CrowdStrike effectively bricked windows, Mac and Linux today.

Windows machines won’t boot, and Mac and Linux work is abandoned because all their users are on twitter making memes.

Incredible work.

  • danc4498@lemmy.world
    link
    fedilink
    English
    arrow-up
    80
    arrow-down
    1
    ·
    4 months ago

    Is there a good eli5 on what crowdstrike is, why it is so massively used, why it seems to be so heavily associated with Microsoft and what the hell happened?

    • Baggie@lemmy.zip
      link
      fedilink
      arrow-up
      101
      arrow-down
      1
      ·
      4 months ago

      Gonna try my best here:

      Crowdstrike is an anti-virus program that everyone in the corporate world uses for their windows machines. They released a update that made the program fail badly enough that windows crashes. When it crashes like this, it tries to restart in case it fixes the issue, but here it doesn’t, and computers get stuck in a loop of restarting.

      Because anti-virus programs are there to prevent bad things from happening, you can’t just automatically disable the program when it crashes. This means a lot of computers cannot start properly, which means you also cannot tell the computers to fix the problem remotely like you usually would.

      The end result is a bunch of low level techs are spending their weekends manually going to each computer individually, and swapping out the bad update file so the computer can boot. It’s a massive failure on crowdstrikes part, and a good reason you shouldn’t outsource all your IT like people have been doing.

      • themeatbridge@lemmy.world
        link
        fedilink
        arrow-up
        78
        ·
        4 months ago

        It’s also a strong indicator that companies are not doing enough to protect their own infrastructure. Production servers shouldn’t have third party software that auto-updates without going through a test environment. It’s one thing to push emergency updates if there is a timely concern or vulnerability, but routine maintenance should go through testing before being promoted to prod.

        • PainInTheAES@lemmy.world
          link
          fedilink
          arrow-up
          41
          ·
          4 months ago

          It’s because this got pushed as a virus definition update and not a client update bypassing even customer staging rules that should prevent issues like this. Makes it a little more understandable because you’d want to be protected against current threats. But, yeah should still hit testing first if possible.

          • suction@lemmy.world
            link
            fedilink
            arrow-up
            22
            ·
            4 months ago

            If a company disguises a software update as a virus definition update, that be a huge scandal and no serious company should ever work with them again…are you sure that’s what happened?

            • PainInTheAES@lemmy.world
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              4 months ago

              Ah, was a bit off. The update disregarded update controls per reddit and I must have misunderstood what exactly the channel update did. I know for the sensors you can set how closely you want to track current releases but I guess the driver update is not considered under those rules. I use CrowdStrike in my day to day but not from the administrative side, sorry for the misinformation. Thanks for the details Gestrid.

        • Baggie@lemmy.zip
          link
          fedilink
          arrow-up
          11
          ·
          4 months ago

          100% agree. I haven’t been on the backend of managing crowdstrike so I don’t know if this is a option, but running a wsuz server and manually weeding out bad updates was such an improvement over rawdogging windows updates.

      • Flying Squid@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        4
        ·
        4 months ago

        Really there’s a sub-joke here about how, because no one ever bothers scanning their Mac for viruses since they think they’re virus-proof, all the Macs are functioning as the virus farms they’ve been for quite some time.

    • Captain Aggravated@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      68
      ·
      4 months ago

      Crowdstrike is a cybersecurity company that makes security software for Windows. It apparently operates at the kernel-level, so it’s running in the critical path of the OS. So if their software crashes, it takes Windows down with it.

      This is very popular software. Many large entities including fortune 500 companies, transport authorities, hospitals etc. use this software.

      They pushed a bad update which caused their software to crash, which took Windows down with it on an extremely large number of machines worldwide.

      Hilariously bad.

      • ipkpjersi@lemmy.ml
        link
        fedilink
        arrow-up
        20
        arrow-down
        4
        ·
        4 months ago

        Honestly it is kind of hilarious, with how many people I have had make fun of me for using Linux, and now here I am laughing from my Linux desktop lol

      • danc4498@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        1
        ·
        4 months ago

        So, do all windows machines use this, or do you have to add this software?

                • rottingleaf@lemmy.world
                  link
                  fedilink
                  arrow-up
                  11
                  arrow-down
                  1
                  ·
                  edit-2
                  4 months ago

                  Third parties love their trojans just being treated as normal way of life.

                  “Anti-cheats” instead of not being imbeciles while designing protocols for multiplayer, “anti-viruses” which need to run kernel-level and download databases with executable code, video drivers which just can’t be packaged with Windows.

                  One thing I’ve realized is that large parts of social structure are dependent on cheating. We all want to cheat, so we all agree to a system where cheating is possible, but pretend it’s not happening until someone gets caught and then just behave as if nothing happened.

                  One necessary part of someone’s upbringing is honesty. There’s an amazingly deep moment in LOTR where Eomer says that Rohirrim don’t lie, so they are not easily deceived.

                  This is not a poetic device. This is how it works. Ponzi schemes usually target people who think they are smarter and more cunning and will gain something from them. And rigged security systems work because most of participants think they are the ones who may at some point abuse those systems, but most of them are the ones becoming eventually victims of such abuse.

                  • EuroNutellaMan@lemmy.world
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    4 months ago

                    I think it’s much simpler: people don’t know what they’re doing, while CEOs want to make more money so don’t do appropriate (expensive) practices.

                • Dashi@lemmy.world
                  link
                  fedilink
                  arrow-up
                  4
                  ·
                  4 months ago

                  If there is any software you want running at kernel though it is your AV. Not saying Spotify has a reason for running at kernel though… But running AV at kernel in theory is a better way to protect the machine and you.

        • hondacivic@lem.sabross.xyz
          link
          fedilink
          arrow-up
          12
          ·
          4 months ago

          It seems to be an enterprise product, meaning normal users might not have been affected. I wouldn’t personnaly be able to confirm since I usually have 1-2 month uptime on my windows machine.

          • Gestrid@lemmy.ca
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Their computers may not be affected, but their everyday lives might be. Some of the affected services include 911, stoplights, banks, hospitals, and a whole other smorgasbord of stuff.

        • tyler@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          It’s a general security solution. They run on Mac and Linux as well. It just happened that crowdstrike only released the broken update for windows.

      • tyler@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        They make security software for every OS. My company has it running on our Macs, and Linux servers as well. It just happened to only break windows because that’s what they released the update for.

      • smb@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        This is very popular software.

        if that’s a “good” argument for you, then i’ve already heared that, and it nearly never really fits. here is another one for you that is an argument as generic as yours: “maybe try eating poo, trillions of flies cannot be wrong, poo is VERY popular food, much more popular than any human food !!! (as in mass per day as well as in its number of consumers)”

        • Captain Aggravated@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          I wasn’t making a case for adopting this software. Just pointing out that it is widely used, which is why it had such a wide effect.

          I think you’ll find most corporations would jump off a bridge if they saw their competitors jump.

      • Abnorc@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        I was puzzled since my work continued on as usual. I guess my company doesn’t use it.