just did some digging, and would you know it, the EU that normie-baiters (such as Asmongold) love is partially responsible. And yes, not grasping that 99% of anti-trust is fundamentally capricous and arbitrary (aka fake and gay) indicates deficient higher-order reasoning. Anti-trust is oft about two big competitors undergoing regulatory capture, and bureaucrats self-justifying jobs rather than the general welfare.
Just because a complaint was filed doesn't actually mean eurocrats would have sided with Symantec. Though Microsoft certainly wouldn't have helped their case given Live OneCare was advertised within windows.
And that YCombinator poster is sorta wrong, what Microsoft intended to prevent was AV makers from patching(or rather brain surgery while being awake) the Windows kernel(yes they were THAT intrusive) not remove kernel drivers altogether. Instead after the complaint MS just extended the filtering APIs(which are more useful in kernel mode rather than user mode if accessible and are a more cooperative way of doing things) and maintained KPP(hell VBS is an offshoot of it by using virtualization to further prevent unauthorized patching)
Thanks, I'm not that intimately knowledgeable about Windows or malware, and only use it for some games. What I found interesting from HN is that some company had crowdstrike on a Debian machine and that it hosed that system (not recently) due to a specific version and configuration crowdstrike didn't test. To me crowdstrike seems irrelevant for linux land, as opposed to other enterprise practices such as apparmor/selinux and app sandboxing, but I'm not a corporate sysadmin. I originally was on hacker news to skim how newsworthy crowdstrike was before this incident.
I've heard about those issues, but it wasn't exactly caused by Crowdstrike itself(though having it would trigger it). Rather it was caused by a Linux kernel patch that broke something in eBPF(the module responsible with providing filtering capabilities in Linux) which Crowdstrike uses in lieu of a kernel driver(though you can switch if you want, and a temporary workaround was exactly that). A similar system is available on macOS too, and Apple actively discourages kernel drivers(or kexts as they're called).
Windows unfortunately is rather limited with regard security applications that don't use a kernel driver.