Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

CrowdStrike Highlights the Dangers of 'Security' Software
Lifewire ^ | 22 Jul 24 | Charlie Sorre

Posted on 07/22/2024 10:05:19 AM PDT by Alas Babylon!

It can cause more harm than good!

Key Features

·CrowdStrike shows the havoc that can be wreaked by supposed security software.
·Most people don't need third-party antivirus software.
·Most modern-day threats are aimed at exploiting humans, not computers.

(Excerpt) Read more at msn.com ...


TOPICS: Business/Economy; News/Current Events
KEYWORDS: clonedwebsites; crowdstrike; cybersecurity; falconsensor; hackers; ignorantauthor; links; scammers; windows
"We have moved beyond the days when computer viruses merely corrupted files. Now, we face sophisticated threats that combine social engineering with malicious software, aiming to do far more than just damage your computer." Phishing attacks and other kinds of social engineering try to trick us into giving away secrets by clicking on links to cloned websites, for example.
1 posted on 07/22/2024 10:05:19 AM PDT by Alas Babylon!
[ Post Reply | Private Reply | View Replies]

To: Alas Babylon!

2 posted on 07/22/2024 10:19:36 AM PDT by BBQToadRibs2
[ Post Reply | Private Reply | To 1 | View Replies]

To: Alas Babylon!
CrowdStrike Highlights the Dangers of 'Security' 'not testing' Software
3 posted on 07/22/2024 10:22:00 AM PDT by CodeJockey (I'd like to change the world, but they won't give me the source code.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Alas Babylon!

4 posted on 07/22/2024 10:26:29 AM PDT by ShadowAce (Linux - The Ultimate Windows Service Pack )
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
I use an OLD Linux, just to be doubly safe!
5 posted on 07/22/2024 10:43:16 AM PDT by Empire_of_Liberty ( )
[ Post Reply | Private Reply | To 4 | View Replies]

To: Alas Babylon!

The Crowdstrike crash revealed a fundamental flaw in how security suite software is packaged with Microsoft. Because it operates at the device level in the kernel (Ring 0), it has to be packaged as a signed device driver that goes through Microsoft’s rigorous testing protocols. But because it also has to respond immediately to Zero day vulnerabilities, it can’t wait for a new signed driver to be approved.

This is why they use DEF files to patch the driver code. The signed driver code reads the DEF file to get updated p-code that must run in the kernel memory. The latest DEF file release contained bad code that caused a NULL exception in the kernel memory, resulting in a BSD.

Crowstrike’s regression testing should have caught this, and they have a lot to answer for.


6 posted on 07/22/2024 10:51:14 AM PDT by Dave Wright
[ Post Reply | Private Reply | To 1 | View Replies]

To: Alas Babylon!

This article’s argument is like saying seat belts can be removed from cars because hardly any accident victims are ejected from their vehicles these days.

The only reason threats have shifted to social engineering is because the tech has been pretty well locked down by these and other security tools that update almost constantly.


7 posted on 07/22/2024 11:10:23 AM PDT by ConservativeWarrior (Fall down seven times, stand up eight. - Japanese proverb)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ConservativeWarrior

That really is and should remain the province of the operating system.

Allowing 3rd party software direct access to the kernel is asking for trouble.


8 posted on 07/22/2024 11:19:28 AM PDT by Alas Babylon! (Repeal the Patriot Act; Abolish the DHS; reform FBI top to bottom!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Alas Babylon!

You want to trust MSFT with all your system security?


9 posted on 07/22/2024 11:37:17 AM PDT by ConservativeWarrior (Fall down seven times, stand up eight. - Japanese proverb)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Dave Wright

One of my friends at Microsoft said he had nightmares about someone on the windows update team doing something much worse than this.

I worry about it too.


10 posted on 07/22/2024 12:38:01 PM PDT by algore
[ Post Reply | Private Reply | To 6 | View Replies]

To: CodeJockey

+1


11 posted on 07/22/2024 1:14:53 PM PDT by sauropod ("This is a time when people reveal themselves for who they are." James O'Keefe Ne supra crepidam)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Alas Babylon!; All

“Allowing 3rd party software direct access to the kernel is asking for trouble.”

FWIW...When I was at Intel, no vendor... NOBODY was allowed to automatically update software. Or any equipment firmware.

They built an isolated testing environment and manually loaded ALL, ALL updates there to test. After rigorous testing, Intel would push the software themselves.

Yes, they were a little behind the curve on “zero day” exploits, but had security systems and protocols that minimized any damage.

And they NEVER had enterprise-wide outages. Never.

It’s what all responsible companies do.

All those IT Directors and Security Directors who are complaining about the bad Crowdstrike update should be fired.


12 posted on 07/22/2024 1:43:44 PM PDT by Mariner (War Criminal #18)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ConservativeWarrior

Yes. I used to work for them. The problem has always been the user base. And that’s been true since the first microcomputers came out. If it’s too hard, people don’t want it. I used UNIX long before Linus Torvalds made his distribution—and met him, too.

Having said that, I was an MCT for 20 years teaching IT admin and SQL server admin. I did a ton of contract work for MS writing courseware (MOC). Security always came down to the basics. As long as they were followed, you had a pretty good chance.

You could teach it to them 1,000 times, but it was always that one shortcut, that one time they forget the backups, etc. Murphy’s law.

Incidentally, I would never recommend Crowdstrike. They’re accessories to Seth Rich murder. I will always believe that.


13 posted on 07/22/2024 1:57:50 PM PDT by Alas Babylon! (Repeal the Patriot Act; Abolish the DHS; reform FBI top to bottom!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Alas Babylon!
I was down all day long on my work laptop because of this. Because the idiots I work for not only insist on a complete monoculture in their supported laptops, AND,/b. because they so severely lock down access to these systems, I couldn't do anything about the BSOD, even though I KNEW what the fix was, and I'm a professional nerd that is absolutely taking care of the laptop itself.

So, I effectively had the day off to read about the crapstorm on the internet. Their loss. They pay me for my time regardless.

14 posted on 07/22/2024 2:09:56 PM PDT by zeugma (Stop deluding yourself that America is still a free country.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CodeJockey

Except it is CrowdStrike. So there is at least a non-zero chance it was a more intentional dry run of some sort than they claim.


15 posted on 07/22/2024 2:12:28 PM PDT by 9YearLurker
[ Post Reply | Private Reply | To 3 | View Replies]

To: ConservativeWarrior

No, it’s saying you don’t need wear a helmet in your car because it already has seatbelts and airbags.

The 3rd party virus scan thing was always of limited value. Half the software packages suck (McAffee, Norton, I’m looking at you). They slow your computer down a ton. And now Windows comes with actually pretty good virus scanning all on its own. So having a second system on there really does nothing except slow you down, and make you vulnerable to bad updates.


16 posted on 07/22/2024 2:17:44 PM PDT by discostu (like a dog being shown a card trick)
[ Post Reply | Private Reply | To 7 | View Replies]

To: ConservativeWarrior

I agree with this response. I am in the business and the article is dead wrong. A more appropriate statement is that a software monoculture is a dangerous model and companies that don’t practice thorough testing before deployment are dangerous.


17 posted on 07/22/2024 4:08:51 PM PDT by fremont_steve
[ Post Reply | Private Reply | To 7 | View Replies]

To: Mariner

I saw a youtube video where a guy who had worked at Microsoft said that the EU forced microsoft to allow access to the system32 folder.

Microsoft points finger at the EU for not being able to lock down Windows
https://www.neowin.net/news/microsoft-points-finger-at-the-eu-for-not-being-able-to-lock-down-windows/

The document states that Microsoft is obligated to make available its APIs in its Windows Client and Server operating systems that are used by its security products to third-party security software makers.


18 posted on 07/22/2024 7:03:56 PM PDT by minnesota_bound (Need more money to buy everything now)
[ Post Reply | Private Reply | To 12 | View Replies]

To: fremont_steve

“A more appropriate statement is that a software monoculture is a dangerous model and companies that don’t practice thorough testing before deployment are dangerous.”


Agreed. FWIW, we ran CS through our 3rd party risk program prior to signing. We reviewed their SOC 2 Type II, which was exception free, and audited controls around SDLC.

Speaking with our rep, they are making improvements to their SDLC in light of this event, specifically processes around regression testing.


19 posted on 07/23/2024 7:15:44 AM PDT by ConservativeWarrior (Fall down seven times, stand up eight. - Japanese proverb)
[ Post Reply | Private Reply | To 17 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson