278
submitted 4 months ago by sag@lemm.ee to c/showerthoughts@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] Carighan@lemmy.world 140 points 4 months ago

And keep in mind, the falcon sensor exists for Linux. All those big companies largely use it.

Essentially we just got lucky that their buggy patch only affected the windows version of the sensor in a showstopping way. Could have been all major OS.

[-] 1984@lemmy.today 15 points 4 months ago* (last edited 4 months ago)

I don't think the Linux culture is very similar to the windows culture. At least for me personally, I wouldn't use crowdstrike and let them install whatever they want into my environment.

Maybe it's just me.

[-] Carighan@lemmy.world 81 points 4 months ago

It's not your machine, your choice of distro, or your choice of specific packages to use or not use. It's a work tool you get handed as part of a job. So whether CrowdStrike runs on it or not is not your decision and you aren't allowed (and usually not capable) to change that.

That's an entirely different situation from one where you get a PC to do with as you please and set up yourself, or a private machine.

Plus we're mostly talking endpoint devices for non-technical users with many of these difficult-to-fix devices as techs have to drive out to them. The users expect a tool, and they get a tool. A Linux would be customized and utterly locked down, and part of that would be the endpoint protection software.

[-] Takios@discuss.tchncs.de 43 points 4 months ago

We tried to fight against having to install Crowstrike on our Linux servers but got overruled by upper management without discussion. I assume we are not the only ones with that experience in the world due to the need to check a checkbox for some flimsy audit.

[-] CookieOfFortune@lemmy.world 3 points 4 months ago

I bet you could bring it up with them now…

[-] Damage@slrpnk.net 2 points 4 months ago* (last edited 4 months ago)

You're actually confirming their point about culture though. The fact that you couldn't stop them doesn't mean that it also happened to everybody else: some management may have listened. Linux users abhor adding weird shit to their OS, Windows users do it all the time.

[-] candybrie@lemmy.world 30 points 4 months ago

Essentially no one has crowdstrike on their personal machines. Not Windows users, Mac users, or Linux users. So it's corporate/large organization culture that matters. And they absolutely use it.

[-] Diplomjodler3@lemmy.world 26 points 4 months ago

Are you an admin in a corporate data center? If not, you're not in the target audience for that product.

[-] sxan@midwest.social 2 points 4 months ago

Yup. And I think that says more about the corporate culture than the company that caters to them.

[-] yeather@lemmy.ca 6 points 4 months ago

Welcome to the world of big retailers! They would rather run Linux with crowdstrike than make their own system.

[-] ludrol@bookwormstory.social 8 points 4 months ago
[-] nevemsenki@lemmy.world 13 points 4 months ago

That's only true if you run falcon-sensor in ebpf and not kmod mode.

[-] sag@lemm.ee 4 points 4 months ago
[-] lord_ryvan@ttrpg.network -2 points 4 months ago

The issuw didn't affect Linux and macOS systems with Crowdstrike Falcon installed, though, only Windows systems.

On Windows, booting into Safe Mode and removing C:\Windows\System32\Drivers het bestand C-00000291*.sys temporarily solves the BSOD issue, as well.

[-] Brkdncr@lemmy.world 24 points 4 months ago

The point is that it could have. Or maybe some unknown 0-day gets used by someone out to cause chaos instead of collect random.

[-] lord_ryvan@ttrpg.network 6 points 4 months ago

That's true

On one hand I hope people are smart enough to run updates to critical systems on a test environment, first. On the other hand I've learned that that is not at all the case yesterday.

[-] Brkdncr@lemmy.world 11 points 4 months ago

Many security products have no test option. One I’m using has a best practice of a 15 minute delay between test and prod and no automation to suspend besides relying on the vendor to pull the update it within 15 mins if it were to go full crowdstrike.

[-] SeeJayEmm@lemmy.procrastinati.org 10 points 4 months ago

The problem her was that this wasn't a traditional update. It was delivered automatically as a "content" update (like how old av would have definition update). We were given no room to test.

this post was submitted on 20 Jul 2024
278 points (93.2% liked)

Showerthoughts

29816 readers
183 users here now

A "Showerthought" is a simple term used to describe the thoughts that pop into your head while you're doing everyday things like taking a shower, driving, or just daydreaming. A showerthought should offer a unique perspective on an ordinary part of life.

Rules

  1. All posts must be showerthoughts
  2. The entire showerthought must be in the title
  3. Avoid politics
    • 3.1) NEW RULE as of 5 Nov 2024, trying it out
    • 3.2) Political posts often end up being circle jerks (not offering unique perspective) or enflaming (too much work for mods).
    • 3.3) Try c/politicaldiscussion, volunteer as a mod here, or start your own community.
  4. Posts must be original/unique
  5. Adhere to Lemmy's Code of Conduct

founded 1 year ago
MODERATORS