[Info-vax] A meditation on the Antithesis of the VMS Ethos

[Craig A. Berry]

On 7/21/24 8:50 AM, Arne Vajhøj wrote:
> On 7/21/2024 8:55 AM, Craig A. Berry wrote:
>> On 7/21/24 4:41 AM, Subcommandante XDelta wrote:
>>
>> It was not a kernel driver.  It was a bad configuration file that
>> normally gets updated several times a day:
>>
>> https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
> 
> So not a driver.
> 
> But I will not blame anyone for assuming that a .SYS file under
> C:\Windows\System32\drivers was a driver.

It was a reasonable guess, but the OP claimed that Microsoft's kernel
driver approval process was somehow involved, which doesn't seem to be
the case.  On the other hand, a kernel driver that can reconfigure
itself multiple times a day from data obtained over the network may
avoid some kinds of problems, but clearly it can cause others.

>> CrowdStrike thought updating the entire world in an instant was a good
>> idea. While no one wants to sit there vulnerable to a known threat for
>> any length of time, I suspect that idea will get revisited. 
> 
> I have already seen speculation that IT security will decrease because
> patch deployment speed will slow down.

If you update too slowly, you are vulnerable.  If you update everything
immediately all at once world-wide, you risk catastrophic failure. There
is no free lunch.

> Arne
> 
> PS: I don't like the product!

Since Friday you probably have a lot of company :-).