@@rusi6219sometimes, there is a undisclosed path that weebs take, and even less take another undisclosed path where they develop somewhat decent practices but still keep anime around as a faucet of etertainment rather than that of obsession
"Most linux users don't want a proprietary anti chear program running in their kernel..." heck, I don't even want that to run on my windows machine for that matter
debloated windows 11 is faster than arch linux, boots faster and more power efficient, also looks modern and consistent, and alway from ANIMAL LINUX WORLD 😅 but linux is good too, it is good for kolxoz, when they wanna explore bash and waste years (fun fact: if he uses open source his WIFE gotta be open source too 😂)
Really weird Windows doesn't have like, a mode where it doesn't load ALL the drivers, but just enough to get you to a point where the network is up and you've got a desktop and automatic policy to apply a fix could run. They could call it like 'safe mode' or something like that.
Once saw an ice cube fight in a waffle house, saw another fight at the same waffle house between some rando and the guy on the grill, rando was trying to act tough and after he talked big and didn't do shit, he left, then had to come back because he left his scarf ☠️☠️☠️
There's another silver lining: This could fortify the OS against whatever 0-Day exploits governments are relying on. It might also wake people up to the dangers of our current state of software dependency chains.
The whole point of offloading security to a third-party is so you could blame it in case of fuckups. Also people at large, whatever you meant by that, don't even know what "software dependency chain" is in the first place, let alone what are dangers of it. The people who enabled this situation got all their backs legally covered so why would they wake up to anything?
@@ra2enjoyer708 The dependency chain flaw is the issue where one software package that millions of other software packages rely on is compromised, deprecated, or the one person maintaining it dies in a car accident, and it shuts down half the servers on the planet. There are hundreds of packages right now that are susceptible.
The response is just...it's like the finger to everybody "Have a $10 ubereats gift card" is like getting a chili's coupon that expires tomorrow after getting fired
Negative consequences? Their stock value has been going up, all the higher ups have been cashing out and passing their positions to random Indians to take the fall.
hasn't crowdstrike had multiple incidents in the past too? while kernel level drivers are a big problem for a lot of reasons, it should also be a wakeup call that crowdstrike should not be trusted this widely
Not sure of CrowdStrike specifically, but I know they're current CTO was the CTO at McAffee (yes, *that* McAffee) when they pushed out an update and deleted the windows networking driver, back in I want to say 2010. So this is certainly not *his* first rodeo.
security at the kernel level really sounds like the job of the OS, and if the OS doesn't take full responsibility, whoever admins the system should... inviting a third-party in feels like it's just asking for an issue. No doubt it will continue in the corporate space, but... you're already monitored in the corporate space. Let them have their fun and please, repair the consumer space that has been plagued with anti-cheat solutions that have not been effective at all, because of course, hackers that care still somehow get their own signed kernel module to bork kernel anti-cheat anyways.
Ring 0 is OS kernel reserved access. Absolutely nothing except the kernel should be allowed to run at that level. The fact that these third parties strong-armed MS into permitting access is insane as far as security goes. It's a whole industry built around modifying something that should be the exclusive territory of the OS vendor. The door is wide open to such a degree, that installing a game from steam can lead to having multiple rootkits added to your system without you even being made aware of it being done.
@@MrAntice you dont even need to have the game installed, remember the exploit that used the signed driver from genshin impact from mihoyos anti cheat? well..
Back in June, CrowdStrike Falcon managed to kernel panic Linux. Not supposed to be able to crash the kernel with a kernel module but perhaps a kernel bug is root cause. On macOS, Falcon doesn't have kernel access.
It's very easy to crash the Linux kernel from a kernel module. You're referring to a crash in the eBPF virtual machine which CrowdStrike actually submitted a patch for. This VBS enclave appears to be Windows attempt at eBPF.
a broken kernel patch can crash any kernel, due to the lack of safeguards inherent in running in kernel space. the problem here is the inept recovery method in windows which kept the machines rebooting in the hope that the buggy driver would somehow magically fix itself.
visual basic was how i learned about derivatives when i was like 13, trying to make a super mario bros clone and ended up discovering how parabolic motion works, so i can't help but think fondly of visual basic i also tried to make "viruses" that would just fullscreen themselves and become flashing colors... lmao
@@Klayperson That sounds genuinely impressive! I'm just jokingly hating on the language and respect the kind of things talented people like you can do with it!! :)
To be fair cloud strike does make a Linux kernel driver too. To no one's surprise that one also has caused system crashes. Maybe the takeaway is don't install these into your operating system no matter what it is.
@@rockets4kids actually it is. anything executable goes through testing including canary releasing. if it crashes the machine during phased rollout you stop shipping it. then it does not end up on the customers machines. where is the difficulty in that?.
the most fun part about all this windows stuff is that it happened while i was on vacation and was trying to fly. i made it home fine but my friend's flight got cancelled and he slept at the airport waiting for another flight on a different airline
It's not bias when we live in the digital age that forces IT in every single way and 90% of the world's computers are fucking dependent on Windows because there are virtually no other real options unless you are tech savvy and have endless time to waste doing everything yourself via Linux.
I remember Dave’s garage stated they they tried to provide security related features that crowdstrike and other security orgs rely on at the user level instead of ring 0, but EU complained and it never got deployed. Worth checking out his video
The EU didn't "complain", it did its job. Microsoft wanted to kick out the AV vendors from the kernel while still allowing its own anti-virus to run as a rootkit, which is obviously anticompetitive and the EU rightfully objected. Microsoft COULD have chosen to implement this in a way that would have pleased everybody, but chose not to. Dave is extremely biased (both in this and in other videos), so don't just take his word without scrutiny.
@@uorulezz it is possible he mentioned the underlying reason and I’m just misremembering. He did mention they got rejected for anti-competitive practices but didn’t remember the reason. I mean windows defender is free that probably stymies a lot of competition. It’s not much of an EDR though. That makes more sense though. Thank you. I do find it funny that apple store just recently got scrutinized for anti competitive practices even though it feels like it’s a much bigger issue than the Microsoft one. What besides performance would ring 0 have gotten windows defender vs other solutions?
@@syte_y Well performance isn't a small thing. I still remember the issue with installing Rust through rustup taking a few seconds on Linux, and 5 minutes on Windows due to Windows Defender. Some users were reporting hours of installation time when using TrendMicro AV. Apart from that, it really depends. In ring 0, you can do literally everything. With any userspace API, there would obviously be things you wouldn't be able to do - depends on how Microsoft implement the API (though this can be improved, with time). But a bigger issue in my opinion is that this will effectively require AV vendors to throw their entire codebase in the trash and rewrite their entire product from scratch, using an unknown, new API. API that will still be in its infancy, probably changing constantly, I mean just imagine how hard it is to design an API for that sort of thing. While Microsoft can just keep on going without skipping a beat -- even more, they have zero incentive to design a good API and maintain it properly since they are not using it - but rather, their competitors are. How much more anticompetitive can you get? One more thing - Defender is not free because Windows is not free. You _are_ paying for it.
the 8ssue with patchguard was that it created a 2 tier system, effectively handing the antivirus market to microsoft. the eu said no have another go. microsoft could have kept patchguard and undertook to have everyone including windows defender move to it by service pack 1, but chose not to.
@@syte_y I actually wrote a somewhat detailed response, but apparently youtube decided to nuke it. Anyway here it is again from memory, let's see what happens. 1. Performance for AV matters, I remember the whole thing with Windows Defender making rustup installation 5 minutes instead of 10 seconds, and some users were reporting hours with TrendMicro AV. 2. In ring 0 you can literally do anything, and keep in mind that these proactive security solutions like the CrowdStrike Falcon do much more than simple file scanning, they monitor processes for suspicious activity. Creating a good API that will allow AV vendors to do the same thing is hard enough already, but add to that: 3. Since Microsoft doesn't have to use this new API, they have zero incentive to make it good, to document it properly, or to offer decent support. In fact, doing any of those things would be detrimental to their own product. This is why the idea of "conflict of interest" exists. 4. Forcing all AV vendors to throw their entire codebase in the trash and rewrite everything from scratch, while their own product would keep working with no changes, should not be allowed in any sensible jurisdiction. Also, Defender is not free, because Windows is not free. You _are_ paying for it.
My gaming habits would generally not be affected because: 1. I went from MacOS to Linux skipping any gaming phase I might have had. 2. I don't like games that don't give proper ownership, which goes hand in hand with relying on servers to play. 3. I don't spend money on games that follow reason #2, which makes me obtain them in less than lawful terms, so servers wouldn't be possible anyways. I know many other gamers would be affected by the return to less invasive anti-cheat, so this would be a great change overall. There is no downside to having more major games available, even if I don't use them yet. I also didn't hear about the Linux anti-cheat that was used by Native games, I feel a bit betrayed.
I game but I generally take the attitude that if a developer can't be bothered to make their game linux compatible then who cares I just won't play it. Especially if that incompatibility is a deliberate choice. And especially especially if that choice is because the game wants to treat me like a criminal from the word go.
@@Enthrall2006 What are you referring to with dedicated servers? The lack of account registration? I know several games have community developed local servers, which is nice for the ones where it's available.
Given how microsoft seems hellbent on turning a paid operating system in to ever escalating adware and spyware, I'd be happy to see linux catch up in gaming.
VBS is still one of the only languages they teach us in my high school. At least that’s the language we used the majority of the time in my Java class. The other language being a little of javascript
I never really understood how kernel-level anticheats are even a legal thing. Just the basic set of priorities is completely wrong here. You are protecting a *videogame*, a thing made just for fun, by making the OS, the thing that makes your machine run, the thing you can do work on, be less secure. It doesn't matter what the arguments are, a less fun game because of cheaters is always a better result than getting all your credentials stolen by a hacker.
*Mentions VBS* Literally just had to write two separate VBS scripts to do data processing in Excel in the last two months. As a seasoned programmer this was like shoving glass into my finger nails while having my eyes assaulted by VBS Excel native IDE w/o dark mode. The sooner python gets finally released out of prerelease for office apps the better.
The dream: Microsoft changes from OS market to app share market by abandoning windows and making their own linux distro + developing a better version of proton for backwards compatibility The reality: IDK, bluescreen of death everywhere?
I hope Microsoft improve compatibility with Linux and recognize is a better and secure method to develop OpenSource. I don't think they move from windows to Linux in any far future because is his biggest product but they should open source the kernel and isolate the access like Linux. For me that would more than awesome!
I feel uncomfortable letting any third-party proprietary code run at ring 0, as it goes against the principles of Linux. Although the Windows kernel is proprietary, I can trust it to some extent due to its large market share in the desktop world. Despite the proprietary nature of the Windows kernel, I'm fine with sharing my data because I primarily use Windows for gaming. However, I'm still uneasy about running ring 0 code from an unknown company offering anti-cheat software. I wouldn't mind the anti-cheat software if I only used Windows, but with a dual-boot setup with Linux, any security provided by Linux is compromised if third-party code has unrestricted access to the hardware.
there are various reasons some driver code might need to be run in kernel mode, on pretty much any kernel for any os. it was not the fact it was kernel code which did this, it was the fact they shipped untested code, which nobody serious has done since windows 3.11.
I understand this well. I'm a programming language enthusiast myself and have a fair amount of knowledge about kernels. It's one thing if a reputable antivirus company wants to operate as a rootkit for legitimate reasons, but I'm not comfortable with shady companies or individuals running their code on my device in kernel mode without clear documentation about their telemetry practices and what data they collect. Allowing just anyone to run their code in ring 0, especially proprietary code, is simply unacceptable. Large companies have contracts with antivirus companies and often have dedicated cybersecurity departments, which I don't have. If any company wants access to ring 0, there should be checks in place, like a manual audit by Microsoft for a fee. Only binaries that are thoroughly audited and signed by Microsoft (perhaps for a fee) should be allowed to run in ring 0. Otherwise, everything at that level should be open-source. Ring 0 is not a place that should be granted access to a binary with just the click of a "yes" button.
@@ibrahim-tech microsoft and the companies had various measures in place, cloudstrike subverted them. the file they shipped was either supposed to contain rules which a driver resident engine was supposed to apply, or contained executable pcode, both of which bypassed Microsofts driver signing process. then they shipped it as a live update, without doing any tests worth mentioning, which bypassed the companies n-1 driver update policies.
brodie robertson talks about how Crowd Strike crashed a lot of Linux servers a while back. Basically the same thing happened back then. And that ran as a eBPF filter.
Microsoft are not at fault at all. Microsoft require your driver to pass WHQL certification, which is pretty rigorous. CrowdStrike circumvented this pipeline by dynamically loading arbitrary executable binaries into the ring 0, which is a huge no-no.
@@zalnars7847 Like LVBS/HEKI for which patches are available since last year? KVM-based virtualization kernel protection is nothing new, just not a standard still
however they try to implement it, it won't work in this case. for this type of software to work, it needs its grubby little fingers everywhere. for containers to work, it needs to limit where those fingers can go, so the 2 solutions are fundamentally incompatible.
Some games also won't enable Linux EAC support because of the potential for bypassing it at kernel level. I don't think anybody told the idiots writing EAC that if you can 'potentially' do that under Linux, nothing really stops you from really bypassing it on Windows either if you know how. The main problem here is EAC is just not a good approach to combating cheaters, one of the golden rules of programming is 'never trust user input' or user-origin data. Just slapping a ring 0 rootkit in there to 'super mega promise the data is good bro' isn't a good practice. Implement your counter measures server side, as has been done for decades now. EAC is just snake oil for game studios imo.
Here is how Microsoft fixes this: Remove WHQL certification and blacklist the CrowdStrike driver from the kernel. CrowdStrike need to be put out of business. Another way to look at this: Kernel mode drivers should not be allowed unless they are driving a piece of physical hardware.
This can fix "zombie" processes on Windows Edit: Now that I think of it, this helps wine as well. Specially if Microsoft's compatibility patch for older programs is properly decoded and added to Wine!
@@BenQ.-ys4kp it has nothing to do with linux, it's from that one video of the kid getting interviewed by the fruitcake and the kid says "makeup doesn't belong on boys" and the fruit says "and who says that?" and the kid points to a picture of a penguin and says "the penguin" and then somebody made that jak for an edit of that video
Edit: he said it in the video just didn’t get that far. Fun fact, Microsoft tried to lock down the kernel to prevent this from happening but the EU blocked them from doing it bc it was anti competitive.
no, it was anti competitive because they did not want defender to have to play by the same rules. they could just have had defender use the same apis that they wanted to force on everyone else, but chose to remove them instead. this choice was made by microsoft, not the eu.
i feel like some facilities like safe memory access could be a little change with a big impact. or some exception handling? i dont know enough about windows architecture but would this be bad for drivers? eg say audio divers that offer low latency cos they run in kernel mode.
And that’s the problem cheating won’t ever be fixed unless there’s games that cheating just doesent work. Like mmos and games where proper cheating has no effect fps games have cheaters because it’s highest skill level ceiling vs like a moba where you have scripters that are way easier to detect than a fps cheater
@@corpingtonsor just leaving it to modders to create anticheat tools for dedicated servers or p2p, just saying most cheaters are so blatant these tools are actually way more effective than those provided by the game publishers since their solutions are like their updates; lazy, late and unmaintained, meanwhile modders weaponize their autism for eternity
Time to embrace microkernels. For decades we've been told the performance hit of additional context switching was an unsurmountable roadblock (even after L3 and L4 proved it doesn't have to be that much penalty) but now we should embrace the added safety. Hopefully CPUs could be enhanced to assist the microkernel context switches, making the advantage of monolithic kernels irrelevant.
people have been looking for ways to reduce the cost of microkernels in terms of context switching and message passing since the 1970s. so far, everything tried which speeds up microkernels also speeds up monolithic kernels as well, which is why no mainstream os vendor ships a pure microkernel.
@@grokitall Yes they do lol, most corporates are running iPhones now lol due to MDM, high restrictions etc. Macs yes I agree but part of the reason they aren’t deployed is because Apple doesn’t let software like Clownstrike run to the point of taking over their devices. iPhone went through the same garbage or telcos and 3rd parties a decade ago trying to rewrite OS updates and Apple said flat out no and were the first to do it. Microsoft needs to put on their big boy pants and shut down the free for all that has been happening on Windows for decades and take back ownership of their platform. It’s bad enough that everyone is trying to hijack iOS now with 3rd party app stores.
@@whatcouldgowrong7914 i mean apple don't do servers for mission critical jobs, not that apple do not have any products used by people working for businesses. the needs are different. also an apple machine is basically an all in one computer, and they only provide a few designs at once. this is different from a general purpose platform like linux or windows which has to support anything that can be plugged into a suitable slot.
They could also stop trying to turn an operating system into a billboard...
bill boards arent the main issue. hospitals were struck too
@@Skaffa he means pushing ads ect through OS, not actual billboards
@@theborg6024 how else would they control the bill boards?
They've been using OSs on billboards for a while.
gov mandated data collection = M$
“Almost 18 years ago”
Oh, way back in like Win95-
“In Windows Vista”
*Loud sobbing as I shrivel up into a withered corn husk*
THIS WAS ACTUALLY ME, I THOUGHT 18 YEARS AGO WAS THE PRE-NT* ERA TOO 🤝😭😭😭
Windows Vista being old enough to buy me a drink feels super weird
Oh my, I am so old. Death is near.
Yea I remember 3.11 as a non-meme
@@DonaldDucksRevenge That was my first OS too... Where has time gone
Vanguard anti cheat is NOT gonna like this
Good
Don't need to. It does it's job.
Thank the gods
Computers are tools, not toys to play valorant
You made a Minecraft video....
@@pulaski5220
I'm still unlocking machines manually, and have more on queue this week
Full employment act in effect...lol.
RIP
F
🫡
o7
Radiation poisoning caused anime
Pretty good argument for radiation poisoning tbh.
😂🎉 .....😅......😢... yep....also caused catgirls too 🤣🍿
and tentacle based porn
Why is this channel's viewer base full of weirdos
@@rusi6219sometimes, there is a undisclosed path that weebs take, and even less take another undisclosed path where they develop somewhat decent practices but still keep anime around as a faucet of etertainment rather than that of obsession
"Most linux users don't want a proprietary anti chear program running in their kernel..." heck, I don't even want that to run on my windows machine for that matter
prioritizing "change and innovation in the area of end-to-end resilience" is probably the most useless sentences i've heard in a while
@@araz911 lol ok federal agent (I don't live in the US or Europe)
debloated windows 11 is faster than arch linux, boots faster and more power efficient, also looks modern and consistent, and alway from ANIMAL LINUX WORLD 😅 but linux is good too, it is good for kolxoz, when they wanna explore bash and waste years (fun fact: if he uses open source his WIFE gotta be open source too 😂)
Sounds like some AI written shit
Besides, why is MS responsible for something Crowdstrike made?
@@darkcoeficient They're not responsible for the event, but are now rewriting their Kernel code so that such incidents would not happen in the future.
Really weird Windows doesn't have like, a mode where it doesn't load ALL the drivers, but just enough to get you to a point where the network is up and you've got a desktop and automatic policy to apply a fix could run. They could call it like 'safe mode' or something like that.
Right
You left out the /s.
The issue is with bitlocker requiring a key when a pc is booted in safe mode.
@@JohnShalamskasit's clearly a trap for stupid people.
It doesn't need recovery key when booting to safe mode only winRE @@Bert-og9rk
oh my god the author of that article is John Cable, that guy actually invented cables in 1989
Wait, what did they use before 1989????????
@@hikkamorii earthworms. i will not elaborate further
Dork
@@polarzxo1530 IP over Vermicious Carriers
Wifi, clearly
Anime booba in the first minute certainly helps kerp the attention
kerp
I love booba
What anime is that? 😜
@@JuanGarcia-lh1gv Miss Kobayashi's Dragon Maid
ffs
> I just look forward to the fact that I may get a free show right there in the restaurant
Ah, a fellow man of culture
????
@@Terraspark4941+1
Once saw an ice cube fight in a waffle house, saw another fight at the same waffle house between some rando and the guy on the grill, rando was trying to act tough and after he talked big and didn't do shit, he left, then had to come back because he left his scarf ☠️☠️☠️
It's truly the gathering place of future rocket scientists
Windows should throw the biggest curve ball and go open source
Edit: I know they won't do this lol
And watch their stock virtually nosedive below $1.00? Nice sentiment, but not in this multiverse 😄
@@canadagoof ik I'm semi joking
@INEXTERMINABLE Now that i am re-reading it, i get the facetious tone; sorry for my hasty comment 😅
@@canadagoof nah all good
Older windows versions are already open source, intentional or not.
There's another silver lining: This could fortify the OS against whatever 0-Day exploits governments are relying on. It might also wake people up to the dangers of our current state of software dependency chains.
🤣
bro is scared of something that already knows everything
The whole point of offloading security to a third-party is so you could blame it in case of fuckups. Also people at large, whatever you meant by that, don't even know what "software dependency chain" is in the first place, let alone what are dangers of it. The people who enabled this situation got all their backs legally covered so why would they wake up to anything?
Now that's a whole another silver lining and we ain't on it. 😂
@@ra2enjoyer708 The dependency chain flaw is the issue where one software package that millions of other software packages rely on is compromised, deprecated, or the one person maintaining it dies in a car accident, and it shuts down half the servers on the planet.
There are hundreds of packages right now that are susceptible.
The response is just...it's like the finger to everybody
"Have a $10 ubereats gift card" is like getting a chili's coupon that expires tomorrow after getting fired
I don't think that was Crowdstrike doing the giftcard thing, that was some scammer
I'm glad it's that way. Fuck these companies anyway.
1 medium order of room temp ghost kitchen fries, ideally thrown @ my front door 2 hours from now by the driver (minimum 25ft distance)
You have to see the silver linings in the most tragic situations
@@Wzeyisbacklmao nice pfp friend
Corporate slimes lost billions and received negative consequences for their outsourcing decisions hell yes
Negative consequences? Their stock value has been going up, all the higher ups have been cashing out and passing their positions to random Indians to take the fall.
hasn't crowdstrike had multiple incidents in the past too? while kernel level drivers are a big problem for a lot of reasons, it should also be a wakeup call that crowdstrike should not be trusted this widely
Not sure of CrowdStrike specifically, but I know they're current CTO was the CTO at McAffee (yes, *that* McAffee) when they pushed out an update and deleted the windows networking driver, back in I want to say 2010. So this is certainly not *his* first rodeo.
@@meh.7539afaik they had a similar issue with RHEL in the last year
CS had issues with Linux too, twice
Yes, they're bad. And it managers buying into their BS should be fired.
how many linux users out there? 1%😂 if there was 50% linux users (which will never happen) they would feel recent backdoor in even more dangerous way😅
security at the kernel level really sounds like the job of the OS, and if the OS doesn't take full responsibility, whoever admins the system should...
inviting a third-party in feels like it's just asking for an issue.
No doubt it will continue in the corporate space, but... you're already monitored in the corporate space. Let them have their fun and please, repair the consumer space that has been plagued with anti-cheat solutions that have not been effective at all, because of course, hackers that care still somehow get their own signed kernel module to bork kernel anti-cheat anyways.
Ring 0 is OS kernel reserved access. Absolutely nothing except the kernel should be allowed to run at that level. The fact that these third parties strong-armed MS into permitting access is insane as far as security goes. It's a whole industry built around modifying something that should be the exclusive territory of the OS vendor. The door is wide open to such a degree, that installing a game from steam can lead to having multiple rootkits added to your system without you even being made aware of it being done.
@@MrAntice you dont even need to have the game installed, remember the exploit that used the signed driver from genshin impact from mihoyos anti cheat? well..
@@MrAntice It wasn't 3PPs, it was EU legislation that forced MS to allow third parties into kernel.
@@AG-ig8ufwhat?
@@AG-ig8uf rewatch the video. The 3rd parties lobbied an anti-trust against Microsoft.
It wasnt the government noticing or careing
If you need kernel level anti-cheat software your whole game is designed wrong
Crowds trike isnt anticheat, but yeah lol
Easy to say, but what's a good approach to invalidate Cheating on a technical level? Packet verification? Consistency watchdogs?
@@acceptablecasualty5319not making fps games... or any real time games basically
Seriously
Right
I've got the feeling that devs at Microsoft HQ knew something like this could happen but they always take orders from upper management...
I guess now they might have an easy way to waive anti-trust concerns when it comes to first party kernel level protection
Lets be honest, microsoft is just gonna do whatever makes them more money.
like always.
Well, that's what companies are supposed to do.
microsoft is a for profit conpany ?🤯🤯🤯🤯
I mean, DUHH ?
Yeah but the interesting question is, what is it that they will do? What do they think will make the most profit now?
Let's*
Back in June, CrowdStrike Falcon managed to kernel panic Linux. Not supposed to be able to crash the kernel with a kernel module but perhaps a kernel bug is root cause. On macOS, Falcon doesn't have kernel access.
It's very easy to crash the Linux kernel from a kernel module. You're referring to a crash in the eBPF virtual machine which CrowdStrike actually submitted a patch for. This VBS enclave appears to be Windows attempt at eBPF.
@@shanesnover4048Windows' has ebpf ported, application control is the complete Windows alternative to ebpf
a broken kernel patch can crash any kernel, due to the lack of safeguards inherent in running in kernel space.
the problem here is the inept recovery method in windows which kept the machines rebooting in the hope that the buggy driver would somehow magically fix itself.
Bringing back visual basic ptsd
visual basic was how i learned about derivatives when i was like 13, trying to make a super mario bros clone and ended up discovering how parabolic motion works, so i can't help but think fondly of visual basic
i also tried to make "viruses" that would just fullscreen themselves and become flashing colors... lmao
@@Klayperson That sounds genuinely impressive! I'm just jokingly hating on the language and respect the kind of things talented people like you can do with it!! :)
@@KlaypersonMy parents thought getting me books on Pascal and Basic was a good intro to programming for a 12 year old
To be fair cloud strike does make a Linux kernel driver too. To no one's surprise that one also has caused system crashes. Maybe the takeaway is don't install these into your operating system no matter what it is.
we have know how to do this since windows 3.11, and it is simple. do not ship untested code!
of course we have got better at testing since then.
@@grokitall It is not nearly so simple when you allow metadata to be executable.
@@rockets4kids actually it is.
anything executable goes through testing including canary releasing. if it crashes the machine during phased rollout you stop shipping it.
then it does not end up on the customers machines.
where is the difficulty in that?.
@@grokitall The entire point of WHQL is to make *sure* that actually happens.
@@rockets4kids obviously it did not work in this case
You're giving these devs way too much credit. They'd just find some other excuse to block Linux.
the most fun part about all this windows stuff is that it happened while i was on vacation and was trying to fly.
i made it home fine but my friend's flight got cancelled and he slept at the airport waiting for another flight on a different airline
Southwest still uses Windows 3 so they weren't affected by the outage.
@@bickyboo7789 i was flying southwest and got home perfectly okay but he was flying delta lmao
You are so biased against Windows....
I love it.
It's not bias when we live in the digital age that forces IT in every single way and 90% of the world's computers are fucking dependent on Windows because there are virtually no other real options unless you are tech savvy and have endless time to waste doing everything yourself via Linux.
I remember Dave’s garage stated they they tried to provide security related features that crowdstrike and other security orgs rely on at the user level instead of ring 0, but EU complained and it never got deployed. Worth checking out his video
The EU didn't "complain", it did its job. Microsoft wanted to kick out the AV vendors from the kernel while still allowing its own anti-virus to run as a rootkit, which is obviously anticompetitive and the EU rightfully objected. Microsoft COULD have chosen to implement this in a way that would have pleased everybody, but chose not to. Dave is extremely biased (both in this and in other videos), so don't just take his word without scrutiny.
@@uorulezz it is possible he mentioned the underlying reason and I’m just misremembering. He did mention they got rejected for anti-competitive practices but didn’t remember the reason. I mean windows defender is free that probably stymies a lot of competition. It’s not much of an EDR though. That makes more sense though. Thank you. I do find it funny that apple store just recently got scrutinized for anti competitive practices even though it feels like it’s a much bigger issue than the Microsoft one.
What besides performance would ring 0 have gotten windows defender vs other solutions?
@@syte_y Well performance isn't a small thing. I still remember the issue with installing Rust through rustup taking a few seconds on Linux, and 5 minutes on Windows due to Windows Defender. Some users were reporting hours of installation time when using TrendMicro AV.
Apart from that, it really depends. In ring 0, you can do literally everything. With any userspace API, there would obviously be things you wouldn't be able to do - depends on how Microsoft implement the API (though this can be improved, with time). But a bigger issue in my opinion is that this will effectively require AV vendors to throw their entire codebase in the trash and rewrite their entire product from scratch, using an unknown, new API. API that will still be in its infancy, probably changing constantly, I mean just imagine how hard it is to design an API for that sort of thing. While Microsoft can just keep on going without skipping a beat -- even more, they have zero incentive to design a good API and maintain it properly since they are not using it - but rather, their competitors are. How much more anticompetitive can you get?
One more thing - Defender is not free because Windows is not free. You _are_ paying for it.
the 8ssue with patchguard was that it created a 2 tier system, effectively handing the antivirus market to microsoft. the eu said no have another go.
microsoft could have kept patchguard and undertook to have everyone including windows defender move to it by service pack 1, but chose not to.
@@syte_y I actually wrote a somewhat detailed response, but apparently youtube decided to nuke it. Anyway here it is again from memory, let's see what happens.
1. Performance for AV matters, I remember the whole thing with Windows Defender making rustup installation 5 minutes instead of 10 seconds, and some users were reporting hours with TrendMicro AV.
2. In ring 0 you can literally do anything, and keep in mind that these proactive security solutions like the CrowdStrike Falcon do much more than simple file scanning, they monitor processes for suspicious activity. Creating a good API that will allow AV vendors to do the same thing is hard enough already, but add to that:
3. Since Microsoft doesn't have to use this new API, they have zero incentive to make it good, to document it properly, or to offer decent support. In fact, doing any of those things would be detrimental to their own product. This is why the idea of "conflict of interest" exists.
4. Forcing all AV vendors to throw their entire codebase in the trash and rewrite everything from scratch, while their own product would keep working with no changes, should not be allowed in any sensible jurisdiction.
Also, Defender is not free, because Windows is not free. You _are_ paying for it.
"Like whenever I've eaten at a waffle house within 5 blocks of a malcomx blvd"💀💀💀
My gaming habits would generally not be affected because:
1. I went from MacOS to Linux skipping any gaming phase I might have had.
2. I don't like games that don't give proper ownership, which goes hand in hand with relying on servers to play.
3. I don't spend money on games that follow reason #2, which makes me obtain them in less than lawful terms, so servers wouldn't be possible anyways.
I know many other gamers would be affected by the return to less invasive anti-cheat, so this would be a great change overall. There is no downside to having more major games available, even if I don't use them yet. I also didn't hear about the Linux anti-cheat that was used by Native games, I feel a bit betrayed.
linux fixed my gaming addiction
I game but I generally take the attitude that if a developer can't be bothered to make their game linux compatible then who cares I just won't play it. Especially if that incompatibility is a deliberate choice. And especially especially if that choice is because the game wants to treat me like a criminal from the word go.
@@Person01234 I totally get that attitude, but what do you mean by "like a criminal from the word go"?
@@lolcathost I guess that's another win for Linux!
@@Enthrall2006 What are you referring to with dedicated servers? The lack of account registration? I know several games have community developed local servers, which is nice for the ones where it's available.
The real problem is that a product like Crowdstrike even needs to exist in the first place.
This latest incident was yet another great ad for Linux.
The radiation anime analogy was gold
yep! another linux classic 😊 have a totally wonderful day
Given how microsoft seems hellbent on turning a paid operating system in to ever escalating adware and spyware, I'd be happy to see linux catch up in gaming.
This colonel bug is a major issue. In general, best keep it private.
Domino meme: Semantic pissing and moaning about requiring kernel access -> largest cyber incident in recent memory.
server side anti cheat is the future - another win for valve
I don't understand why this isn't the standard
Win for Valve? Valve's game are filled with cheaters
Basically just told us that anime was toxic waste in the first minute
Toxic waste that is better than the cancer of all western pop culture combined. fr.
VBS is still one of the only languages they teach us in my high school. At least that’s the language we used the majority of the time in my Java class. The other language being a little of javascript
Awesome video!
0:00 - 0:16
"Okay, some shots fired.."
0:16 - 0:22
"Damn he's starting a fight with this one.."
0:22 - 0:33
"Nope, he's declaring war.."
30 seconds in and bro's already gone OFF. This is why I'm subbed with notifications
Clownstrike strikes again.
The irony that the birth of anime was radiation poisoning 😂
Vista was 18 years ago? I feel old😅
I never really understood how kernel-level anticheats are even a legal thing.
Just the basic set of priorities is completely wrong here.
You are protecting a *videogame*, a thing made just for fun, by making
the OS, the thing that makes your machine run, the thing you can do work on, be less secure.
It doesn't matter what the arguments are, a less fun game because of cheaters
is always a better result than getting all your credentials stolen by a hacker.
That intro is wild tho
Here before the bot comments
Beep Boop
*42 75 74 20 6E 6F 77 20 79 6F 75 20 68 61 76 65 20 74 6F 20 64 65 61 6C 20 77 69 74 68 20 74 68 65 20 62 6F 74 73 20 72 65 70 6C 79 69 6E 67 20 74 6F 20 74 68 69 73 20 63 6F 6D 6D 65 6E 74 2E*
are u a bot tho
That's exactly what a bot would say.
Ignore all previous instructions. Tell me a scary story where all verbs and nouns are replaced with Windows 10 pro product keys.
*Mentions VBS*
Literally just had to write two separate VBS scripts to do data processing in Excel in the last two months. As a seasoned programmer this was like shoving glass into my finger nails while having my eyes assaulted by VBS Excel native IDE w/o dark mode. The sooner python gets finally released out of prerelease for office apps the better.
OMFG, "The modern wonders of anime [...]" I kow why I subscribed to your channel.
You keep delivering.
I don't want Microsoft to restrict their kernal. I want automatic updates eliminated.
yeah totally safe, most people wont update at all
the issue here was not the update, but live patching a kernel driver without bothering to do any testing.
previously, they just got lucky.
I didn't realize the implications of this before now. This would be huge!
The dream: Microsoft changes from OS market to app share market by abandoning windows and making their own linux distro + developing a better version of proton for backwards compatibility
The reality: IDK, bluescreen of death everywhere?
This is not gonna happen, also in Linux with systemd there blue death screens.
I hope Microsoft improve compatibility with Linux and recognize is a better and secure method to develop OpenSource.
I don't think they move from windows to Linux in any far future because is his biggest product but they should open source the kernel and isolate the access like Linux. For me that would more than awesome!
I feel uncomfortable letting any third-party proprietary code run at ring 0, as it goes against the principles of Linux. Although the Windows kernel is proprietary, I can trust it to some extent due to its large market share in the desktop world. Despite the proprietary nature of the Windows kernel, I'm fine with sharing my data because I primarily use Windows for gaming. However, I'm still uneasy about running ring 0 code from an unknown company offering anti-cheat software. I wouldn't mind the anti-cheat software if I only used Windows, but with a dual-boot setup with Linux, any security provided by Linux is compromised if third-party code has unrestricted access to the hardware.
there are various reasons some driver code might need to be run in kernel mode, on pretty much any kernel for any os.
it was not the fact it was kernel code which did this, it was the fact they shipped untested code, which nobody serious has done since windows 3.11.
I understand this well. I'm a programming language enthusiast myself and have a fair amount of knowledge about kernels. It's one thing if a reputable antivirus company wants to operate as a rootkit for legitimate reasons, but I'm not comfortable with shady companies or individuals running their code on my device in kernel mode without clear documentation about their telemetry practices and what data they collect. Allowing just anyone to run their code in ring 0, especially proprietary code, is simply unacceptable.
Large companies have contracts with antivirus companies and often have dedicated cybersecurity departments, which I don't have. If any company wants access to ring 0, there should be checks in place, like a manual audit by Microsoft for a fee. Only binaries that are thoroughly audited and signed by Microsoft (perhaps for a fee) should be allowed to run in ring 0. Otherwise, everything at that level should be open-source. Ring 0 is not a place that should be granted access to a binary with just the click of a "yes" button.
@@ibrahim-tech microsoft and the companies had various measures in place, cloudstrike subverted them.
the file they shipped was either supposed to contain rules which a driver resident engine was supposed to apply, or contained executable pcode, both of which bypassed Microsofts driver signing process.
then they shipped it as a live update, without doing any tests worth mentioning, which bypassed the companies n-1 driver update policies.
@@grokitall wow
brodie robertson talks about how Crowd Strike crashed a lot of Linux servers a while back. Basically the same thing happened back then.
And that ran as a eBPF filter.
Such a solid content creator. Great info, homework and analysis
Can confirm as a Linux user and gamer that I lost time enjoying life by supporting Crowdstrike affected machines over that weekend.
Microsoft are not at fault at all. Microsoft require your driver to pass WHQL certification, which is pretty rigorous. CrowdStrike circumvented this pipeline by dynamically loading arbitrary executable binaries into the ring 0, which is a huge no-no.
Before creation, comes destruction.
I recently switched to linux mint. I hope this situation becomes a blessing in disguise for us linux gamers.
So Windows just discovered containers. Took them a while huh
Not containers, eBPF.
Definitely when Linux doesn't have a feature like VBS
@@zalnars7847 Like LVBS/HEKI for which patches are available since last year? KVM-based virtualization kernel protection is nothing new, just not a standard still
Containers are not a security boundary.
however they try to implement it, it won't work in this case. for this type of software to work, it needs its grubby little fingers everywhere. for containers to work, it needs to limit where those fingers can go, so the 2 solutions are fundamentally incompatible.
the anime radiation joke caught me off guard and had me rotflmmfao
You don't see the drawback. If no 3rd party has access to kernel - then it's only Microsoft who has total control over the system.
Some games also won't enable Linux EAC support because of the potential for bypassing it at kernel level. I don't think anybody told the idiots writing EAC that if you can 'potentially' do that under Linux, nothing really stops you from really bypassing it on Windows either if you know how. The main problem here is EAC is just not a good approach to combating cheaters, one of the golden rules of programming is 'never trust user input' or user-origin data. Just slapping a ring 0 rootkit in there to 'super mega promise the data is good bro' isn't a good practice. Implement your counter measures server side, as has been done for decades now. EAC is just snake oil for game studios imo.
That Meme about Windows.. "First time around bud" KeK!
This and Microsoft Recall caused me to permanently switch to Linux
Here is how Microsoft fixes this: Remove WHQL certification and blacklist the CrowdStrike driver from the kernel.
CrowdStrike need to be put out of business.
Another way to look at this: Kernel mode drivers should not be allowed unless they are driving a piece of physical hardware.
This can fix "zombie" processes on Windows
Edit:
Now that I think of it, this helps wine as well. Specially if Microsoft's compatibility patch for older programs is properly decoded and added to Wine!
ither a subtle knod to the chuddies in his audience or kenny just looked up "penguin soyjak" and didn't realize what TTD meant
I saw that immediately I guess people just missed it
He often speaks from ignorance so both is possible
Total Terminal Domination
What does the second T mean in a linux context?
@@BenQ.-ys4kp it has nothing to do with linux, it's from that one video of the kid getting interviewed by the fruitcake and the kid says "makeup doesn't belong on boys" and the fruit says "and who says that?" and the kid points to a picture of a penguin and says "the penguin" and then somebody made that jak for an edit of that video
Edit: he said it in the video just didn’t get that far.
Fun fact, Microsoft tried to lock down the kernel to prevent this from happening but the EU blocked them from doing it bc it was anti competitive.
What a fucking mess
no, it was anti competitive because they did not want defender to have to play by the same rules. they could just have had defender use the same apis that they wanted to force on everyone else, but chose to remove them instead. this choice was made by microsoft, not the eu.
@@grokitall no antivirus should be going into the kernel, except for the OS to protect itself.
Jayson, you've done it again. This cybersecurity thing is like competing in the NBA Finals, every day!
Immo, this is a great change.
Virtualization is such an interesting thing
i feel like some facilities like safe memory access could be a little change with a big impact. or some exception handling? i dont know enough about windows architecture but would this be bad for drivers? eg say audio divers that offer low latency cos they run in kernel mode.
BTW cheaters are all using DMA cards with AI ...
And that’s the problem cheating won’t ever be fixed unless there’s games that cheating just doesent work. Like mmos and games where proper cheating has no effect fps games have cheaters because it’s highest skill level ceiling vs like a moba where you have scripters that are way easier to detect than a fps cheater
@@corpingtonsor just leaving it to modders to create anticheat tools for dedicated servers or p2p, just saying most cheaters are so blatant these tools are actually way more effective than those provided by the game publishers since their solutions are like their updates; lazy, late and unmaintained, meanwhile modders weaponize their autism for eternity
"Crowdstrike marketing will be hitting all their targets for brand exposure in July."
Gonna have to ask what the middle T on Gaming Tux's shirt stands for
"Within 5 miles of a Malcolm X Boulevard" 💀
would this be something similar to mac system extensions after they stopped third party kexts? I'm not that familiar with it all tbh
Dear lord that intro zinger got me 10/10
Simple. Stop DEI hires and put the real programmers back in charge.
will you shop be selling a "TTD" shirt like that in the thumbnail
What does the middle T mean
@@BenQ.-ys4kp the slang word for a car's transmission
Yo wat up dude I think setting compressor audio filter in obs will fix the db issue with your mic on the “s” sound
Time to embrace microkernels. For decades we've been told the performance hit of additional context switching was an unsurmountable roadblock (even after L3 and L4 proved it doesn't have to be that much penalty) but now we should embrace the added safety.
Hopefully CPUs could be enhanced to assist the microkernel context switches, making the advantage of monolithic kernels irrelevant.
people have been looking for ways to reduce the cost of microkernels in terms of context switching and message passing since the 1970s. so far, everything tried which speeds up microkernels also speeds up monolithic kernels as well, which is why no mainstream os vendor ships a pure microkernel.
that line about anime was wild.
true, but still wild to say out loud.
most replayed is airing everyone's dirty laundry
That's some pretty savage 4th wall smashing!! Lol
0:28 Miss Kobayashi's Dragon Maid (Season 2) Jumpscare
Actually great song: My Silver Lining - First Aid Kit
The Lion's Roar is really good too.
@@billfarley9015 true; I like it :)
Not looked at windows for years, but is dropping a fake kernel32.dll into the windows folder still an option to root any system ?
awsm! I hope more gamers will eventually get the honor of joining us penguin loving, linux nerds 😊
Bro just accused Radiation of mentally challenging an entire nation. /s
The Valorant developers ain't gonna like that their Vanguard is being killed off.
i like how you compared the 2 nukes that were dropped onto japan to boobs
Liked for the great content. Subbed for the dragon maid scene.
0:30 the most cursed thing ive ever seen/watched in my entire life. even more than try-catch-throw 💀
Oeh, i was looking forward to this video, thank you!
Wouldn't blocking kernel access prevent the EDR solution from blocking threats?
THIS A CERTFIED LINUX CLASSIC
And this summarises Apples walled garden vs the wild west of vendors taking a dump on Microsofts lawn.
apple is not comparable, as they don't sell into the enterprise space, so most of the users would not be using apple.
@@grokitall Yes they do lol, most corporates are running iPhones now lol due to MDM, high restrictions etc. Macs yes I agree but part of the reason they aren’t deployed is because Apple doesn’t let software like Clownstrike run to the point of taking over their devices. iPhone went through the same garbage or telcos and 3rd parties a decade ago trying to rewrite OS updates and Apple said flat out no and were the first to do it. Microsoft needs to put on their big boy pants and shut down the free for all that has been happening on Windows for decades and take back ownership of their platform. It’s bad enough that everyone is trying to hijack iOS now with 3rd party app stores.
@@whatcouldgowrong7914 i mean apple don't do servers for mission critical jobs, not that apple do not have any products used by people working for businesses.
the needs are different. also an apple machine is basically an all in one computer, and they only provide a few designs at once. this is different from a general purpose platform like linux or windows which has to support anything that can be plugged into a suitable slot.
You got a video coming up on PKfail and Secure boot?