Airlines relying on Windows.
Sometimes I do feel afraid.
Dude, every bit of critical infrastructure around you is running Windows XP and McAfee ePO. The shit hidden in segregated control networks would make a security researcher from 2009 cringe.
I just did a fresh install of Windows 7 this week.
Whoa! Slow down! Does the plant manager know you’re on the bleeding edge?
Don’t worry, it was 32-bit.
Fucking ENS
Where I live infrastructure is actually a bit more modern, but I have seen Windows XP, 2003, 2008 very recently too.
I am thrilled right now that our company only started relying on cloud resources a few years ago and still don’t use services like this… I hope this is a wake-up call to them, so we never use something like this. I know the execs finally realized the cloud is not cost effective, and I hope we keep it a mixed bag instead of going in fully. I have been in IT for 18 years now, and thankfully, I have never had to deal with a disaster like this. Another close call was outsourcing our IT service desk to a company, and they wanted us to put agents on our pc’s so they could do their job easier. Luckily, our network team said absolutely not. Sure enough, that same year at Christmas time, they got hit with a crypto attack, and instead of having to deal with the agents, we just shut down the tunnel, and we’re fine. A lot of their clients were not so lucky. Screw the cloud and 3rd party services… it doesn’t save what you think, and you get poor services in return a lot of the time.
Clearly didn’t resolve it that well considering that most of a continent is out now
Ouch that’s going to hurt the share price
https://finance.yahoo.com/quote/CRWD/
Not enough… only down 8.9% and it even rebounded overnight…
Corporate behemoths are going to keep doing what they do best.
Their ISO-whatever certification says they gotta get that kind of software, so they do. Whether it is found to actually increase business risk does not matter in the slightest, what matters is that a box is checked for the audit.
It’s like Oracle or IBM, who did not contribute anything of value to the world since about 2005 and notoriously have some of the most aggressive licensing lawyers on the planet. But there are lots of companies out there who sort a product segment from Old to New and pick the first result on account of the fact that it’s “established”, “reputable” and “reliable”, every other consideration be damned.
This was a separate outage unrelated to CrowdStrike a few hours earlier that took down a couple of airlines as well.
A majority of the VMs in the Azure CentralUS datacenter went down due to some sort of backend storage issue.
Somebody’s getting fired and that company is getting sued. I’m very curious how much this outage will have ended up costing the global economy.
Time to switch to alternatives
Incidentally CrowdStrike has a Linux agent and my previous company was pushing us to install it to check another box on their Cyberliability insurance form. So this could just as easy happen there too.
Alternatives😏
It isn’t a Microsoft issue in the first place. Doesn’t mean switching to alternatives isn’t a good idea, but this one isn’t on them for a change.
It’s an argument for decentralization. An argument that won’t be heeded.
Monocultures are like this, yes. The reason bananas are less tasty than they were 100 years ago.
In a way it is a Microsoft problem. Windows can’t handle live updates to the system like Linux can. Security updates mean downtime to be scheduled. So they need a program to do security, so CrowdStrike comes in to do security for these companies since Microsoft can’t protect them. And mistakes happen.
Security definition updates can be installed without rebooting.
And Crowdstrike is a more advanced system compared to normal antivirus you would use at home. It’s an endpoint protection system that does more than scan for viruses.
Microsoft offers their own alternative called Microsoft Defender for Endpoint.
Both Crowdstrike and Microsoft Defender for Endpoint are available on Windows, MacOS, and Linux.
Ah so it’s a linux problem when the gpu driver causes instability, cause NVidia is making a shitty and proprietary linux driver and the market share is too small to warrant putting more effort in. Linux doesn’t have it’s own fully-featured graphics driver, so that company has to come in and provide their own since linux can’t supply it. And mistakes happen. Roughly the same logic.
That’s not linux fault. Neither is it Microsofts fault when a company selling a security product decides it has to run in kernel mode and then they don’t properly test a release and just decide to yolo it.
Yes. You’re right. All OSs have their faults. But this is one of window’s faults.
But this is a Microsoft problem mostly because all the news reports are saying it is.
Anyone in Microsoft sales or marketing is going to have a tough time for a while.
You know the kind of companies that do this nonsense on windows have the same incentives and give the same access to third party “security” tools on Linux?
Windows sucks. But the fact that it’s windows they broke is dumb luck.