The bigger question how such thing was deployed on such a large scale automatically. Security updates Ok, but automatically everywhere at every possible point? This is poor risk management,
Large mono-system install, that requires OS-kernel-level (pre/mid filesystem loading) hooks is the problem. On linux, Crowdstrike moved to eBPF (if the filter fails, it doesn't kill the system, to reduce damage), but any mono-OS system/service that had (or required) this level of integration, with such a small test/validation window, could do this much damage. Related: Because anti-virus on windows got so bad, and caused so many instability issues (including boot fails), eventually MS started putting it into the OS. MS is having to do the same with the other parts of EDR now, because that's easier than fixing the reasons why AV (and EDR in general) is so needed on their platforms.
I am not entirely sure but I feel like eBPF would not be an equivalent system. The Crowdstrike Falcon sounds more like SELinux level of kernel component. Because servers serve things to the rest of the network, the priorities and risks concerning them are pretty different. If a company was 100% on Linux workstations I don’t think reducing damage would be the desired outcome if the EPP somehow failed. The host should be considered untrusted. In many environments the desired behaviour would be pretty radical: the host should prevent the employee from entering credentials in the first place, let alone unencrypt user data. The host should have very limited access to the network or out of it, if any at all. The point of end-point protection when it comes to workstations is to authenticate and verify the host-system, during every moment the host is part of the network. These are much more loosely monitored assets than servers, and much, much more exposed to attack vectors. Maybe Linux could provide more nuanced handling of such failures to authenticate a user, but we would still be talking about some recovery target before ever reaching the greeter. For the intented, legitimate user of said workstation the system is simply bricked.
Yes one hundo percent this could have happened. Kernel Panics are thing in Linux/unix and it happens more than you would think. That’s why there’s a big push towards flatpak and snap, to minimize kernel access
What do you mean would "it" happen. I am on Linux since 1996 and I did not even notice that something is supposedly wrong until I read about it. Don't use cloud services. Pay cash. Reject subscription based payments and all cloud hosted apps.
Pay cash... when the country reduces printing cash, what are you going to do about it? Print your own? With the devaluation of currencies making coins is more expensive than is their actual value. That to just make them. Manipulating with them, transport, storage, all comes at an additional cost.
@@hagenzwosta you are guessing wrong. Why USA? Other countries are not looking how to reduce cost of running public affairs? Or who do you think prints money? Elf on the shelf? 😂
This is the crazy thing that ever happened what next the Screens in new york city will go out like what happened at the international airports and other place
