Kind of sharing this because the headline is a little sensationalist and makes it sound like MS is hard right (they are, but not like this) and anti-EU.
I mean, they probably are! Especially if it means MS is barred from monopolies and vertical integration.
Microsoft has Windows Defender, its in-house alternative to CrowdStrike, but because of the 2009 agreement made to avoid a European competition investigation, had allowed multiple security providers to install software at the kernel level.
Lmao what
I’ve always insisted that Defender is the best AntiVirus and Intrusion prevention solution for any Windows Machine.
MS has a vested interest in making sure nothing bad gets publicised about their OS. As long as the threat exists, (and barring regulatory restrictions) MS will maintain the best intrusion prevention and detection features.
The AntiVirus industry has a vested interest in scaring people into continuing to pay their subscriptions. There are even some conspiracy theories going around that some AV vendors actually pushed viruses into the wild that they could intercept but their competitors couldn’t.
Apple Computers have a reputation of not having viruses (even through they do) partially due to the Security/Obscurity myth and partially because they lock down macOS and have tightly integrated in-house virus detection. The other reason is that their user base is almost exclusively End-User Retail, which is not currently a profitable target.
i find the level of ms apologia unsettling. remember, we’re only a few news cycles away from the time ms almost shipped windows with spyware and keylogger built-in
This is a unique situation because absolutely everyone involved deserves to go bankrupt and disappear into the darkness.
You have a closed-source OS that causes a vast swath of our infrastructure vulnerable to MSFT’s whims and incompetence, and built on top a closed-source AV market that allows the infra to be extremely vulnerable in a second, unrelated way, plus the cross-product of them both since AV gets so tightly integrated to the kernel.
Until we can force MSFT to open-source Windows with a small military invasion of Redmond or some shit, maybe at least this will make people think twice before they install "anti"malware from an equally untransparent corpo straight into mission-critical infrastructure like a horny teenager putting his raw dog into a coconut.
yup.
also: it was microsoft’s business decision to make the api required for av (or, more general security subsystems) to function so low-level that it has to be delivered as a kernel driver and operate in ring0. i guess it’s primarily for the performance reasons, but still, there are other technical options. someone made the executive decision there.
on the other hand, it was crowdstrike’s business decision to make the bloody update parser run in ring0, and without verification that the update data is correct, nobody forced them to do it that way.
let them both burn.
Best summary;
The whole problem with Microsoft in general is that they want to be Apple. They want their own hardware & software ecosystem that they rule over with absolute power. But culturally they’re not Apple, they’re a child that needs 24/7 adult supervision. They can’t and won’t do security, their track record of handling all types of incidents is abysmal, and they’re absolutely terrified of making any changes that might mildly inconvenience enterprise customers. They want all the benefits of controlling their own ecosystem, but will take on exactly zero of the responsibilities. They literally cannot be trusted to secure their own ecosystem and the EU for sure knew this.
and they’re absolutely terrified of making any changes that might mildly inconvenience enterprise customers
Correction, they don’t think about such changes at all. There are no other concerns than those of big-paying customers, and even then you need a bunch of big enterprise customers request something for the thing to even end up being considered for the backlog.
The unaccountable 3rd Party market that is built around MS is what caused the issue.
No OS is 100% secure, but as soon as you allow 3rd Party vendors to fuck around at the kernel level, they get much less secure.
Microsoft is to blame for allowing these fucktards kernel-level access. There were other ways they could have enabled third-party intrusion prevention software without giving away keys to the city.
again, there’s no need to defend microsoft: microsoft could do the right thing and not try to use the situation in an attempt to undermine eu antitrust policies using a bullshit take.
Microsoft is to blame for allowing these fucktards kernel-level access.
This is a backwards take.
The only way to have actual security is for the entire kernel to be completely open source. Microsoft is too blame for not giving everyone kernel-level access.
macOS has some level of application sandboxing, Windows apps, in practice, have none. They tried it a bit years ago but immediately gave up. Antivirus has always been the dumbest solution.
As vehemently anti-Microsoft as I am (and seeing this with Apple tinted glasses), I have to agree. I believe Apple having full control over their kernel is best for users because of the same arguments you’ve made — I can’t argue that Apple should while saying Microsoft should not.
I don’t really know anything about Defender but I do believe the software vendor itself should be and is responsible. I’m very liberal and I love what the EU is doing in some areas but I think some of it (like this) is a bit over the top.
If they’d made their OS anywhere near reasonably constructed antivirus would be mostly snake oil and nobody would be in trouble. The trouble starts when antivirus software is necessary, at which point third-party antivirus software sort of has to be an option and then you’ve got this mess.
Agreed 💯
If windows wasn’t so shitty then nobody would need extra software to protect their systems.
There was a System component called Microsoft Defender that made all other AV obsolete.
Obviously, this caused a lot of European AntiVirus vendors and Intrusion Tool vendors to get upset so there was a court case to prevent Microsoft from bundling Defender with Windows for corporate customers.
Microsoft is arguing that if it wasn’t for the Court Case artificially opening the market to incompetent vendors, the problem wouldn’t have occurred.
Windows has had some major security flaws over the years but ever since Vista, (and before that XPSP2), they have made a concerted effort to fix them. This has caused quite a few compatibility issues for programs that (ab)used these security flaws due to lazy or malicious programming.
Windows has had some major security flaws over the years but ever since Vista, (and before that XPSP2), they have made a concerted effort to fix them.
I don’t think we need to characterise famously monopolistic/anticompetitive Microsoft as an UwU “trying my best!~” anime character (it’s been done) that needs to be left alone to do their thing while we cheer it on, dawg. There are many issues with how this all went down, and Microsoft is just opportunistically taking shots at their arch-nemesis, legislation specifically targeted at their core business strategy of anti-competition.
I feel a little more ambivalent than usual in this particular case. It’s probably because I have little good to say about the AV vendors’ side in the matter either.
It’s a little different from something like the IE era browser wars, where MSFT was (more than nowadays) able to push de facto web standards, which would then affect users on all platforms. Or the chokehold they and Alphabet have on email, which directly drives people and organizations to commercial email services (namely theirs). Or the fact that approximately 100% of PC games are on their OS and oh oops now they own most of the biggest video game studios too, curious!
By comparison, antimalware is more tightly tied to the OS in the sense that commercial antimalware products for other platforms than Windows are fairly niche and exploits tend to vary a lot by platform. Since Defender is a part of Windows, it doesn’t really hurt MSFT’s bottom line if someone decides to install a third party antivirus, except when issues like this very outage give a bad name to the whole OS and company. Not that Microsoft’s own code is somehow foolproof, but you could argue it’s better to have a Defender bug every now and then than CrowdStrike bug today, F-Secure bug tomorrow, Trend Micro next week, Kaspersky soon after than, then Comodo and Check Point followed by Trend Micro again…
So if we are to accept that the plan to give Defender special treatment in the Windows kernel is not for the purpose of selling more copies of Defender (since it comes built-in with Windows anyway) and that it would reduce the occurrence of outages like this one, the main downside (if you consider it such) is that it would instantly obliterate the commercial malware blocker industry. So I guess that’s pretty anticompetitive.
And tangentially, having to beg the EU to make big brother Nadella share kewnel intewface with poor widdle AV shops kinda shows the industry is already EEE’d to a terminal stage.
Now, I think all of that is being overly generous to the titan of monopolism that is Microsoft Corporation, but I can indulge in a little bit of lawnmower anthropomorphization when it’s mowing a lawn I don’t like anyway. Was it a good or bad thing that the 2009 agreement with European Commission required this provision for security vendors? I don’t know. Microsoft sure likes to say “regulation bad” though.
the main downside (if you consider it such) is that it would instantly obliterate the commercial malware blocker industry.
Don’t threaten me with a good time
Addendum: Today I remembered Microsoft Defender for Business exists, so fuck them and the anticompetitive horse they rode here on lmao.
Even if that’s all true and not missing any context it’s a pretty bold argument to blame the EU instead of the incompetent vendors themselves or the companies with sufficiently poor practices that this update was pushed to all users without proper testing and validation. Microsoft themselves isn’t above pushing a bad update, and it’s obviously not like crowdstrike are an unknown bunch of yahoos that everyone should have known not to trust. Instead, largely because of the anticompetitive practices of every company in the IT industry we find ourselves once again facing massive systemic disruptions from a small error in one component of the wider infrastructure.
I can’t get over how absolutely awful everything and everyone involved is here.
The terrible Windows kernel, the awful MSFT practices, the horrible engineering decisions, and the propretiary AntiVirus market that shouldn’t exist as it is an afront to everything good and beautiful in this world. People who shouldn’t be trusted with a soft cushion out of concern that they’d wreck havoc, but vested with so much real power they can bring down airports, hospitals, half of the global infrastructure to a screeching halt.
We should be suing Bill Gates’ parents for damages their frivolous decision to bear children caused.
I had an engineering call with crowdstrike today. They only had been running unit tests before deployment.
But do they have a scheduled weekly email with a list of tests that are known to be broken and allowed to fail in CI that then has to be manually checked against the test run report before merging? LIKE MICROSOFT DOES FOR AT LEAST ONE MISSION CRITICAL SERVICE I WORKED ON?
Are they cuddling up to clownstrike for some reason?
This is entirely clownstrikes fault! If they even remotely validated their input this would have gone very differently
They just saw an opportunity to attack regulations and leaped on it.
Yes how dare they use Windows as their operating system.
This was widely regarded as a bad move and made a lot of people very angry