I don't think Crowdstrike can afford to pay? Also, some blame may be found for Microsoft, as they are supposed to verify kernel level changes before they go live
I don't think Crowdstrike can afford to pay? Also, some blame may be found for Microsoft, as they are supposed to verify kernel level changes before they go live
Microsoft has been quick to blame EU competition agreement for it, saying they have been forced to give other software companies kernel level access. Don't know how that holds up though.
Microsoft has been quick to blame EU competition agreement for it, saying they have been forced to give other software companies kernel level access. Don't know how that holds up though.
I'm not saying Microsoft is correct (I think it's a pretty flimsy excuse on their part), but what you suggest is not really how things end up working. EU regulations tend to have a worldwide...
I'm not saying Microsoft is correct (I think it's a pretty flimsy excuse on their part), but what you suggest is not really how things end up working. EU regulations tend to have a worldwide effect. Just look at the GDPR, or the USB-C charging port requirements. Sure, companies could only apply changes to the products they sell in the EU to meet the regulations there, and keep things working differently elsewhere in the world. However, it's typically far easier and cheaper for companies to roll those changes out worldwide instead of treating the EU as an exception. So that's what they all generally do instead.
Yep, as they usually do. I'm coming around to the argument that ultimately Microsoft has a large share of the fault, actually. To run something at that level in the kernel, Microsoft requires an...
Yep, as they usually do.
I'm coming around to the argument that ultimately Microsoft has a large share of the fault, actually. To run something at that level in the kernel, Microsoft requires an approval and code signing process. They're the ones who rubber stamped something that basically downloads executable code (bypassing that approval process) and blindly assumes the downloaded file isn't corrupted...
CrowdStrike's apparent lack of automated or manual testing is also ridiculous, but Microsoft opened the door to the problem...and that's even with them not freely allowing just anyone to run things in ring zero. They might not want to be making noise about this before the US and EU start asking pointed questions in the inevitable hearings...
Yeah, this has clearly proven that multiple layers of testing and certification have failed, both at Crowdstrike and Microsoft. Probably due to them laying off people who were key figures in those...
Yeah, this has clearly proven that multiple layers of testing and certification have failed, both at Crowdstrike and Microsoft. Probably due to them laying off people who were key figures in those programs, and then working others to the point of "fuck it, ship it".
Fair enough, I am uneducated on the whole EU law and it's impacts in this case. Totally bullshit that it targets Microsoft and not Apple. But Microsoft still has to verify the program before the...
Fair enough, I am uneducated on the whole EU law and it's impacts in this case. Totally bullshit that it targets Microsoft and not Apple.
But Microsoft still has to verify the program before the update goes out is my understanding, so they can't blame this law to completely remove fault.
Well, at least their partners got $10 UberEats vouchers to compensate. And some of those vouchers even worked!
Yeah, if Crowdstrike doesn't pay willingly there will be lawsuits
I don't think Crowdstrike can afford to pay? Also, some blame may be found for Microsoft, as they are supposed to verify kernel level changes before they go live
Microsoft has been quick to blame EU competition agreement for it, saying they have been forced to give other software companies kernel level access. Don't know how that holds up though.
If that were the case, only the EU would have been affected. Microsoft is free to block kernel level access in the rest of the world.
I'm not saying Microsoft is correct (I think it's a pretty flimsy excuse on their part), but what you suggest is not really how things end up working. EU regulations tend to have a worldwide effect. Just look at the GDPR, or the USB-C charging port requirements. Sure, companies could only apply changes to the products they sell in the EU to meet the regulations there, and keep things working differently elsewhere in the world. However, it's typically far easier and cheaper for companies to roll those changes out worldwide instead of treating the EU as an exception. So that's what they all generally do instead.
Yeah definitely one for the Courts. I'm calling bullshit on that EU agreement though, feels like they are just trying to lash out at legislation.
Yep, as they usually do.
I'm coming around to the argument that ultimately Microsoft has a large share of the fault, actually. To run something at that level in the kernel, Microsoft requires an approval and code signing process. They're the ones who rubber stamped something that basically downloads executable code (bypassing that approval process) and blindly assumes the downloaded file isn't corrupted...
CrowdStrike's apparent lack of automated or manual testing is also ridiculous, but Microsoft opened the door to the problem...and that's even with them not freely allowing just anyone to run things in ring zero. They might not want to be making noise about this before the US and EU start asking pointed questions in the inevitable hearings...
Yeah, this has clearly proven that multiple layers of testing and certification have failed, both at Crowdstrike and Microsoft. Probably due to them laying off people who were key figures in those programs, and then working others to the point of "fuck it, ship it".
Fair enough, I am uneducated on the whole EU law and it's impacts in this case. Totally bullshit that it targets Microsoft and not Apple.
But Microsoft still has to verify the program before the update goes out is my understanding, so they can't blame this law to completely remove fault.
Courts figure out these types of issues every day. I'm sure Microsoft will be sued as part of suing Crowdstrike even if they end up not liable
Yeah. I'm pretty sure this will end up in court regardless, but I wouldn't be surprised if we get a congressional hearing over the damage this caused.
Hasn't that already happened?
Looking at the news it looks like they have a hearing targeted for September.