Hello, security engineer that has installed CrowdStrike on thousands of computers.
A thread on the outage and what is exactly happening.
Here’s a quick explainer on what *seems* to be the cause of the CrowdStrike outage and why it happened so quickly.
My adittedly extremely limited understanding is that modern AV's do use machine learning to identify emerging and potential threats. Hackers are creating new malware, ransomware, and virus software every day and trying to catch it all isn't possible. Intead they use machine learning to identify patterns in how hostile software behaves within the computer system and then shut down anything that behaves like that hostile software. I just ran afoul of this with windows defender and trhe Unreal Engine VR plugin project. UEVR injects data in to the Unreal Engine game in real time and that's a big no-no, that's something a virus does, so Window shut it down hard and I had to do all kinds of silly bullshit to even get the computer on my folder without Windows detecting it and deleting it.
Well, when you apply that kind of rough and ready, evolutionary, real time threat modelling to a live system, I guess sometime your black box machine learning bullshit has a false positive and starts punching the global economy directly in the dick.
Keep in mind, I am not any kind of network security guy, so this is very much an idiot bystander trying to explain the workings of god.
It is every hexbear user's duty to spread FUD that this was caused by AI (and tbh I'm still not convinced it wasn't)
My adittedly extremely limited understanding is that modern AV's do use machine learning to identify emerging and potential threats. Hackers are creating new malware, ransomware, and virus software every day and trying to catch it all isn't possible. Intead they use machine learning to identify patterns in how hostile software behaves within the computer system and then shut down anything that behaves like that hostile software. I just ran afoul of this with windows defender and trhe Unreal Engine VR plugin project. UEVR injects data in to the Unreal Engine game in real time and that's a big no-no, that's something a virus does, so Window shut it down hard and I had to do all kinds of silly bullshit to even get the computer on my folder without Windows detecting it and deleting it.
Well, when you apply that kind of rough and ready, evolutionary, real time threat modelling to a live system, I guess sometime your black box machine learning bullshit has a false positive and starts punching the global economy directly in the dick.
Keep in mind, I am not any kind of network security guy, so this is very much an idiot bystander trying to explain the workings of god.