Microsoft + CloudStrike = Death
The culprit for the current global Windows outage that affected banks, airlines, hospitals, and many other services and industries since the early morning of Friday, July 19, CrowdStrike’s Falcon Sensor, is a software designed to prevent computer systems from cyberattacks. But when it depends on the Cloud, and it’s so poorly designed that it BSOD’s the system that it’s meant to protect… it becomes more effective than ransomware in kneeling down our hypertechnologized and overly vulnerable civilization!
Some retards have designed everything on this planet with a Single Point of Failure (SPOF).
How could this civilization cope with a world war, when it can stop functioning for such a ridiculous reason?
As far as the airports are concerned, the affected software suites are those from SITA.
Crap being crap, an Azure configuration change also caused a major Microsoft 365 outage, affecting mostly the US.
It’s worth mentioning that Microsoft Windows is the most vulnerable* OS ever, and it’s used too extensively on this planet populated by Homo retardus retardus.
If we hadn’t been using Windows on 90% of the systems used professionally, if the users weren’t so clueless and stupid, and if the corporations wouldn’t insist on installing such crappy security software, we wouldn’t have had such situations.
Finally, the centralization in the Cloud is the Achilles’ heel, but those CTOs are too stupid to understand that. In the last 40 years, we went from (1) a centralization around the mainframes, to which dumb terminals were connected, through (2) the golden age period of decentralization when everyone wanted to perform everything on their PC, to (3) the final and suicidal stage of a Cloud-based centralization and of Software as a Service (SaaS). And when everything has such SPOFs by design (because, hey, modern concepts and modern software architectures!), no contingency plan is possible.
How can they not realize that this is so close to the antiquated mainframe computing model, when those failing Windows machines were running in the almighty Cloud? Don’t run locally, on bare metal, because it can fail. But when the Cloud fails, it’s not one machine that fails, there are millions! Because, again, Virtual Machines and containers are the solution to everything. Microsoft:
We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and get stuck in a restarting state. We approximate impact started around 19:00 UTC on the 18th of July.
But back in the day, we weren’t so dependent on computers, which were used as tools, not as requirements. Nowadays, if I go to a supermarket and their IT infrastructure isn’t working, I cannot buy anything! How stupid is that? Or if a product’s EAN (UPC in the States) isn’t found “in the system,” they cannot sell it to me. Now, tell me again that life was worse in the 1960s and 1970s, without referring to the advances in medicine and emergency services.
This will be our death.
Amen.
_____
*As a side note, I have used Windows 7 Professional past its EOL for three (3) full years without any kind of security software, and I had absolutely zero issues, even when the ransomware was rife! I even mutilated Windows 7 by forcefully removing anything and everything related to Defender! So it didn’t scan anything, and it was faster. While WSH, WMI, and PowerShell are vectors for ransomware and other malware, I only disabled WSH for a while. I used this system as my daily driver, going to “dangerous” places and testing “cracked” software, and, notwithstanding all of this, nothing happened! That’s the difference between me and the average Windows user, who is a complete idiot and would get infected despite all the security software you’d shove down their throat. We shouldn’t let billions of morons use computers. Or, at least, not Windows.
This is exactly as I thought it would be! Here:
How could she?
It’s a worldwide issue:
Oh, my, the Mikko Hypponen!
This is because you, the utmost retards of planet Earth, have designed such dumb “security systems”! The approach to endpoint security was always wrong. Money for nothin’ and your chicks for free. Not so for “security.”
In fact, this is not just about security. This planet has invested so many trillions in IT systems that were meant to make everything run smoother than in the “good old days.” But we all know what happens when something, anything, doesn’t work as it should. Little strokes fell great oaks. Furthermore, this overly complex thicket of “ingenious software architectures” requires so many software developers that this planet simply doesn’t have them! Some CEOs decide to replace people with software, but there’s no one to write that software! As for cybersecurity, millions of additional cybersecurity workers would be needed, but they don’t exist. How could those hugely well-paid CxOs take such decisions when the necessary resources just don’t exist? Oh, that’s because they’re morons, they know nothing about IT, and they understand even less about the security challenges?
Oh, the Luddites!
It surely did!
I’m sure the Transportation Department is wrong, and courts will decide otherwise. This is not within the airlines’ control. I’m not sure that they could have chosen a different software.
I’m sorry for your loss, but most hospitals have an IT infrastructure that’s so vulnerable that even an 11-year-old kid could hack it.
What a bullshit!
Sheeple.
This guy is an ass, but he was right:
All in all, excuse my cynicism, but I’m happy that this happened (I mean, that this happened when I didn’t have to fly). It was high time for people to realize that those “IT experts,” “software architects,” and “security whatnot” aren’t helping our society. On the contrary, they will lead us towards total destruction.
Run, Forrest, run!
Now lots of people are asking why those systems didn’t use Deep Freeze, or even Unified Write Filter (UWF). While the question seems legitimate, I’m afraid that these particular solutions are not meant for such a situation. They’re meant to programmatically restore a machine to a previous state by reverting all changes on reboot, but they have to be disabled (“unfrozen”) to apply patches. And this is exactly when this happened. If it weren’t for a CloudStrike update, it could have been a Microsoft patch that could have killed the machines (into an infinite reboot loop). Normally, you do want to apply such updates and patches, and that’s exactly why you “unthaw” the system by disabling such technologies!
(Of course, there are solutions for that too, but I’m not very knowledgeable. Otherwise, speaking of freezing, I’m not sure that the software running in those VMs would be happy with a practically immutable system that only allows some atomic updates during reboots. If they do, then there are Linux solutions for that.)
I would rather ask why there was a need for antivirus-like security (AI-powered antimalware, I guess) for SaaS solutions running on virtual Windows Servers and Windows Clients. Normally, no external file ever enters such machines (except for system updates and patches, duh)! From where could malware come?
Take the case of the airports. SITA Baggage Management, SITA Passenger Processing, SITA Border Management, SITA Airport Management: data enters through scanning or keyboard, or through database connections. Nobody transfers files nowadays. If even the Windows clients were virtual machines, then, really, what’s the need for a “next-gen AV”?
And, of course, what’s the need for such complex, fragile, SPOF-prone Cloud architectures?
This is unbelievable! European Commission denies responsibility for massive Microsoft IT outage:
But there’s no CrowdStrike for Apple, nor for Linux and FreeBSD. And, mutatis mutandis, no need for such crap. Oh, and everyone has access to the source code of Linux and FreeBSD. But who’s installing such an absurd security solution?
Let’s correct myself, while also explaining what some journos couldn’t, because they’re retarded. From Why Apple doesn’t suffer outages like this:
There are several logical errors and non-sequiturs in the article.
1. Even if “everything is controlled within the four walls of Apple Park,” this cannot mean that Apple does the testing that the software developers didn’t. What is true is that they do check the updates of AV Endpoint Clients, provided that they go through Apple Store (I suppose they do). This is called notarization, and it’s an automated process where Apple scans the software for malicious content and checks for code-signing issues.
2. Either “CrowdStrike offers security on Macs,” or “Apple is less likely to work with third parties — such as CrowdStrike — which leaves it much less exposed on the enterprise.” They can’t both be true. If there are CrowdStrike solutions for macOS, then they exist, full stop, so “Apple doesn’t work with … CrowdStrike” can mean two things: (a) that such solutions cannot be installed on Macs because Apple did not approve them, or (b) that such solutions can be installed and updated without any involvement from Apple, which contradicts the conclusion that “this leaves it much less exposed on the enterprise.” Or maybe CrowdStrike offers only target home users, not Apple servers, which would be compatible with “this leaves it much less exposed on the enterprise.” But the article doesn’t say that.
3. Either way, because, as they said, “Apple and Windows have different operating systems,” any updates required by any security software would be highly different, both as binaries and in the embedded logic. So a borked update for Windows couldn’t have borked a similar update for Mac.
4. “Linux also has its own operating system and was not affected, Kurtz said in a statement on X.” You asshole, the fault is not in the OS itself, but in your stupid software! So what this moron should have said is one or both of the following:
– “Our updates for macOS and Linux, intended to provide the same functionality, did not include the defective code, because the CrowdStrike Falcon Sensor, as an endpoint agent, is completely different for each OS.”
– “We did not have a similar update for macOS and Linux, because what was pushed to Microsoft Windows systems was specific to the potential vulnerabilities of that OS.” (Several OSes, actually.)
I can only hope that there are few Linux servers (or VMs) running the CrowdStrike Falcon Sensor, although this is possible.
Dave Plummer, former software developer at Microsoft between 1993 and 2003, had some explanations on his YouTube channel. I didn’t have the patience to watch the two videos in full (why the fuck can’t people just write?), but I still grasped the main ideas.
● July 21, 2024: CrowdStrike IT Outage Explained by a Windows Developer
– So a CrowdStrike system file that was download contained only zeros. And the code didn’t protect against such a scenario.
– Why isn’t Windows more resilient, though? Because CrowdStrike’s driver was a boot-start driver that couldn’t be avoided.
● July 24, 2024: CrowdStrike Update: Latest News, Lessons Learned from a Retired Microsoft Engineer
– In Windows, CrowdStrike works at kernel level to get all the required info. User-mode access isn’t enough, so kernel-mode access is used.
– Note that in macOS, CrowdStrike doesn’t use kexts anymore, as it’s unsafe. Apple provides an API.
– Microsoft’s attempt to introduce similar APIs (WDAC, WDDG, WFP, and more) to prevent such issues was deemed anticompetitive by the EU, or at least this is the official narrative.
– From this perspective, Windows NT 3.1 was architecturally safer, as not even the video driver was running in kernel mode. Today’s gamers would cringe if this philosophy were still used. (Strangely, printer drivers originally run in kernel mode, and they were moved to user mode.)
– It’s frightening to learn that there are “tens of millions of machines serving mission-critical roles like the 911 service that do run kernel-mode code”!
– About the “but Apple is vetting everything, while Microsoft doesn’t” mantra: “Microsoft fully tested and vetted and approved and signed the CrowdStrike driver in the WHQL Lab; and the driver didn’t change, just the channel update file did. … the channel 291 update file was made entirely of zeros.” The driver, which was poorly written (how could Microsoft have known that?) choked and died and BSODed! The driver was fully trusted and signed. But it crashed.
Now, to add my bits. To simplify, imagine something like Kaspersky Total Security. It might or might not use APIs such as WDAC (Windows Defender Application Control) and WDDG (Windows Defender Device Guard), but it does use WFP (Windows Filtering Platform), and it also uses some kernel-level components to enhance security. Now suppose it gets a borked update file, be it with signatures or with rules. And suppose it’s so poorly written that it crashes in one of its kernel-level components when a bad update file is received. Well, this happened to CrowdStrike’s Falcon Sensor.
On May 9, 2019, a military Airbus A400M Atlas crashed during a test flight in Spain because a software update inadvertently reset the engine control parameters. A configuration file was invalid or full of zeroes, so the system’s software decided to use the default one, which apparently is as good as death.
This is what bad software architectures and poorly written software can do to us.
Dave Plummer’s explanations are discussed on The Reg in the comments for “EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft”.
But more interesting is this little idea:
But do other OSes have such a thing? Not even
systemd
, with its Automatic Boot Assessment, doesn’t do this. It’s not per module. So really, nobody seems to be doing that! How cute. We have gazillions of Software Architects, and not a single smart one. (Except for Tom Chiverton, the one with the aforementioned idea.)One more anarchist position about another false issue, PKfail: Secure Boot rendered useless, over 200 PC models from different makers are affected.
Who the fuck NEEDS Secure Boot? Who would care that much about any of the 1 billion personal computers so that to break into your house and install a modified OS full of rootkits in order to spy on you? Why does everyone believe themselves to be James Bond? Before Secure Boot was invented, nobody cared about “vulnerabilities” that required PHYSICAL ACCESS. Note that disk encryption didn’t exist before Win2K either. Yes, NT4 lacked disk encryption too, and the world didn’t collapse.
Obviously, many industries and government regulations require secure boot mechanisms as part of their cybersecurity standards. This is how you camouflage idiocy so it doesn’t look like we live in Idiocracy. But we do.
Come get my laptops and my mini-PC. They have the Secure Boot feature disabled, and no disk encryption. No antivirus either! You’ll find the secrets of the Universe in them.