Let's not celebrate CrowdStrike – let's point to a better way

The Free Software Foundation (FSF) has raised concerns regarding the recent CrowdStrike incident, where automatic updates to a Windows kernel driver caused widespread system crashes. The FSF argues that this situation highlights the risks of relying on a single proprietary software provider, suggesting that a more decentralized approach using free software could prevent such issues. They emphasize that while automatic updates can be beneficial, they should be based on informed user consent. The FSF advocates for a diverse ecosystem where institutions like libraries and airlines utilize different versions of GNU/Linux, each with their own security teams, thus reducing dependency on a single vendor.

The article critiques Microsoft's response to the incident, which appears to blame third-party access to the Windows kernel for the problems, arguing that this perspective is flawed. The FSF believes that free software's transparency allows for better collaboration among developers, which can lead to quicker resolutions of bugs. They assert that public institutions should prioritize free software to ensure greater control and security over their systems. The FSF acknowledges the challenges of transitioning to free software but maintains that the ethical advantages and the need for accountability make it a necessary shift. The piece concludes with a reminder of the importance of proper configuration management to avoid similar incidents in the future.