I'm seeing some real time, grade-A consent manufacturing regarding this massive crowdstrike outage. Every article I see blames Microsoft. I have no love for Microsoft, but they were not to blame. The people who are too blame are crowdstrike, the software company who deployed the broken update that caused the outage.

* Puts on immaculately thought out tinfoil hat *

Crowdstrike is more a piece of US surveillance tech than it is an actual security suite. In essence it can take any data from a device it is installed on and can execute any command on those devices (due to the way the software very tightly integrated with the windows operating system, bypassing security on the OS). A powerful tool when you consider that the US government can subpoena any us corporation to hand over the information they hold.

Now, crowdstrike had a huge market share, but you can bet that after this event people are going to be less willing to use it, and this will result in the US losing a huge part of its surveillance network. People don't care what security suite they use, so long as it works, so people are going to switch.

Cue the absolute deluge of articles I've been seeing blaming this on Microsoft. An operating system so ingrained into the business world that no-one is going to switch to an alternative, no matter how much they fuck up. They can take the heat and mitigate the damage to crowdstrike. Thus preserving the US state surveillance appetatus.

* Tin foil hat removed and placed back into its extremely well thought out box *

What do people think?

  • CarbonScored [any]
    ·
    edit-2
    4 months ago

    they were not to blame

    Hard disagree. Both Crowdstrike and Microsoft are to blame here. Crowdstrike are obviously stupid for pushing out a broken update to everyone. But Microsoft are also stupid for not doing driver validation, as well as not making their OS stack tolerant of driver faults.

    For the record, the Linux kernel automatically does driver verification to prevent this happening, Microsoft deliberately opted not to do that in favour of their own paid-for certification program. This wasn't an unforeseen problem, it was a problem they purposefully avoided addressing in favour of money and vendor control. At least Crowdstrike's failure was a genuine accident.

    Yes, Crowdstrike slammed the table hard, but Microsoft actively chose to make the wobbly legs that snapped.

      • CarbonScored [any]
        ·
        edit-2
        4 months ago

        Yes? Of course crashes still occur in Linux. That bug is not a driver issue, but a kernel instruction issue.

        It should also be noted that although that bug was solely seen with Crowdstrike, the actual panic was recognised as a bug and fixed on the kernel side. So the Linux project took responsibility and fixed their side. Most notably, the issue you linked wasn't actually caused by previous negligence.

          • CarbonScored [any]
            ·
            edit-2
            4 months ago

            As I mentioned, that isn't an issue with driver verification. In fact, the bug only seems to apply in user mode, rather than kernel mode.

            • git [he/him, comrade/them]
              ·
              4 months ago

              In fact, the bug only seems to apply in user mode, rather than kernel mode.

              Yes that’s the point. User mode required it to go through eBPF which does verification, which had a bug that caused panics. It could have been any program, it being crowdstrike was incidental. My point is that “this wouldn’t have happened on Linux because reasons” isn’t necessarily true.

  • buckykat [none/use name]
    ·
    4 months ago

    It is micro$oft's fault actually for having a major hand in building this current hell of proprietary software and cloud bullshit we're all trapped in.

    • Flyberius [comrade/them]
      hexagon
      ·
      4 months ago

      Fine, but I don't think that really addresses the specific thing I'm getting at here.

      • buckykat [none/use name]
        ·
        4 months ago

        Even if cloudstrike does go under as a company it won't really change the surveillance "security" situation because companies will still prefer to pay cloudstrike's successor rather than paying actual employee(s) to do cybersecurity.

  • peto (he/him)@lemm.ee
    ·
    4 months ago

    I'd say MS gets a small cut of the blame for signing a driver that didn't properly validate it's input, allowing this to happen, but yeah you are right, the problem definitely sits in crowdstrike and it's status as a premium rootkit. Ultimately, it doesn't matter if you run MS, Apple or Linux. If you install someone's kernel level backdoor, they own your machine.

    Unfortunately I expect anything these businesses move to be state-vulnerable just the same. Some might go down the open source + in house team route but that is seen as an expensive and wasteful route by capitalists.

  • BynarsAreOk [none/use name]
    ·
    edit-2
    4 months ago

    Simpler explanation is blaming MS generates more views and clicks than a random company 99.9% never heard of specialy when you can use some hand wavy circumstantial evidence to support that.

    The media doesn't care about "truthful" or "responsible" journalism(if you believe these words have meaning). Its all a business now so who actualy cares? MS is a megacorp, they'll do fine regardless.

  • Runcible [none/use name]
    ·
    4 months ago

    Separate from technical concerns it is OK to blame Microsoft because they are trying to argue they could have stopped this if it wasn't for those pesky EU regulations

  • EatPotatoes [none/use name]
    ·
    4 months ago

    Good luck trying to get over the ingrained security by obscurity notion that open source software is vulnerable by the nature of source code being widely readable. This isn’t business type brain worms but the IT workers and consultants who can’t manage a server unless it has the same attack surface of a desktop interface they have used their whole lives.

    Network booting or VDI are criminally underrated. This shouldn’t happen but when it does and you have thousand of endpoints that fail it should be as easy to going back to a previous snapshot. Especially with the latest in atomic updates like silver blue or micro os.

    As for web services. I still mourn unikernals. Fight me.

  • LanyrdSkynrd [comrade/them, any]
    ·
    4 months ago

    Microsoft is a good target because they've been in the news for their culpability in the Solarwinds hacks. They managed to get off the hook at the time, placing the blame on their users, when they were absolutely at fault for it. The media bought Microsoft's bullshit deflections to the point that they still call it Solarwinds when referencing the hacks, even though it's clear now that MS should get much more of the blame. They had plenty of warning that their MFA system had a fundamental flaw and made a deliberate business decision to ignore it because they wanted to win a big government contract.

    My guess is the media doesn't want to be fooled again, but I could be wrong about that.

  • Dr. Jenkem@lemmy.blugatch.tube
    ·
    4 months ago

    I don't think so. As far as I know, crowdstrike Falcon is really only marketed and sold to corporations. It runs on your employer owned devices, not your personal devices.