Apple have been pushing developers away from kernel extensions to system extensions.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
CrowdStrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected
- Thread starter MacRumors
- Start date
- Sort by reaction score
Safe-mode with Network support has existed since the original Windows NT. The problem isn't that Microsoft didn't build such a mitigation into Windows, it is that that type of mitigation opens up a system to users being able to bypass many security mitigations (such as boot-level protections normally offered by corporate security systems), so those mitigations are disabled on critical systems.
The problem is specifically that the issue was caused by security software. That software is given god-mode access to the OS (all the way to the boot-loader in some cases), and so if it is ever screwed up, it has the ability to cause catastrophic damage.
Again on the Mac, it's not a matter of Apple allowing 3rd party developers acces to core system elements. It's you.
Agree its a different model than iOS and it's clear that Apple knows the potential risks on the Mac side. At the same time they know that the needs and expectations of that community require that end-users can make system modifications.
You might but others don't want MacOS to go that way. Their question might be when there is already iOS and iPadOS, why do you want MacOS to be more like them? Especially if MacOS comes locked by default and the vast majority of users leave it there.
Would argue the system owner is responsible for defining policies the sys adms are operating by. If a system owner is outsourcing updates to a 3rd party, the 3rd party would be the "de facto system adm" of that system element. Parts of the sys adm role is outsourced, and the sys adms responsible for the rest would not be responsible for whatever the "3rd party sys adm" does.
Shurely, they will face the fan when the sh**storm hits though.
A somewhat messy approach, in particular in cases like this one where manual intervention is required rather than just a rollback.
Those that have all inclusive access to the system need to be held accountable at a significantly higher level. Mess up, should be a very expensive event. These folks will not take their mistakes seriously until the costs are high enough to get their attention.
Because one is a general-purpose operating system developer and the other is a specialty security services provider. One is expected to take ordinary steps to secure the platform for ordinary usage, the other has expertise in mitigating security issues in a wide range of environments.
It's the same reason you don't expect USPS to provide the same level of security as Brinks.
In my professional life, I do Crisis Communications for large corporations. I’m brought in when the **** hits the fan.
The number one thing that my clients always want us to help them do is more effectively deflect the blame to somebody else. We nearly always tell them this is a non-starter approach to the crisis. For example, a restaurant whose food kills someone wants to blame the supplier of that food (for example, their meat supplier). Never works. In the end, the Restuarant served the food.
If Microsoft contracted my firm to message this, we’d absolutely steer them away from saying “this is the fault of Crowdstrike” or “The sys admins shouldn’t have enabled auto-update.!” In the end, those who are launching their machines and seeing the BSOD are using a system that is owned and developed by Microsoft. Microsoft developed the system that allowed Crowdstrike to brick millions of computers.
Microsoft will absolutely be reviewing the wisdom of kernel-level access for 3rd parties following this. And that’s the messaging I’d suggest Microsoft take: how do WE, Microsoft, help our customers avoid this problem going forward.
The number one thing that my clients always want us to help them do is more effectively deflect the blame to somebody else. We nearly always tell them this is a non-starter approach to the crisis. For example, a restaurant whose food kills someone wants to blame the supplier of that food (for example, their meat supplier). Never works. In the end, the Restuarant served the food.
If Microsoft contracted my firm to message this, we’d absolutely steer them away from saying “this is the fault of Crowdstrike” or “The sys admins shouldn’t have enabled auto-update.!” In the end, those who are launching their machines and seeing the BSOD are using a system that is owned and developed by Microsoft. Microsoft developed the system that allowed Crowdstrike to brick millions of computers.
Microsoft will absolutely be reviewing the wisdom of kernel-level access for 3rd parties following this. And that’s the messaging I’d suggest Microsoft take: how do WE, Microsoft, help our customers avoid this problem going forward.
In a perfect world, having Microsoft shoulder some of the burden would be the morally right thing to do. However, they are still a multibillion dollar company that would prefer to avoid lawsuits and is in a position to push someone else onto the sword and they have the army of lawyers to do just that. Going broke wont kill businesses. Admitting fault will.
Deflect, attack and gaslight is the way of the world now. I agree that internally, Microsoft will be doing a top-down review of everything this has done but it would shock me if, externally, they take one ounce of blame or accountability.
And Crowdstrike should absolutely get nuked over this. But Microsoft should suffer as well; and Microsoft WILL suffer from this. This does reputational damage to Microsoft.
Right, but this is generally a solved problem in Linux. There are routine ways to update a Kernel that will revert back to an older Kernel, or at least reach out to some secured known netboot server to figure out what to do next.
The issue is Windows didn't automatically boot into a state that allows fixing it remotely. A total system lockup is among the worst possible results in mass-deployed systems.
To be clear, I wouldn’t message them to say “We are at fault.” But I’d absolutely tell them to not spend their time saying “this is CrowdStrikes fault!” What I’d steer them to is “We at Microsoft are working hard to safeguard our clients so this this can never happen again.”
And the companies that "served the food", as you say? The ones who are currently unable to serve their customers because of an IT outage? What amount of blame do you think they should take? After-all, they deployed Crowdstrike. They also enabled immediate updates. They deployed Windows-10 based systems. They also avoided upgrading those systems to Windows 11. What messaging do you propose for those companies, in the hypothetical world where they contract your firm?
They gave us access to our keys so that we could do it ourselves, which kind of surprised me.
Nobody gets a pass here. But the bigger players are going to get more blame. And Microsoft is at the very center of it.
For Microsoft to say “IT departments should NOT have allowed for auto updates” would be a disaster of a message for them.
To be honest, I belive Dyson is responsible for this. Anything to distract people from having these ones eternally burned into retinas....
www.macrumors.com
Dyson's New OnTrac Headphones Rival AirPods Max With 55-Hour Battery Life and Customization Options
Dyson today introduced its second pair of headphones, the OnTrac, focusing on customization and premium features to directly compete with the likes...
www.macrumors.com
The company that nearly launched Recall with no thought of the security consequences isn't going to do anything about kernel-level access. Nadella's Microsoft is fundamentally too broken to make those sorts of hard calls.
Absolutely, but I was just wondering if sysadmins even have the option. For example, it's my understanding that people who use Jamf Cloud to manage their device that Jamf is in control of the updates - admins do not decide on a schedule.
With how widespread this is I cannot imagine the sysadmins are at even partially at fault here. If so, then I should get my resume ready for some job openings.
Imagine how worse it would be if all IT guys have been replaced by AI.
They just did the same for myself and another in my department (pharmacy). I work in informatics, so I have more tech knowledge than most that I work with, but I'm absolutely not IT.
Boot with a bootable flash drive IT prepared, unlock bitlocker then delete the file. I have about a dozen computers to work on, and it's slllllooooooowwwww. I guess my pharmacy work will have to wait.
Last edited: