I don't think Crowdstrike can afford to pay? Also, some blame may be found for Microsoft, as they are supposed to verify kernel level changes before they go live
I don't think Crowdstrike can afford to pay? Also, some blame may be found for Microsoft, as they are supposed to verify kernel level changes before they go live
Microsoft has been quick to blame EU competition agreement for it, saying they have been forced to give other software companies kernel level access. Don't know how that holds up though.
Microsoft has been quick to blame EU competition agreement for it, saying they have been forced to give other software companies kernel level access. Don't know how that holds up though.
I'm not saying Microsoft is correct (I think it's a pretty flimsy excuse on their part), but what you suggest is not really how things end up working. EU regulations tend to have a worldwide...
I'm not saying Microsoft is correct (I think it's a pretty flimsy excuse on their part), but what you suggest is not really how things end up working. EU regulations tend to have a worldwide effect. Just look at the GDPR, or the USB-C charging port requirements. Sure, companies could only apply changes to the products they sell in the EU to meet the regulations there, and keep things working differently elsewhere in the world. However, it's typically far easier and cheaper for companies to roll those changes out worldwide instead of treating the EU as an exception. So that's what they all generally do instead.
Yep, as they usually do. I'm coming around to the argument that ultimately Microsoft has a large share of the fault, actually. To run something at that level in the kernel, Microsoft requires an...
Yep, as they usually do.
I'm coming around to the argument that ultimately Microsoft has a large share of the fault, actually. To run something at that level in the kernel, Microsoft requires an approval and code signing process. They're the ones who rubber stamped something that basically downloads executable code (bypassing that approval process) and blindly assumes the downloaded file isn't corrupted...
CrowdStrike's apparent lack of automated or manual testing is also ridiculous, but Microsoft opened the door to the problem...and that's even with them not freely allowing just anyone to run things in ring zero. They might not want to be making noise about this before the US and EU start asking pointed questions in the inevitable hearings...
Yeah, this has clearly proven that multiple layers of testing and certification have failed, both at Crowdstrike and Microsoft. Probably due to them laying off people who were key figures in those...
Yeah, this has clearly proven that multiple layers of testing and certification have failed, both at Crowdstrike and Microsoft. Probably due to them laying off people who were key figures in those programs, and then working others to the point of "fuck it, ship it".
Actually, it has merit. MS have been forced to allow software kernel access whereas Apple hasn't, and they're quite hurt about it. Hence the blame. That said, you've been able to tap into system...
Actually, it has merit.
MS have been forced to allow software kernel access whereas Apple hasn't, and they're quite hurt about it. Hence the blame.
That said, you've been able to tap into system level and make kernel calls as software on Windows for as long as I can remember (back to 3.51 with NT). They've never been allowed to stitch up that hole because so many softwares require this access (AV tools, drivers for specific hardware - although they have dragged a lot of that out to userland now, etc).
Fair enough, I am uneducated on the whole EU law and it's impacts in this case. Totally bullshit that it targets Microsoft and not Apple. But Microsoft still has to verify the program before the...
Fair enough, I am uneducated on the whole EU law and it's impacts in this case. Totally bullshit that it targets Microsoft and not Apple.
But Microsoft still has to verify the program before the update goes out is my understanding, so they can't blame this law to completely remove fault.
MS do NOT have to verify anything other than their own OS and tools. You can install anything on Windows. For as much as everyone shits on MS, me included, you can install pretty much anything....
MS do NOT have to verify anything other than their own OS and tools. You can install anything on Windows.
For as much as everyone shits on MS, me included, you can install pretty much anything. You can write your own software. There is no verification required. You can verify with MS. It's great for drivers (WHQL), and you can get your software verified (for a price), but once installed, any software that is allowed to by the user can pull updates. You accept that as part of your EULA at install, or ToS when you purchase.
The update that broke Windows was caused by CrowdStrike, and it took an administrator level of access to install initially. There is no fault on MS for a borked software that annihilates the system due to a broken update once that software has system level access.
Well, at least their partners got $10 UberEats vouchers to compensate. And some of those vouchers even worked!
Yeah, if Crowdstrike doesn't pay willingly there will be lawsuits
I don't think Crowdstrike can afford to pay? Also, some blame may be found for Microsoft, as they are supposed to verify kernel level changes before they go live
Microsoft has been quick to blame EU competition agreement for it, saying they have been forced to give other software companies kernel level access. Don't know how that holds up though.
If that were the case, only the EU would have been affected. Microsoft is free to block kernel level access in the rest of the world.
I'm not saying Microsoft is correct (I think it's a pretty flimsy excuse on their part), but what you suggest is not really how things end up working. EU regulations tend to have a worldwide effect. Just look at the GDPR, or the USB-C charging port requirements. Sure, companies could only apply changes to the products they sell in the EU to meet the regulations there, and keep things working differently elsewhere in the world. However, it's typically far easier and cheaper for companies to roll those changes out worldwide instead of treating the EU as an exception. So that's what they all generally do instead.
Yeah definitely one for the Courts. I'm calling bullshit on that EU agreement though, feels like they are just trying to lash out at legislation.
Yep, as they usually do.
I'm coming around to the argument that ultimately Microsoft has a large share of the fault, actually. To run something at that level in the kernel, Microsoft requires an approval and code signing process. They're the ones who rubber stamped something that basically downloads executable code (bypassing that approval process) and blindly assumes the downloaded file isn't corrupted...
CrowdStrike's apparent lack of automated or manual testing is also ridiculous, but Microsoft opened the door to the problem...and that's even with them not freely allowing just anyone to run things in ring zero. They might not want to be making noise about this before the US and EU start asking pointed questions in the inevitable hearings...
Yeah, this has clearly proven that multiple layers of testing and certification have failed, both at Crowdstrike and Microsoft. Probably due to them laying off people who were key figures in those programs, and then working others to the point of "fuck it, ship it".
Actually, it has merit.
MS have been forced to allow software kernel access whereas Apple hasn't, and they're quite hurt about it. Hence the blame.
That said, you've been able to tap into system level and make kernel calls as software on Windows for as long as I can remember (back to 3.51 with NT). They've never been allowed to stitch up that hole because so many softwares require this access (AV tools, drivers for specific hardware - although they have dragged a lot of that out to userland now, etc).
Fair enough, I am uneducated on the whole EU law and it's impacts in this case. Totally bullshit that it targets Microsoft and not Apple.
But Microsoft still has to verify the program before the update goes out is my understanding, so they can't blame this law to completely remove fault.
MS do NOT have to verify anything other than their own OS and tools. You can install anything on Windows.
For as much as everyone shits on MS, me included, you can install pretty much anything. You can write your own software. There is no verification required. You can verify with MS. It's great for drivers (WHQL), and you can get your software verified (for a price), but once installed, any software that is allowed to by the user can pull updates. You accept that as part of your EULA at install, or ToS when you purchase.
The update that broke Windows was caused by CrowdStrike, and it took an administrator level of access to install initially. There is no fault on MS for a borked software that annihilates the system due to a broken update once that software has system level access.
Courts figure out these types of issues every day. I'm sure Microsoft will be sued as part of suing Crowdstrike even if they end up not liable
Yeah. I'm pretty sure this will end up in court regardless, but I wouldn't be surprised if we get a congressional hearing over the damage this caused.
Hasn't that already happened?
Looking at the news it looks like they have a hearing targeted for September.