Microsoft Blames European Commission for Major Worldwide Outage
A global PC outage caused by a CrowdStrike Falcon antivirus update affected Windows systems, leading to disruptions in various sectors. Mac and Linux remained unaffected due to different security protocols. Microsoft and CrowdStrike addressed the issue, emphasizing the importance of security measures.
Read original article
A major worldwide outage last Friday impacted PCs running Microsoft Windows due to an update to the CrowdStrike Falcon antivirus software. The failure caused issues for airlines, retailers, banks, hospitals, and more, with affected computers stuck in continuous recovery loops. Mac and Linux machines were not affected because they do not grant kernel access to software like Windows does. Microsoft blamed the European Commission for not being able to offer the same protections as Macs, citing an agreement from 2009 that requires them to provide third-party security apps with kernel access. Apple's macOS design, which does not allow kernel access, prevented similar havoc on Macs. The incident highlights the unintended consequences of legislation that weakens security for open access. CrowdStrike apologized for the disruption and pledged to prevent similar situations in the future. Microsoft stated that such incidents are infrequent, impacting less than one percent of Windows machines. The European Commission has been pushing for more open access in tech, potentially compromising security measures.
Related
Microsoft outage: Chaos as internet down and flights grounded around the world
A global IT outage, possibly linked to Crowdstrike antivirus software, caused chaos worldwide. Windows crashes affected sectors like healthcare and transportation. Crowdstrike's shares dropped. Various services faced disruptions, prompting calls for system modernization.
Microsoft/Crowdstrike outage ground planes, banks and the London Stock Exchange
A cybersecurity program update failure caused global disruptions affecting businesses and services like United Airlines, McDonald’s, and the London Stock Exchange. Microsoft and CrowdStrike faced issues, but the problem was resolved without a cyberattack. CrowdStrike's shares dropped 20%, and Microsoft's fell 2.9%. The incident, involving Windows and security software, is one of the largest IT outages, surpassing past disruptions.
Microsoft has serious questions to answer after the biggest IT outage in history
The largest IT outage in history stemmed from a faulty software update by CrowdStrike, impacting 70% of Windows computers globally. Mac and Linux systems remained unaffected. Concerns arise over responsibility and prevention measures.
Microsoft says 8.5M Windows devices were affected by CrowdStrike outage
Microsoft reported that a CrowdStrike outage impacted 8.5 million Windows devices globally, causing disruptions in banking, retail, and transportation. Collaboration with tech giants is ongoing to address cybersecurity risks efficiently.
Microsoft blames EU rules for allowing biggest IT outage to happen
Microsoft attributes the world's largest IT outage to EU regulations hindering security changes, causing disruptions in travel and healthcare. CrowdStrike update affected 8.5 million Windows devices, emphasizing tech companies' struggle with security and regulations.
12 commentsA Microsoft spokesman said it cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.
> Apple has not been forced to make changes to how Macs work, but the European Commission has been targeting the closed nature of iOS, and Apple has warned that the updates that have already been implemented could lead to security risks in the future.
This is a valid and interesting comparison - Microsoft complied and Apple fought tooth and nail.
But also, it's kind of a moot point because absolutely no one is running Apple hardware at a flight kiosk.
What about Linux though?
Feels like this is just MS redirecting blame and using it as an opportunity to push the narrative that walled garden = good.
Are they (e.g., MS) shipping VMs in their cloud (e.g., Azure) with CrowdStrike pre-installed? In which case I think people have a right to be upset with MS, as they've chosen an apparently poor quality vendor, and the EU argument seems like a complete distraction.
Or is the market of "audit checkbox checking security software" just such a monoculture that nigh every Windows VM out there was running this thing, but that it was installed by the owners of the VM (i.e., not by the cloud vendor), and now we see what happens when unfettered updates hit a monoculture? In which case, … I don't see how MS is to blame here; seems like you, the buyer of CrowdStrike, chose poorly. (And the EU thing is even more of a distraction.) (And I guess the cloud status page updates are just out of the goodness of the cloud vendors' hearts, or we don't think Windows sysadmins are competent enough to not blame their cloud, or both.)
https://news.ycombinator.com/item?id=41029590
Microsoft points finger at the EU for not being able to lock down Windows
UAC, virtualization, hybrid kernel/user-space shenanigans, all were not in the OS at some point, and research and development, listening to other parties and taking inspiration from other OSes brought these advancements in security.
If Microsoft thinks offering kernel drivers for security (antivirus or otherwise) is a bad thing for the 3rd party companies, then by extension it is bad for any antiviral product they offer and they should absolutely find a new paradigm to securely implement them (eBPF like as some other folks suggested).
But saying "but apple does it !" is not a reasonable demande when your software runs respirators and nuclear facilities. (Apple are still cunts for having everything locked down but that's another conversation)
Related
Microsoft outage: Chaos as internet down and flights grounded around the world
A global IT outage, possibly linked to Crowdstrike antivirus software, caused chaos worldwide. Windows crashes affected sectors like healthcare and transportation. Crowdstrike's shares dropped. Various services faced disruptions, prompting calls for system modernization.
Microsoft/Crowdstrike outage ground planes, banks and the London Stock Exchange
A cybersecurity program update failure caused global disruptions affecting businesses and services like United Airlines, McDonald’s, and the London Stock Exchange. Microsoft and CrowdStrike faced issues, but the problem was resolved without a cyberattack. CrowdStrike's shares dropped 20%, and Microsoft's fell 2.9%. The incident, involving Windows and security software, is one of the largest IT outages, surpassing past disruptions.
Microsoft has serious questions to answer after the biggest IT outage in history
The largest IT outage in history stemmed from a faulty software update by CrowdStrike, impacting 70% of Windows computers globally. Mac and Linux systems remained unaffected. Concerns arise over responsibility and prevention measures.
Microsoft says 8.5M Windows devices were affected by CrowdStrike outage
Microsoft reported that a CrowdStrike outage impacted 8.5 million Windows devices globally, causing disruptions in banking, retail, and transportation. Collaboration with tech giants is ongoing to address cybersecurity risks efficiently.
Microsoft blames EU rules for allowing biggest IT outage to happen
Microsoft attributes the world's largest IT outage to EU regulations hindering security changes, causing disruptions in travel and healthcare. CrowdStrike update affected 8.5 million Windows devices, emphasizing tech companies' struggle with security and regulations.