top | item 41009233

(no title)

LrnByTeach | 1 year ago

what many people of not taking is that why we are here:

one simple reason: all eggs in one Microsoft PC basket

why in one Microsoft PC basket?

- most corporate desktop apps are developed for Windows ONLY

Why most corporate desktop apps are developed for Windows ONLY?

- it is cheaper to develop and distribute since, 90% of corporations use Windows PCs ( Chicken and Egg problem)

- alternate Mac Laptops are 3x more expensive, so corporations can't afford

- there are no robust industrial grade Linux laptops from PC vendors (lack of support, fear of Microsoft may penalize for promoting Linux laptops etc.)

1/ Most large corporations (Airlines, Hospitals etc..) can AFFORD & DEMAND their Software vendors to provide their ' business desktop applications' both in Windows and Linux versions and install mix of both Operating systems.

2/ majority of corporate desktop applications can be Web applications (Browser based) removing the single vendor Microsoft Windows PC/Laptops

discuss

watermelon0|1 year ago

Windows is not the issue here. If all of the businesses used Linux, a similar software product, deployed as widely as Crowdstrike, with auto-update, could result in the same issue.

Same goes for the OS; if let's say majority of businesses used RHEL with auto updates, RedHat could in theory push an update, that would result bring down all machines.

kjellsbells|1 year ago

Agree. The monoculture simply accelerates the infection because there are no sizable natural barriers to stop it.

Windows and even Intel must take some blame, because in this day and age of vPro on the board and rollbacks built into the OS it's incredible that there is no "last known good" procedure to boot into the most recent successfully booted environment (didnt NT have this 30 years ago?), or remotely recover the system. I pity the IT staff that are going to have to talk Bob in Accounting through bitlocker and some sys file, times 1000s.

IT get some blame, because this notion that an update from a third party can reach past the logical gatekeeping function that IT provides, directly into their estate, and change things, is unconscionable. Why dont the PCs update from a local mirror that IT has that has been through canary testing? Do we trust vendors that much now?

Poor Crowdstrike. This might be the end for them.

doubled112|1 year ago

https://access.redhat.com/solutions/7068083

Just last month there were issues between RHEL's kernel update and Crowdstrike.

antihero|1 year ago

I would posit that RedHat have a slightly longer and more proven track record than Crowdstrike, and more transparent process with how they release updates.

No entity is infallible but letting one closed source opaque corporation have the keys to break everything isn’t resilient.

phkahler|1 year ago

>> Windows is not the issue here.

Yes it is. Windows was created for the "Personal Computer" with zero thought initially put in to security. It has been fighting that heritage for 30 years. The reason Crowdstrike exists at all is due to shortcomings (real or perceived) in Windows security.

Unix (and hence Linux and MacOS) was designed as a multi-user system from the start, so access controls and permissions were there from the start. It may have been a flawed security model and has been updated over time, but at least it started some notion of security. These ideas had already expanded to networks before Microsoft ever heard the word Netscape.

fulafel|1 year ago

That's assuming in this alternate universe we'd also be using kernel antivirus software to counter malware. It's far from obvious.

LrnByTeach|1 year ago

yes, staggered software update is the way to go. there was reply in this thread why Crowdstrike did not do it -- don't want extra cost of Engineering for that

having 1/3 of Airlines computers Windows, RHEL, Ubuntu .. all unlikely to hit same problems at same time.

aflag|1 year ago

But then it'd be putting all eggs in the Linux pc basket, wouldn't it? I think they point was that more heterogeneity would make this not be a problem. If all your potatoes are the same potato it only takes one bad blight epidemic to kill off all farmed potatoes in a country. If there's more heterogeneity things like that doesn't happen.

lanstin|1 year ago

The difference being that RHEL has a QA process which crowd strike apparently does not. The quality practices for open source involved companies is apparently much higher than for large closed source "security" firms.

I guess getting whined at because obscure things break in beta or rc releases has a good effect for the people using LTS.

Ajedi32|1 year ago

Maybe this is pie-in-the-sky thinking, but if all the businesses used some sort of desktop variant of Android, the Crowdstrike app (to the extent that such a thing would even be necessary in the first place) would be sandboxed and wouldn't have the necessary permissions to bring down the whole operating system.

Natsu|1 year ago

More secure OSes would consider an application being able to take down the entire OS as a security issue and would make that impossible.

crowdstriker|1 year ago

[deleted]

trhway|1 year ago

SolarWinds story was quickly forgotten, and this one will be too, and we'll continue to build such special single points of global catastrophic failure into our craftly architected decentralized highly robust horizontally scaled multi-datacenter-region systems

TeaBrain|1 year ago

The SolarWinds story wasn't forgotten. Late last year the SEC launched a complaint against SolarWinds and its CISO. It was only yesterday that many of the SEC's claims against the CISO were dismissed.

rtev|1 year ago

Solarwinds is still dealing with the reputation damage and fallout today from that breach. People don’t forget about this stuff. the lawsuits will likely be hitting crowdstrike for years to come

ahachete|1 year ago

Lenovo and Dell have some laptops with Linux, and they are very good ones.

(not sure if you meant rugged ones, that may not be the case, but I guess this is a tiny percentage of the market)

linuxlizard|1 year ago

Crowdstrike also has an Ubuntu Linux version. We're required to install it at work.

ttyprintk|1 year ago

No less than three baskets, or you cannot apply for bailouts. If you want to argue your industry is a load-bearing element in the economy: no less than three baskets.

__MatrixMan__|1 year ago

Making everything browser based doesn't help (unless you can walk across the room and touch the server). The web is all about creating fast-acting local dependency on the actions of far-away people who are not known or necessarily trusted by the user. Like crowdstrike, it's about remote control, and it's exactly that kind of dependency that caused this problem.

I love piling on Microsoft as much as the next guy, but this is bigger than that. It's a structural problem with how we (fail to) manage trust.