this post was submitted on 21 Jul 2024
32 points (94.4% liked)

Pulse of Truth

514 readers
250 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 1 year ago
MODERATORS
 

Wall Street Journal: Microsoft says it cannot wall off its OS due to a 2009 deal with the EC to give security software makers the same level of access to Windows that Microsoft gets  —  Global outage on Windows machines caused by CrowdStrike highlights Microsoft's security challenges

top 9 comments
sorted by: hot top controversial new old
[–] BananaTrifleViolin@lemmy.world 24 points 4 months ago

The Microsoft PR and Legal department are on this, trying to spin them as the victims.

Fuck Microsoft, this is their fault. Theur monopoly and anti competitive pragroce has made it worse. They need more intervention to force open their system and allow other vendors to be able to offer viable alternatives.

We wouldn't have had such chaos is we didn't have so many companies stuck depending on a duopoly of Microsoft and Crowdstrike.

[–] Redredme@lemmy.world 22 points 4 months ago

Which is bullshit. As a sysadmin i was battling with low level tcp/Ip filters and other shit since at least WinXP. And probably nt4sp3.

I've been saying that antimalware is worse or at least the same as the stuff it tries to protect against for decades. Invisible cpu cycles. Hidden disk io. Tcp filters. Maxing out your network connection trying to access every resource on your network. Assraping SNMP. Blocking network access when the license expires. (mcafee) criplling java code. (decompressing every jar known to man)

And most of this is still true. Is your pc slow or hanging without any visible reason? Chances are defender is doing some ultra secret very hush hush antimalware shit.

I always disabled everything on my own systems on my own private lan and did ferocious edge protection, log reporting and scanning everything from one node.

Then came ransomware. And the risk of running without on local nodes just became too big.

Anyway This has been an issue since forever. If anything it became less worse as of 09 because everybody got access to documentation so they finally learned what NOT to do.

[–] JeeBaiChow@lemmy.world 6 points 4 months ago (2 children)

Then make sure no auto updates without a sysadmins ok. Not rocket science.

[–] OppositeOfOxymoron@infosec.pub 5 points 4 months ago

The whole point to Endpoint Protection is to quickly and easily send updates to block currently exploited vulnerabilities to the systems most likely to be affected. Adding a delay for in-house QA testing (and the associated costs) doesn't make any sense.

[–] svieg 3 points 4 months ago

I think it's very unrealistic to expect all sysadmins to spot uninitialized memory access in all software they don't produce. This calls for independent software testing at scale which is more elaborate than just pushing the responsibility to sysadmins.

[–] pete_the_cat@lemmy.world 0 points 4 months ago* (last edited 4 months ago) (1 children)

Just use Linux, we don't have these problems 😉

I only use Windows to play games, everything else runs Linux.

[–] ieatpillowtags@lemm.ee 2 points 4 months ago (1 children)

Crowdstrike runs on Linux too, fyi. It’s broken it before, just not on this scale.

[–] pete_the_cat@lemmy.world 1 points 4 months ago

Yes, I'm aware, I interviewed for a job as a Linux Engineer there 😉

[–] EmperorHenry@infosec.pub 0 points 4 months ago

Just do research on the history of whatever antivirus program you're going to be using.

Crowdstrike is a really shitty company that helped cover up the DNC's rigging of the 2016 democrat primary. Why would you ever want to support them by paying for their crap?