You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!
Crowdstrike is having massive problems with my brokerage program showing problems also. Is the net going to become more and more of an area of conflict and concern? Any thoughts or comments and solutions or lack there of would be appreciated. This is like the problem with car dealers software a week ago. It this a stability or security problem? Any thoughts or solutions sought and welcomed. Is everyone using random number key fobs part of the solution?
I previously spent a lot of years managing enterprise scale (100,000)+ Windows and other OS services.
The trend is getting worse over time from a corporate perspective because of the following loop:
- The # of threats are increasing over time
- Companies react to these threats by adding new security measures and tools
- The attack footprint of the PC increases due to now having more security tools, requiring even more security processes to protect that larger footprint
- Migration from local apps to the cloud with hybrid apps increases the footprint further*
(As you can imagine this loop also causes ever worsening PC performance issues — which is why I was really happy to see e-cores become a thing — when you run an enterprise with 45+ security, forensics, and other monitoring/logging/update agents, the ecores are invaluable in preventing your laptop from melting dow).
The “solution” from a corporate perspective that’s rarely/never implemented (in my experiences):
- Use native tools whenever possible (i.e. Microsoft, Apple). (smallest attack footprint)
- Question every single requirement (+ make sure requirements document ‘why’ not just ‘what’)
- Question requirements regularly (i.e. there should be at least annual baseline reviews with authority to remove old requirements)
- Avoid implementing anything that touches the kernel
- Do not get stuck in the ‘single pane of glass’ vendor lock-in trap - use the right (minimal) tool(set) for the right job
- Implement mandatory weekly reboots for performance and security as this ensures security updates “stick” and the machine is really ready for the next patch (side benefit, reduces calls to the help desk)
- Keep firmware up to date (very rarely done in corporate IT)
*P.S. This part of the loop affects consumers heavily too
@Arthur Hanson , this was cybersecurity gone bad, a bad cross between a CrowdStrike update defect and Windows. I’ve always had problems Windows fragility due to it’s long term binary compatibility roots and vulnerable configuration files. The Linux and Mac world was unaffected, unless it depended on a Windows computer somewhere. 2 factor authentication using a code code authentication wouldn’t have helped protect against this calamity.
Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World
A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally.
We at Semitracks, Inc. decided to implement our own "in-house cloud" for our Online Training Systems, so that we could avoid some of these issues. I'm not saying that our way is the best way, but it does help avoid some of these types of issues.
@Arthur Hanson , this was cybersecurity gone bad, a bad cross between a CrowdStrike update defect and Windows. I’ve always had problems Windows fragility due to it’s long term binary compatibility roots and vulnerable configuration files. The Linux and Mac world was unaffected, unless it depended on a Windows computer somewhere. 2 factor authentication using a code code authentication wouldn’t have helped protect against this calamity.
Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World
A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally.
This is an outage caused by the antivirus/security protection software CrowdStrike. It's much less to do with Microsoft itself.
To allow third party antivirus softwares to work under the Windows Operating system, Microsoft must give them certain OS privileges. Unfortunately, if the antivirus software itself goes rogue, we will see this kind of widespread outages.
Do we need an anti-antivirus software just in case?
"Following a complaint, the spokesman said, Microsoft agreed back in 2009 with the European Commission that it would give makers of security software the same level of access to Windows that Microsoft gets. This decision means security software vendors have a greater ability to muck up systems as CrowdStrike did this week when it crippled 8.5 million Windows PCs worldwide. Microsoft has since come to the rescue with an auto-fix tool for affected users."
"Ironically, while the EU was aiming to make things fair, Apple and Google which make macOS and ChromeOS are not bound by the same restrictions... yet."
The CrowdStrike Windows outage that hit the world this week stems back to an EU-Microsoft deal from 2009 that meant Microsoft had to give antivirus vendors the same Windows API access it had.
"Following a complaint, the spokesman said, Microsoft agreed back in 2009 with the European Commission that it would give makers of security software the same level of access to Windows that Microsoft gets. This decision means security software vendors have a greater ability to muck up systems as CrowdStrike did this week when it crippled 8.5 million Windows PCs worldwide. Microsoft has since come to the rescue with an auto-fix tool for affected users."
"Ironically, while the EU was aiming to make things fair, Apple and Google which make macOS and ChromeOS are not bound by the same restrictions... yet."
The CrowdStrike Windows outage that hit the world this week stems back to an EU-Microsoft deal from 2009 that meant Microsoft had to give antivirus vendors the same Windows API access it had.
It’s not as if MS systems are secure without 3rd party software. You cannot rely on MS . The magic fix mentioned is pretty manual and one at a time
In a nutshell, the tool creates a bootable USB drive that, when launched, applies the necessary fixes automatically and executes "issue-remediation scripts" suggested by CrowdStrike, saving users, especially IT admins, a lot of time and effort. Once everything is done, the affected system should boot into Windows without any issues.
I agree - I can’t tell you the number of times I have had PC disasters with “legacy” .SYS file issues. Eventually gave up for Macs and Linux. From what I see out on the forums, this was a Windows legacy disaster waiting to happen.
“1. Poorly written code in the kernel module crashed the whole OS, and kept trying to parse the corrupted files, causing a boot loop. Instead of handling the error gracefully and deleting/marking the files as corrupt.”
www.yahoo.com
www.crowdstrike.com
www.wired.com
www.neowin.net
news.ycombinator.com
