But defending Crowdstrike isn't at all surprising for the usual suspects.
The usual suspects proving they're nothing more than bots. Since when pushing an update that break systems to the point manual intervention on every affected machine is needed was ever defensible, even if you have a severe case of TDS.
The very notion seems insane to me in the IT age where your business is heavily dependent on the IT being up all the time no excuses accepted.
Given that beancounters can't put a price on downtimes until they actually happen or the productivity increases from implementing good IT, this will continue to happen. This is another reason why corporate cybersecurity is just a box ticking exercise giving the illusion everything is going well.
I have to imagine that this incident is a wake up call for a bunch of industries.
This incident has a convenient scapegoat, everyone will crucify Crowdstrike switch the EDR vendor and continue coasting in neutral. Hell Crowdstrike isn't even on the cheap side so the beancounters will be happy if the new vendor is cheaper.
I'm not a IT person but even so I know full well to test before deployment. Heck I won't update the kernel on my PC before I have confirmed that I have a recent Timeshift to draw from if need be.
You imply you're running a Linux distro so you're already a cut above the regular MBAs who have the business awareness of dementia patients.
Isn't it strange only Musk is the smart one to do this?
As a company you wouldn't exactly scream publicly what security systems you have deployed/removed since hackers can just focus on not being detected by X or Y solution. Musk has the clout to harm Crowdstrike's rep even further by announcing this shit publicly(though the outage already took it to the dumps).
Well according to them, they pushed a bad config/AV definition file(why the fuck would they make these end with .sys despite not being valid drivers is beyond me) causing the main AV driver to shit the bed when Windows is booting up which will can be seen by computer starting up, BSODing then rebooting again(though windows will detect this and offer recovery options but are useless if the C drive is encrypted).
If Windows already rebooted with the bad file there is nothing else to be done other then reinstalling the system or following the "fix" which involves booting the machine into safe mode(good luck on enterprise systems which have BitLocker and need the decryption key) and manually removing the file.
Welp, next time don't push updates directly to production without thorough testing. For fucks sake we're talking about code running in kernel mode. Maybe gamers will realise this kind of shit WILL happen(the bootloops) to them when Riot fucks up an update to Vanguard(or other anticheats, but at least the others will only cause a BSOD when the protected game starts up).
And now for the finger pointing game of Crowdstrike blaming a Windows update and Microsoft blaming them in return. While yes the kernel APIs are stable, AVs will often use undocumented stuff/methods that is subject to change with no notice.
how the hell is locally logging in to millions of servers and devices stuck in a bootloop a "fix"?
It's a fix as in it fixes the bootloop without having to format the whole system. The systems affected will bootloop as they will BSOD while Windows is booting and there is NOTHING else to be done if the update reached the system.
I understand that Windows Safe Mode is unavailable in encrypted devices, what do then?
It is available, but you need the Bitlocker recovery key which good luck finding the key on the AD domain controllers if those are affected by the boot loops(though keys can also be backed up on Microsoft Azure AD/Entra or if the sysadmin implemented another policy to back them up from AD). Bonus points if the devices are BIOS protected or have additional early boot security measures.
It's not even that discriminatory, fucking hell they were asking gay people to not be promiscuous degenerates for 6 months before donating. They probably have a similar rule for straight people not to fuck every whore they can grab for 6 months.
But still they really want to brag they're fucking anything that moves, aren't they? Because how the fuck is the blood center going to check you're honest about your sexual history
dedicated servers instead of shitty centrally controlled matchmaking
CS2 still has support for community dedicated servers(yes, real community servers not Battefield 3 and newer's bullcrap, you're free to download the server files and host at your own leisure), and the only people seething about cheaters are those climbing the centrally controlled matchmaking ladder.
FaceIT players(which use a draconian 3rd party anti-cheat) and casual players don't care
Oh yeah, and then get everyone fined and jailed for merely questioning Biden's mental faculties. Because this is EXACTLY what will happen.
For AMD i'm not aware of such methods .
But for Intel there is the me_cleaner project but it seems to be dead(is a bunch of scripts that lets you modify the BIOS to remove ME/enable the ME killswitch bit, but it will require you to get an external programmer) but how effective it is depends on how new the CPU is.
- CPUs up to Nehalem, can have the whole ME firmware removed rendering it completely useless.
- CPUs from Nehalem up to Broadwell, the ME bootloader is preserved to disarm the killswitch in case ME is damaged(in case ME is damaged the PC will automatically shut off after 30 minutes)
- Newer CPUs is not really effective as more core parts of ME need to be present
- But researchers also discovered a bit(the HAP bit) in the ME firmware that once turned on ME becomes inoperable after initializing the ME hardware and disabling the PC automatic shutoff, but not sure how much you can trust it.
Why won't riot games release a linux version.
They knew how many were playing on linux and decided it wasn't worth the effort. Hell even the macOS client is stuck in support limbo(macOS 12,13 along with ARM macs are not "supported" and 14 is not even mentioned on the page) and I expect them to completely ditch it when Apple drops x86 support
If the "great firewall of china" actually worked, chinks would be stuck in their containment zone even without the Tiananmen reference. Though at least when I used to play CSGO(like 10 years ago) russians were the avoid at all costs players back then, how naive could have I been.
I kept wondering if people were being hyperbolic
Well vgk.sys(the vanguard driver) according to the PE header does import(which means the code calls at some point) KeBugCheck which is the function Windows or a driver can call to cause the BSOD when shit is FUBAR(or the driver is misbehaving in case of Windows calling it), so the hyperbole is not entierly unbelievable.
Other suspicious(no I don't call it a spyware since there are legitimate uses for drivers to call these APIs such as logging, but crypto stuff is a bit more suspicious) stuff I can see is ZwReadFile and ZwWriteFile which are the file reading/writing APIs, and BCryptDestroyHash+BCryptCloseAlgorithmProvider which are used to free encrypted data from memory and close the handle to the encryption engine but those don't make much sense since the counterpart open functions are missing from the import table. But again Windows programs and drivers can load DLLs and import functions at runtime so maybe they're used(or functions for malicious stuff that I can't see through the PE import/export table) just not obviously.
Though to see when and how I would need to fully reverse engineer the driver which I totally won't do because of the layers of obfuscation. Maybe someone autistic enough will do the reverse engineering for us to see how much of a spyware it is(or isn't)
Valve uses VAC and has always used VAC, it is incredibly unlikely they would ever use a different anti-cheat imo.
What OP is worrying about is Valve reworking VAC into a kernel anticheat. Right now VAC is a usermode anticheat based around detecting signatures of anticheat programs/signs of tampering with the game(sometimes overdoing it as AMD users were flagged as cheaters when AntiLag+ was released with a driver update, though those bans were reversed).
I believe the same spyware is coming to LoL and their other games as well at some point, if it hasn't already.
They already added it to League, but only to the Windows version. The macOS client uses "an alternative version"(though I presume once Apple drops x86 emulation from macOS, the mac client will die with it), and Linux users that used Wine to play League were thrown under the bus
I would not be shocked if even Valve get desperate about the cheaters in their games and they go all in on anti-cheat spyware.
I would be, because it would mean throwing their investments in Linux down the drain to chase an unatainable goal. Cheat development is an arms race, you wouldn't be hearing about DMA cheats 10 years ago, but you hear them now as viable options to be undetectable by Vanguard(and Rito has to just suck it unless someone figures out cloud gaming and forces it down our throats).
And kernel anticheats on linux is a sisyphean task at best that even the kernel anticheats on Windows that work under Proton(EAC,Battleye) are stuck with usermode protection when running on Linux.
Linux is not designed to work with drivers outside the mainline tree and maintainers don't give a fuck about compatibility, and distros have to resort to providing patches and workarounds such as dkms so that when the kernel is updated the driver is automatically recompiled(and actually succeed) to the latest kernel. Windows' driver interface is so stable that you generally can run Windows 7 drivers under 10/11(with some exceptions like GPU drivers) and the only thing you might get is a compatibility warning.
Valve is still earning millions in CS2 cases and marketplace fees despite the cheating problems in matchmaking, so I doubt they would do something this drastic.
any of us who give a shit about the state of games should not be installing modern multiplayer games at all at this rate.
Not that modern multiplayer games are actually worth playing or anything. All of them are pretty much liveservice slop designed with the age old motto of don't ask questions, just consoom product and then get excited for next product.
There are already a bunch of stores I can't order from online (in Canada) because of visa's two-factor authentication
Meanwhile the EU already mandates all online stores based in the EU to implement 2FA on their payments(and almost every merchant has implemented 3D Secure).
It requires you receive a code on your smartphone to authorize your order, and I don't have one.
Visa/Mastercard's 3D secure implementation only provides a gateway to the bank's systems(or at least that's how it works for me, I get shown my bank's landing page where i'm asked for credentials/confirmation within the app), how a transaction is confirmed is up to each bank. My bank(it's an EU one) has a fallback on SMS+a password you set with the bank in case you don't have their app.
Welp my guess is it will work like Apple Pay. They've just announced they would allow apple pay to work outside of Apple devices/browsers by showing you a code you could scan with your iPhone to pay for shit through Apple Pay.
But 2030 is too far in the future, so we don't know how much freedom of implementation is in the banks for their customers and payment providers like Stripe for the merchants and how janky the whole shtick will be.
Nah. What will increase is nigs now asking you at knifepoint to enroll their fingerprint/face before stealing your phone so they can actually pay for shit with your card. And given it's europe, well no guns to defend yourself
gets some proper corpo backing for a real normie distro people can finally use.
We're already getting DIE purity testing in the OSS projects managed under Redhat/IBM. Just let computing for normies die, they clearly don't need it and make things worse for everyone.
Reddit is already ahead of you, with /r/animemes banning the word "trap" a few years ago, because it "may be" offensive to troons
You don't need to be amazing at games to be able to spot a hacker, you simply don't, there are blatant signs you can watch for. Again, I'm not amazing at gaming, but even I can tell when people are being whiners versus an actual hacker in the midst like others have said there's things like snapping behaviour and totally impossible shots that happen when people are hacking because when hacking does happen it's pretty blatant.
Meanwhile Riot Vanguard shills(Valorant and soon League of Legends's kernel anticheat) are gaslighting players who encounter cheaters because they unironically believe that Vanguard is infailable(it isn't, not even close and only raised the bar for cheating, you can cheat all you want with a 20$ microcontroller, or if you have the money another computer and a DMA card, or heck just use a cheat disguised as a bootkit) and cheaters only exist in your head.
Kernel level anti-cheat is another thorny issue that seems to be affecting enthusiasm for multiplayer quite a lot because no one wants have that kind of shady shit on their PC just to play a game.
I think the issue became prevalent because of Riot Vanguards requirement to load very early in the boot process and if you dared to stop it you had to reboot before you could play any Vanguard protected games instead of the anticheat driver loading with the game and unloading itself after you finish, like you know every other kernel anticheat under the sun.
People critical of corporate sponsored FOSS are probably laughing their asses off for being proven right. At the very least the +NIGGER license will finally get its use as a repellent against DIE shills.
Switzerland did not join the EU
Not that it matters, they're in the Schengen area so no real border controls unless you're flying in and EU+EEA citizens minus Croatia can exercise their free movement rights without restrictions(so it won't even matter if they don't take refugees if another EU state does and gives them citizenship), and most of the EU policies still apply while giving up the "representation" EU citizens get in the EU parliament.
Not that """"""""""""""""""localizers"""""""""""""""""" aren't already doing this full time or anything
Just because a complaint was filed doesn't actually mean eurocrats would have sided with Symantec. Though Microsoft certainly wouldn't have helped their case given Live OneCare was advertised within windows.
And that YCombinator poster is sorta wrong, what Microsoft intended to prevent was AV makers from patching(or rather brain surgery while being awake) the Windows kernel(yes they were THAT intrusive) not remove kernel drivers altogether. Instead after the complaint MS just extended the filtering APIs(which are more useful in kernel mode rather than user mode if accessible and are a more cooperative way of doing things) and maintained KPP(hell VBS is an offshoot of it by using virtualization to further prevent unauthorized patching)