this post was submitted on 19 Jul 2024
523 points (99.2% liked)

Technology

59038 readers
3862 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] DarkThoughts@fedia.io 95 points 3 months ago (3 children)

Can someone in non marketing terms explain what the fuck CrowdStrike Falcon Sensor is? I literally never heard of this company or product before.

[–] farcaster@lemmy.world 111 points 3 months ago (3 children)

It's basically corporate anti-virus software. Intended to detect and prevent malware.

[–] Alimentar@lemm.ee 29 points 3 months ago (3 children)

Apparently it's the next iteration of AI based antivirus where it uses smart algorithms to detect system behaviours and makes assessments on whether they're malicious or not

[–] Boxscape@lemmy.sdf.org 35 points 3 months ago

Apparently it's the next iteration of AI based antivirus

CrowdskyStrikenet

[–] greybeard@lemmy.one 26 points 3 months ago (1 children)

I know there is a lot of marketing fluff, but yes, it is an EDR. Which means instead of just checking file signatures against a database if known bad stuff, it actually examines what applications do and makes a sort of judgement on if it is acting maliciously or not. I use a similar product. Although the false positives can sometimes be baffling, it honestly can catch a legit program misbehaving.

On top of that, everything is logged. Every file, network connection, or registry key that every process on the computer touches is logged. That means when something happens, you can see the full and complete list of actions taken by the malicious system. Thus can actually be a drain on the computer, but modern systems handle it well enough.

[–] catastrophicblues@lemmy.ca 3 points 3 months ago (1 children)

What do you use? I’d be interested in that sort of thing

[–] greybeard@lemmy.one 5 points 3 months ago (1 children)

SentinelOne. They are more reseller/MSP friendly, but the product is very similar to CrowdStrike.

[–] dditty@lemm.ee 2 points 3 months ago (1 children)

We also use S1 and while it does often flag false positives, that's a whole heck of a lot better than the alternative. Also I have not noticed it being very resource intensive.

[–] greybeard@lemmy.one 3 points 3 months ago

It's overhead is more subtle than task manager can tell. Because of all its watching and monitoring, it slows down applications themselves. Task take longer. Sometime it is by a trivial amount, but I've been able to measure a notable difference in some task with and without S1, even if task manager says all is well.

[–] sukotai@lemmy.world 4 points 3 months ago

obviously, A.I consider microsoft as a malicious software. Sometimes, A.I is very accurate 😁

[–] Thann@lemmy.ml 2 points 3 months ago (3 children)

Is it less expensive than ransomware though?

[–] lud@lemm.ee 5 points 3 months ago
[–] Quill7513 2 points 3 months ago

By a wide margin

[–] sudo42@lemmy.world 1 points 3 months ago (1 children)

Ransomware you have to pay $10,000 every few years. Crowdstrike you have to pay $1,000 per month. Same number of outages for both. /s

[–] Quill7513 2 points 3 months ago

Add some extra zeroes to that ransomware figure...

[–] xavier666@lemm.ee 1 points 3 months ago (2 children)

Can you tell whether this update was delivered by Crowdstrike's own update delivery pipeline of via Window's update pipeline?

[–] Quill7513 5 points 3 months ago (1 children)

Absolutely nothing to do with windows pipelines or Microsoft

[–] xavier666@lemm.ee 1 points 3 months ago

Okay, thanks. There was a parallel Microsoft outage, so I thought they were somehow linked.

[–] catloaf@lemm.ee 4 points 3 months ago

Crowdstrike updates don't come through Windows Update.

[–] vext01@lemmy.sdf.org 68 points 3 months ago (2 children)

It checks for malicious falcons in your system's level 4 aviary cache.

[–] horseloaf@lemmy.world 2 points 3 months ago

Ha ha! Well done!

[–] send_me_your_ink@lemmynsfw.com 4 points 3 months ago

It's software put on every machine so that the company can quickly isolate it if/when something bad happens (or it falls out of security compliance). To do this is requires a constant Internet connection, insanely high privileges on the machine and frequent updates to be appraised of risks.

That risk update went off the rails and into the next state.