The CrowdStrike Windows outage that hit the world this week stems back to an EU-Microsoft deal from 2009 that meant Microsoft had to give antivirus vendors the same Windows API access it had.
We all hate Microsoft for turning Windows into an ad platform but they aren’t wrong.
They are legally required to give Crowdstrike or anyone complete low level access to the OS. They are legally required to let Crowdstrike crash your computer. Because anything else means Microsoft is in control and not the software you installed.
It’s no different than Linux in that way. If you install a buggy device driver on Linux, that’s your/the driver’s fault, not Linux.
But what if Windows have something similar to eBPF in Linux, and CS opted to use it, will this disaster won’t happen at all or in a much smaller scale and less impactful?
You are not wrong, but people don’t want to hear it. Do we want to retain control over what goes into kernel space or not? If so, we have to accept that whatever we stuff in there can crash the entire thing. That’s why we have stuff like driver signatures. Which Crowdstrike apparently bypassed with a technical loophole from how I understand it.
I actually agree, I own my computer / OS and I should be able to do what you’re saying (install and break things). But Microsoft is a trillion dollar multi national corporation and I am certainly going to give them grief about this because I owe them less than nothing, let alone any good will.
Yeah I saw the article that says they’re legally required but until I can actually read that document where it says “thou shall give everyone ring-0” access I’m gonna call it bullshit.
It might not be written literally like that but for Microsoft not letting third party developers write kernel drivers for windows would be considered abusing their position in the market very fast. The problem isn’t they allow kernel drivers, this is just ms throwing all the balls they can, is that they certified this very driver, as tested and stable. Without this certification most IT teams would’ve been more reticent to install crowdstrike’s root kit in their systems.
We all hate Microsoft for turning Windows into an ad platform but they aren’t wrong.
They are legally required to give Crowdstrike or anyone complete low level access to the OS. They are legally required to let Crowdstrike crash your computer. Because anything else means Microsoft is in control and not the software you installed.
It’s no different than Linux in that way. If you install a buggy device driver on Linux, that’s your/the driver’s fault, not Linux.
But what if Windows have something similar to eBPF in Linux, and CS opted to use it, will this disaster won’t happen at all or in a much smaller scale and less impactful?
You are not wrong, but people don’t want to hear it. Do we want to retain control over what goes into kernel space or not? If so, we have to accept that whatever we stuff in there can crash the entire thing. That’s why we have stuff like driver signatures. Which Crowdstrike apparently bypassed with a technical loophole from how I understand it.
I actually agree, I own my computer / OS and I should be able to do what you’re saying (install and break things). But Microsoft is a trillion dollar multi national corporation and I am certainly going to give them grief about this because I owe them less than nothing, let alone any good will.
You are going to give grief to Microsoft for allowing what you want?
???
That doesn’t make any sense. How does arguing against your position do anything but harm it?
Maybe just give them grief over the myriad negative things they do that don’t counter your position?
Yeah I saw the article that says they’re legally required but until I can actually read that document where it says “thou shall give everyone ring-0” access I’m gonna call it bullshit.
If it’s not ring 0, it’s not full access. They are legally required to give full access.
I’ll believe it when I read it.
It might not be written literally like that but for Microsoft not letting third party developers write kernel drivers for windows would be considered abusing their position in the market very fast. The problem isn’t they allow kernel drivers, this is just ms throwing all the balls they can, is that they certified this very driver, as tested and stable. Without this certification most IT teams would’ve been more reticent to install crowdstrike’s root kit in their systems.
Sorry, how is that related to the stability of the kernel?
I explained in my second sentence.
“They are legally required to give Crowdstrike or anyone low level access to the OS.”
If you install a buggy driver into Linux and it crashes, that’s not a problem with the Linux kernel.
https://www.redhat.com/sysadmin/linux-kernel-panic
I fully agree with you on that front, but ads have nothing to do with kernel access, so how is that relevant to their legal requirements?
I was explaining why everyone hates on Microsoft but the Crowdstrike crash had nothing to do with the reasons people hate MS.
Gotcha.