Why Microsoft Is To Blame For The Crowdstrike Outage (Not The EU)

Crowdstrike is to blame for not being able to stage their updates. If we let an OS start without a critical component like an EDR, I think we should not operate on such machines

“Uniquely qualified”

*locks in and watches the vid intently*

kills

I did not understand a single thing but I feel sufficiently educated now to comment on Reddit like an expert on this topic.

Yutappy

"Fixing blue screens with more blue screens"

ammarash

Great insight. Why do you think Crowdstrike seems to have had no validation, at all, on their channel file updates? Gross negligence?

Trevellian

Very good, I really like Dave's channel, I think it would be great to have you two talking about the subject.

guilherme

If you WERE an EX-malware developer, then you ARE a malware developer NOW! Great vid, thanks Marcus xx

marcot

Please bring back the MalwareTech podcast 😞

stuartmcintosh

Excellent video. Your expertise and presenting skills really show

KeijonAutoVuokra

Wow, this is so interesting. I would love to see more content about such low-level techniques as described here.

asdfasrfsradfsdafwefdsfsdc

Thank you for the insights! 👍 (Navigated here thanks to Steve Gibson and Security Now!)

demeaningplebny

can you give your thoughts on Apple's changes to the filesystem and generally how they're moving everything that's kernel related from any access points from userland?

DbaybledD

That was really interesting and accessible - thanks :)

mr.mistoffelees

Personally I think the solution lies in kernal processes, different from user processes. A user (and thus any user app) can kill any user mode process (even if they have to enter a password for root access) but they'd have to drop down to kernel level permissions to kill a kernel process. Anything that involves directly talking to hardware would be put in the kernel itself but for anything else it would involve pipes between kernel processes. The kernel can maintain the security of kernel processes and kernel processes can maintain the security of user processes. This new type of process would require the creation of a new user with greater permission than root which would resolve the problem of security being compromised due to users using admin accounts for their main account. It also means greater kernel stability because most of the kernel would be in kernel processes, with security & hardware code being the only exceptions. Could create something like klibc to share among the kernel processes too.

zxuiji

Really good high level overview of user permissions in windows thanks

john

Fuzz your interpreters people. Write them in memory safe languages only.

LA-MJ

Hyped to hear u speak about it and even more hyped that you are not afraid of going against dave garage his claim

naesone

All due respect. But a bad business decision by microsoft did not deploy faulty code without staging around the globe.

Crowdstrike neglected any - and i mean any, even the most basic, care in deploying, creating and testing that update. And they alsow managed to kill debian linux earlyer this year...so one could make a case for them beeing incompetent. And rightfully so.

If a product is bad on microsoft windows because microsoft does not allow you to access the kernel in a smart way, sue them (class action), or limit its functionality.

But they decided to backdoor their stupid written and lazy ass tested software, intentionally circumventing WHQL.
Which js far bejind neglectance....thats intend.

I would not be surprised if they get sued to oblivion over at least one of those points.

justacomment

What's are some examples of a good windows ecurity product that does not require kernel access at all?

Corteum

@15:20 are you talking about "Daves Garage" ?

christopherstaples