197
submitted 4 months ago by Comment105@lemm.ee to c/asklemmy@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] Dran_Arcana@lemmy.world 18 points 3 months ago

This is correct, as in windows a driver is the most straightforward method to runlevel0 access. It absolutely could at any time do exactly what crowdstrike did. But also so could Nvidia/amd with GPU drivers, your motherboard manufacturer with chipset and RGB drivers, etc. it's not quite the smoking gun people make it out to be, as there are a lot of legitimate reasons to have this kind of system access.

The egregious part was that crowdstrike users agreed to allow a vendor to bypass canary channels and deploy straight to their endpoints.

[-] bountygiver@lemmy.ml 7 points 3 months ago* (last edited 3 months ago)

And that's the problem, like CrowdStrike Vanguard will update itself in the background unlike your GPU driver which you need to go through an update process explicitly, so if the same thing happens where they pushed a bad update, the same outcome of causing failed boots without prompt could happen.

[-] Comment105@lemm.ee 2 points 3 months ago* (last edited 3 months ago)

Does Vanguard not seek testing and validation by Microsoft before pushing updates?

I saw the recent video from the Task Manager designer Dave's Garage on YouTube, lack of thorough official validation seemed to be an important part of the CrowdStrike problem.

[-] kombos@discuss.tchncs.de 1 points 3 months ago

Microsoft testing updates? They have an extremely bad track record of that.

My information might be a bit outdated, but Microsoft themselves only test on virtual machines and let their Windows Insiders to the rest. Unfortunately that doesn't include many use cases in production.

So we sysadmin have to either test all Microsoft software/updates ourselves and/or fix mistakes from Microsoft after it was rolled out. That has caused thousands of hours of downtime this year alone in my company. All users combined that is.

Unfortunately management just believes whatever the sales/marketing teams tell them.

load more comments (3 replies)
this post was submitted on 22 Jul 2024
197 points (97.6% liked)

Asklemmy

43912 readers
855 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS