It is written as driver and MSFT singed the driver to say it is safe. CrowdStrike found a loophole in this process which allowed them to download and execute new code without actually changing the driver which requires certification and signing from MSFT. So, in a way it is also MSFT problem to fix the loopholes.
OS was actually doing its job by not allowing unauthorized memory access. People like to lash out at Microsoft for no solid reason. There have been outage due to linux third party apps, security vulnerabilities too and no one said shit about linux.
Both parties are at fault: CS for releasing buggy update and MS for not having reset function to stop the kernel error loop when detecting buggy software.
If you dig into the internals of how OS actually works, you'll understand that MS can't do anything about it. The Kernel level memory access happens during (or maybe immediately after) the boot logic itself. So it's like Windows isn't even aware something is wrong until it tries to finish the boot up and the cycle continues. Preventing invalid memory access is exactly what the OS should do. It's entirely Crowdstrike's fault here.
@@HT79 and that precisely how it caused problems at this large scale. Saying that it works as intended does not make it right. Microsoft should know better than allow this to happen in the first place, or it will happen again in the future, not necessarily by CS only. Shutting down memory access because of faulty update is a recipe to disaster, as proven by recent events wiping billions of dollars of business world wide and causing unnecessary havocs in many important infrastructure and government agencies around the world.
@@HT79 Microsoft has a bad design in their Windows OS when it allows a program to write to a protected memory in the OS with no fail safe in place. Why it doesn’t affect Macs? CrowdStrike does not have kernel level permissions on new Macs, because Apple has been pushing people to move away from kernel extensions, so CrowdStrike runs as a system extension instead which is run outside of kernel. The system files on Mac are mounted as read-only in a separate partition and you need to manually turn SIP off and reboot in order to be able to even write/modify them. Good API designs encourages your developers to adopt more secure practices. CrowdStrike isn't intentionally malicious here, but lax security design in Windows stemming from good old Win32 days allowed such failure to happen.
We used to do something like WHQL for verifying third party drivers against Windows when working for MS. WHQL is a system that sets forth a certain set of rules for a third party software to adhere to for it to be able to deemed as "Windows Ready". Assuming that something like that existed for H/W, MS would have had something like that for S/W as well. So, I think both parties are to blame here.
Microsoft did wrote a code to check & prevent 3rd party patching its kernel but some security softwares liek McAfee & Symantec went to EU regulator to complain this will make the antivirus software unfair to compete. So Microsoft need to give in.
One of the main roles of operating systems is to monitor violations by third party software - The Windows OS detected the violation repeatedly on each reboot as far as I understand, and indeed blocked a violation that it detected, however did not kill the violating component on repeated reboots. So you could argue that the OS was vulnerable to this and could "in principle" have notified the user: Here is a violating kernel component that windows needs to block, do you agree to proceed with boot - if I understand correctly, or at least block on successive reboot.
@@vister6757yes this is why Linux and macOS ran into these issues as well, right? There are so many differences between the OS’s, to say they’re all built the same convinces me you don’t know anything about OS’s. This specific issue could’ve been mitigated by a properly implemented permissions system
@@ankurpariharI’m not saying macOS doesn’t have flaws, but this specific flaw is an known issue with their implementation that they just won’t solve because the way they’ve designed the OS is garbage
Why an app that’s allowed to run on kernel mode been updated without proper Quality check by Microsoft. They’re right to blame Microsoft for it as they gave the WHQL license to them and didn’t brother moderating the releases that potentially causes millions of their pcs go out of service
A billion dollar company like CrowdStrike Can't make slip ups like this. It it was a mistake, then why did the CEO Sell a lot of his own stock a week before The crash?
This is missing the regression testing at kernel level. This is a gapping mistake by CrowdStrike but is also a major mistake by Microsoft to let the update release without testing for an update at Kernel level
Crowdstrike did a mistake, but I have following questions to microsoft: 1. why cant your OS stop/control the third party software which is crashing ? 2. If it is critical software which runs on kernel level, why are you allowing the updates just like that ? Dont you have any ctrl over releases?
1. They are providing support to third parties but why would their OS stop/control a third party software that an administrator rolled out? 2. Microsoft OS cannot stop another company from rolling out a faulty update. They can only prevent their own faulty updates and correct their own issues. It is up to each company to test their own updates. CrowdStrike messed up. Your questions should be to CrowdStrike, not the OS. 1. Why did they roll out a faulty update without testing it in a Microsoft environment first? 2. Why is Crowdstrike not more careful when their software is on a Kernel level and could cause a global outage?
In general you may prefer your OS to not boot at all rather than boot without certain critical features. As a similar example, imagine you had a web app and it would start even if the authorization middleware failed to load. Would you rather have your app unavailable or have it run but allow unauthorized users do whatever they want?
@@kiernon my point is, your OS should have some sort of control on the third party apps. Even if it is running on low level. Most of the time, these apps running on top of/on parallel to OS platform not the other way around. I think windows should have some closed environment and it should not let itself crash. As an end user/customer i see like this: crowd strike is an antivirus software, its job is to detect the malwares or virus. Even iif it is failed to do its job, it is ok but why the hell it impacts my OS ? Running the OS is much critical than running this third party software
@@Sheik694 The OS has to be able to interact with the programs and vice versa. When downloading these third party apps there is usually a prompt, "Do you want to allow this app to make changes to your device?" Perhaps one day there will be a built in AI that automatically either fixes the logical error or at least disables the cause but until then, at least a lot of CIS workers have job security.
Don’t you think the OS should have handled this better instead of crashing due to a code issue in the third-party application? If the OS is susceptible to such an error like this, it might be even more vulnerable to attacks.
@@tedchirvasiu After a new release If I get a general type of exception like NullReference, ArgumentError, etc exception in the newly installed module I roll back to the previous checkpoint (the checkpoint the installer makes automatically at each update) of my system.
My two cents. Both are equally responsible for this outage. CS for not testing the patch before deployment and MS for not allowing the user to login to their system. Imo MS should allow login so that someone can push any new patch to fix it.
MS not allowing login to system? What? The CrowdStrike driver loads as a boot-start driver, which means that it needs to be loaded as soon as the OS loads. (It makes sense for an anti-virus software to load like this.) Now if that driver is faulty, what is MS supposed to do? MS is allowing you to recover the PC by booting to Safe Mode, BTW, where you can delete the offending driver file. Credits: m.th-cam.com/video/pCxvyIx922A/w-d-xo.html
The problem is you are trusting your device to someone and not reading the T&C of Falcon/Crowdstrike. And installing it and giving full permission to CrowdStrike
CrowdStrike is 100% to blame for the outage. In what way did Microsoft not let users log in? If you are referring to the BSOD, that was caused by CrowdStrike.
Crowdstrike is just another layer of defense to watch the Kernel of Windows. Most cyber security software and engineers are not going to be able to monitor Kernel level and having a specialized software would help. Crowdstrike problems is they did not test it and windows problem is that they don't have a fail-safe solution to revert the kernel mess.
Definitely this is not a Microsoft issue ❤❤❤❤❤❤❤ people will judge at the end but by that time things will change because of kernel issues ❤❤❤❤❤❤😂 😂😂😂😂 god or aliens will find the reasons to go deep users level 😂😂😂😂😂 Dts Reddy ❤❤❤
Yes microsoft is to blame, for placing third party drivers, Microsoft should keep some test tools in place before it can be really placed in kernel, Microsoft pre check tools failed to detect any issues with the driver in development phase, so Microsoft is also responsible for this
The only thing Microsoft could have done better was to ensure backwards compatibility did not extend to viruses. Back in the DOS (and Win 3.1) days viruses were a problem. The code base was much smaller and the attack vectors could be fully understood. Then came Dave Cutler who worked on VAX VMS to design Windwos NT. I seem to have noticed very little (if any) viruses problems with VMS. What Microsoft should have done was not poke holes in the security of NT before it was released which then required a whole industry of anti-vurus software. Microsoft's offering is Defender. As it has direct kernel access it would be anti competitive to not allow other antivirus software the same access But the question still remains: why does Windwos need antivirus (particularly when VMS didn't)?
Also windows kernel had to ...wait a second it's not 3rd party software that shuts down system it's windows kernel decides to shut down because a software wanted to read data from a place it should not ... And it was possible for wi dows os to block it and continue .. it's about windows default settings if kernel logic...
If crowd strike not handled nulll check correctly why does windows show BSOD… it’s a mistake of OS where they should take care of when to show and not show….
We are holding Microsoft accountable for not handling the crash properly. In your analogy, it's like a car without airbags, leading to the driver's fatality, thereby making the manufacturer responsible
@@YT-yt-yt-3 it would be a closer comparison if the person took out the airbags themselves and then crashed. They shouldn't have removed the air bags that the manufacturer installed. The manufacturer is not at fault.
Lol, if Microsoft thinks that they don't have to learn from this then you are agreeing that this thing can happen again. My take here is that both systems are at problem here. Its a design failure that allows a critical dependency running in kernel mode bringing entire system down for millions of people.
Could anyone explain how microsoft and crwodstrike are related . Is it the Windows users that manually installs this spyware or it comes pre-installed with Windows default OS ??
Yes. Users install crowdstrike to monitor many metrics like performance, security threats at network level as well. Generally IT admins at your company do it.
@@SudharshaunMugundan thanks for your answer , it’s clear . Now I see the point from Arpit that it’s the individual / companies liable who’s installing such softwares . But still have some curious qns on the kernel level programming itself : 1) if some program is trying to access invalid memory location , why crash the whole OS ? 2) If I understood well windows has kernel level APIs which kernel level software ( like falcon from crowdsource ) can access . Why give such clients direct access to these apis ? Like why not have a wrapper around kernel apis which is built by Microsoft and then let 3rd parties interact with those . At least it’ll not crash the whole os .
@@abhishekkoranga13781) because it is not a user level program, it's a system driver and a null dereference at that level can cause further damage/inconsistency. to prevent it, the OS crashes. 2) wrappers slow stuff down (I guess).
@@abhishekkoranga1378 First of all, regarding the point about liability, companies pay millions of dollars to Crowdstrike, so it's entirely Crowdstrike's responsibility to ensure that they're delivering a proper product. Regarding the first question, my guess is that Crowdstrike tried to access an arbitrary memory pointer, which from the OS perspective is either an erroneous behaviour or an attempted cyber attack. Hence to safeguard itself, it tries to reboot. But since the access is at kernel level, the issue occurs during the booting logic itself and hence we get a bootloop. Now coming to the part about kernel access, OS has this concept called Memory Isolation. In simple words, one software can't usually see any OS level changes being done by other software. But for anti-malware tools to function, they need to observe all the different interactions being done by other software. Hence they require elevated permissions and direct kernel access to ensure nothing fishy is going on.
If crowdstrike released an update, who was the person who installed the update? Are you saying that all the operation engineers across the world installed the released update at the same point of time? I would blame the person responsible for installing the update without first testing it on a test environment machine first.
It is an auto update. Generally there would not read much into it and install. These applications use a clever strategy to give as minimal as info as possible for updates before the update happens. So if the update is flagged as a security update you wouldn't think twice before clicking the update.
@@SudharshaunMugundan Thats a bad practice hiding in plain sight. If we application developers go through dev, sit, perf, uat, stage environments to put a new feature into production. The people working at kernel level, which is much more important than the application level dont atleast run it on a test environment before deploying to production? However big/critical an update be, i still feel it has to be atleast tested once before deploying it. This is a good learning curve.
This is totally windows fault. What are you talking about? Its like telling a customer that it is a employee's or a contractor's fault, not the company's.
No sir, I would actually blame both of them, in fact more to microsoft because they need to understand that their software are used by millions and millions of people, a third party app may go down, you should have a better system in place that avoids BSOD
Somebody forgot a try catch 😂. Who all were fired
In cpp programming it is standard practice to always check a pointer before trying to dereference it
Try catch does not work in kernel mode.
It is written as driver and MSFT singed the driver to say it is safe. CrowdStrike found a loophole in this process which allowed them to download and execute new code without actually changing the driver which requires certification and signing from MSFT. So, in a way it is also MSFT problem to fix the loopholes.
Very best assessment thus far. This is just stupid people taking things for granted.
We don’t need a clever, jargon answer. The ONLY question is “what is the QA ticket number?” They didn’t test it.
OS was actually doing its job by not allowing unauthorized memory access.
People like to lash out at Microsoft for no solid reason. There have been outage due to linux third party apps, security vulnerabilities too and no one said shit about linux.
This kinda shows the impact of microsoft as well.
Both parties are at fault: CS for releasing buggy update and MS for not having reset function to stop the kernel error loop when detecting buggy software.
If you dig into the internals of how OS actually works, you'll understand that MS can't do anything about it. The Kernel level memory access happens during (or maybe immediately after) the boot logic itself. So it's like Windows isn't even aware something is wrong until it tries to finish the boot up and the cycle continues. Preventing invalid memory access is exactly what the OS should do. It's entirely Crowdstrike's fault here.
@@HT79 and that precisely how it caused problems at this large scale. Saying that it works as intended does not make it right. Microsoft should know better than allow this to happen in the first place, or it will happen again in the future, not necessarily by CS only. Shutting down memory access because of faulty update is a recipe to disaster, as proven by recent events wiping billions of dollars of business world wide and causing unnecessary havocs in many important infrastructure and government agencies around the world.
@@HT79 Microsoft has a bad design in their Windows OS when it allows a program to write to a protected memory in the OS with no fail safe in place. Why it doesn’t affect Macs?
CrowdStrike does not have kernel level permissions on new Macs, because Apple has been pushing people to move away from kernel extensions, so CrowdStrike runs as a system extension instead which is run outside of kernel.
The system files on Mac are mounted as read-only in a separate partition and you need to manually turn SIP off and reboot in order to be able to even write/modify them.
Good API designs encourages your developers to adopt more secure practices. CrowdStrike isn't intentionally malicious here, but lax security design in Windows stemming from good old Win32 days allowed such failure to happen.
We used to do something like WHQL for verifying third party drivers against Windows when working for MS. WHQL is a system that sets forth a certain set of rules for a third party software to adhere to for it to be able to deemed as "Windows Ready". Assuming that something like that existed for H/W, MS would have had something like that for S/W as well. So, I think both parties are to blame here.
Microsoft did wrote a code to check & prevent 3rd party patching its kernel but some security softwares liek McAfee & Symantec went to EU regulator to complain this will make the antivirus software unfair to compete. So Microsoft need to give in.
It was not "patching Windows kernel", it was patching Croudstrike driver
But why does Windwos need a kernel anti-virus in the first place?
One of the main roles of operating systems is to monitor violations by third party software - The Windows OS detected the violation repeatedly on each reboot as far as I understand, and indeed blocked a violation that it detected, however did not kill the violating component on repeated reboots. So you could argue that the OS was vulnerable to this and could "in principle" have notified the user: Here is a violating kernel component that windows needs to block, do you agree to proceed with boot - if I understand correctly, or at least block on successive reboot.
It could not because the driver by crowdstrike was marked as a boot start driver. Refer to Daves Garage's video for details.
Booting alone won't help unless some of the updates from crowdstrike were removed.
Exactly. This makes me think about the difference reality vs news. I knew the domain here. I may not otherwise.
Windows 365 was down entirely. That's why these news articles went crazy.
Windows 365 is basically a Monthly subscription pc in azure for employees.
I think it would be a good idea to wait for Crowdstrike postmortem without concluding anything based on the rumours.
Exactly, people want to be expert in every other field
The reason to blame Microsoft is they’ve built their OS in a way that this would even be necessary
Lol 😂
Ask the same to Apple when you run into Kernel panic using MacOS
No. All OS built it the same wya
@@vister6757yes this is why Linux and macOS ran into these issues as well, right?
There are so many differences between the OS’s, to say they’re all built the same convinces me you don’t know anything about OS’s. This specific issue could’ve been mitigated by a properly implemented permissions system
@@ankurpariharI’m not saying macOS doesn’t have flaws, but this specific flaw is an known issue with their implementation that they just won’t solve because the way they’ve designed the OS is garbage
According to your analogy if we are the user in second case. Then microsoft is the user in first case.
Why an app that’s allowed to run on kernel mode been updated without proper Quality check by Microsoft. They’re right to blame Microsoft for it as they gave the WHQL license to them and didn’t brother moderating the releases that potentially causes millions of their pcs go out of service
A billion dollar company like CrowdStrike
Can't make slip ups like this.
It it was a mistake, then why did the CEO
Sell a lot of his own stock a week before
The crash?
Microsoft need to test before releasing to users!😢
This is missing the regression testing at kernel level. This is a gapping mistake by CrowdStrike but is also a major mistake by Microsoft to let the update release without testing for an update at Kernel level
Crowdstrike did a mistake, but I have following questions to microsoft:
1. why cant your OS stop/control the third party software which is crashing ?
2. If it is critical software which runs on kernel level, why are you allowing the updates just like that ? Dont you have any ctrl over releases?
1. They are providing support to third parties but why would their OS stop/control a third party software that an administrator rolled out?
2. Microsoft OS cannot stop another company from rolling out a faulty update. They can only prevent their own faulty updates and correct their own issues. It is up to each company to test their own updates.
CrowdStrike messed up. Your questions should be to CrowdStrike, not the OS.
1. Why did they roll out a faulty update without testing it in a Microsoft environment first?
2. Why is Crowdstrike not more careful when their software is on a Kernel level and could cause a global outage?
In general you may prefer your OS to not boot at all rather than boot without certain critical features.
As a similar example, imagine you had a web app and it would start even if the authorization middleware failed to load. Would you rather have your app unavailable or have it run but allow unauthorized users do whatever they want?
@@kiernon my point is, your OS should have some sort of control on the third party apps. Even if it is running on low level.
Most of the time, these apps running on top of/on parallel to OS platform not the other way around.
I think windows should have some closed environment and it should not let itself crash.
As an end user/customer i see like this: crowd strike is an antivirus software, its job is to detect the malwares or virus. Even iif it is failed to do its job, it is ok but why the hell it impacts my OS ?
Running the OS is much critical than running this third party software
@@Sheik694 The OS has to be able to interact with the programs and vice versa. When downloading these third party apps there is usually a prompt, "Do you want to allow this app to make changes to your device?"
Perhaps one day there will be a built in AI that automatically either fixes the logical error or at least disables the cause but until then, at least a lot of CIS workers have job security.
Don’t you think the OS should have handled this better instead of crashing due to a code issue in the third-party application? If the OS is susceptible to such an error like this, it might be even more vulnerable to attacks.
How would it handle it better?
@@tedchirvasiu After a new release If I get a general type of exception like NullReference, ArgumentError, etc exception in the newly installed module I roll back to the previous checkpoint (the checkpoint the installer makes automatically at each update) of my system.
not a missing null check
Could you please share the source of the NULL pointer exception thing ?
Its on several other videos. Its a .sys file that was filled with zero's wich triggered a null pointer error when trying to execute it
Its not null check, already debunked by experts
@@marvelindian1200 yes it's not, CS has a tech blog post around same.
@@sebagomez4647 even it's not filled with zeros. CS on their blogpost mentioned the same.
Because Microsoft allows to access third party vendor on his kernel
Like children do badmashi and parents are obviously scolded
My two cents. Both are equally responsible for this outage. CS for not testing the patch before deployment and MS for not allowing the user to login to their system. Imo MS should allow login so that someone can push any new patch to fix it.
MS not allowing login to system? What? The CrowdStrike driver loads as a boot-start driver, which means that it needs to be loaded as soon as the OS loads. (It makes sense for an anti-virus software to load like this.) Now if that driver is faulty, what is MS supposed to do? MS is allowing you to recover the PC by booting to Safe Mode, BTW, where you can delete the offending driver file.
Credits: m.th-cam.com/video/pCxvyIx922A/w-d-xo.html
@gamrdude if the ms did as u said then wouldn't some hackers can also use it to get into a PC?
The problem is you are trusting your device to someone and not reading the T&C of Falcon/Crowdstrike. And installing it and giving full permission to CrowdStrike
@gamrdude It wrong to blame Microsoft, its like if you buy a car and lend other to drive and if it meets with an accident blame the car manufacturer
CrowdStrike is 100% to blame for the outage. In what way did Microsoft not let users log in? If you are referring to the BSOD, that was caused by CrowdStrike.
strange things happening in other part of world
I blame the EU
Why dies Windwos need simething like Crowdstrike in the Kernel in thr first place?
Crowdstrike is just another layer of defense to watch the Kernel of Windows. Most cyber security software and engineers are not going to be able to monitor Kernel level and having a specialized software would help. Crowdstrike problems is they did not test it and windows problem is that they don't have a fail-safe solution to revert the kernel mess.
We have to stop talking in DEV terminology on this. It’s a problem of logistics and botched process.
Definitely this is not a Microsoft issue ❤❤❤❤❤❤❤ people will judge at the end but by that time things will change because of kernel issues ❤❤❤❤❤❤😂 😂😂😂😂 god or aliens will find the reasons to go deep users level 😂😂😂😂😂 Dts Reddy ❤❤❤
one blud on twitter blamed this on diversity hiring. 😂🤣
Yes microsoft is to blame, for placing third party drivers, Microsoft should keep some test tools in place before it can be really placed in kernel, Microsoft pre check tools failed to detect any issues with the driver in development phase, so Microsoft is also responsible for this
Definitely - they signed the code as OK without checking if a config file (for the driver) error could BSOD the system.
I guess only thing Microsoft could have done better is to have better/some integration tests
The only thing Microsoft could have done better was to ensure backwards compatibility did not extend to viruses.
Back in the DOS (and Win 3.1) days viruses were a problem. The code base was much smaller and the attack vectors could be fully understood.
Then came Dave Cutler who worked on VAX VMS to design Windwos NT. I seem to have noticed very little (if any) viruses problems with VMS.
What Microsoft should have done was not poke holes in the security of NT before it was released which then required a whole industry of anti-vurus software.
Microsoft's offering is Defender. As it has direct kernel access it would be anti competitive to not allow other antivirus software the same access
But the question still remains: why does Windwos need antivirus (particularly when VMS didn't)?
It's always NPE 😅
Also windows kernel had to ...wait a second it's not 3rd party software that shuts down system it's windows kernel decides to shut down because a software wanted to read data from a place it should not ... And it was possible for wi dows os to block it and continue .. it's about windows default settings if kernel logic...
If crowd strike not handled nulll check correctly why does windows show BSOD… it’s a mistake of OS where they should take care of when to show and not show….
There is something called a reputation. Given Microsoft’s reputation I am surprised that you are suprised that people are blaming Microsoft.
A small null check😂😂
But the logic you missing is it seems like it's a windows provided thirt party software 😅🙄🤔😁🤫
It wrong to blame Microsoft, its like if you buy a car and lend other to drive and if it meets with an accident blame the car manufacturer
Couldn't Microsoft test it before allowing it?
To use your analogy, at least control if the dude has the driver license.
We are holding Microsoft accountable for not handling the crash properly. In your analogy, it's like a car without airbags, leading to the driver's fatality, thereby making the manufacturer responsible
@@YT-yt-yt-3 it would be a closer comparison if the person took out the airbags themselves and then crashed. They shouldn't have removed the air bags that the manufacturer installed. The manufacturer is not at fault.
root permissions!
Still I have a feeling that Microsoft is too easy to break
Your 30 secs had way more info than 3000 mins of videos wasted on this issue.
Talk tech to me !! ❤
Was it a BSoD or a blue Recovery screen?
Lol, if Microsoft thinks that they don't have to learn from this then you are agreeing that this thing can happen again.
My take here is that both systems are at problem here. Its a design failure that allows a critical dependency running in kernel mode bringing entire system down for millions of people.
Could anyone explain how microsoft and crwodstrike are related .
Is it the Windows users that manually installs this spyware or it comes pre-installed with Windows default OS ??
Yes. Users install crowdstrike to monitor many metrics like performance, security threats at network level as well. Generally IT admins at your company do it.
m.th-cam.com/video/pCxvyIx922A/w-d-xo.html
@@SudharshaunMugundan thanks for your answer , it’s clear .
Now I see the point from Arpit that it’s the individual / companies liable who’s installing such softwares .
But still have some curious qns on the kernel level programming itself :
1) if some program is trying to access invalid memory location , why crash the whole OS ?
2) If I understood well windows has kernel level APIs which kernel level software ( like falcon from crowdsource ) can access . Why give such clients direct access to these apis ? Like why not have a wrapper around kernel apis which is built by Microsoft and then let 3rd parties interact with those . At least it’ll not crash the whole os .
@@abhishekkoranga13781) because it is not a user level program, it's a system driver and a null dereference at that level can cause further damage/inconsistency. to prevent it, the OS crashes.
2) wrappers slow stuff down (I guess).
@@abhishekkoranga1378 First of all, regarding the point about liability, companies pay millions of dollars to Crowdstrike, so it's entirely Crowdstrike's responsibility to ensure that they're delivering a proper product.
Regarding the first question, my guess is that Crowdstrike tried to access an arbitrary memory pointer, which from the OS perspective is either an erroneous behaviour or an attempted cyber attack. Hence to safeguard itself, it tries to reboot. But since the access is at kernel level, the issue occurs during the booting logic itself and hence we get a bootloop.
Now coming to the part about kernel access, OS has this concept called Memory Isolation. In simple words, one software can't usually see any OS level changes being done by other software. But for anti-malware tools to function, they need to observe all the different interactions being done by other software. Hence they require elevated permissions and direct kernel access to ensure nothing fishy is going on.
If crowdstrike released an update, who was the person who installed the update? Are you saying that all the operation engineers across the world installed the released update at the same point of time? I would blame the person responsible for installing the update without first testing it on a test environment machine first.
It is an auto update. Generally there would not read much into it and install. These applications use a clever strategy to give as minimal as info as possible for updates before the update happens. So if the update is flagged as a security update you wouldn't think twice before clicking the update.
@@SudharshaunMugundan Thats a bad practice hiding in plain sight. If we application developers go through dev, sit, perf, uat, stage environments to put a new feature into production. The people working at kernel level, which is much more important than the application level dont atleast run it on a test environment before deploying to production? However big/critical an update be, i still feel it has to be atleast tested once before deploying it. This is a good learning curve.
An auto update at kernel level is just a big hole vulnerability that easily be exploited by terrorist.
It happens via 'Automatic Update'
linux>windows
We are paying to Microsoft not for Crowdstrike .
Microsoft is responsible for update
@@techyash9087 How is Microsoft responsible for CrowdStrike Falcon Software's faulty update that they didn't test before rolling out?
So you got Crowdstrike for free?
We shouldn't blame Microsoft but interestingly the crash wasn't occuring on Linux and Mac. Why?
Updates were written differently?
Har jagah gyaan pelna hai ise
I think root cause of this is mostly device driver failure.
Exactly it's the design failure of driver - that allowed an NPE to cause this wide impact.
This is totally windows fault. What are you talking about? Its like telling a customer that it is a employee's or a contractor's fault, not the company's.
No sir, I would actually blame both of them, in fact more to microsoft because they need to understand that their software are used by millions and millions of people, a third party app may go down, you should have a better system in place that avoids BSOD
Use rust 😂
Too friggin complex language
@@akshaytakkar6747 no pain , no gain
@@cccc2740 I gave it a solid 1 year..I can write mid level programs but I can't understand many features like lifetimes..skill issue maybe