They did know. They knew the software had kernel-level access.
Microsoft gives the access anyway.
The conditions weren’t created by the EU.
Microsoft has felt like giving anyone kernel access since the dawn of Windows drivers.
...but it didn't. The EU didn't cause this issue, but without these poorly conceived regulations...it also would not have happened. The right response would be not to allow anyone to run software in Ring 0. However, € > best security practices.
Apple removed kernel extensions for everyone including themselves. While I have had a slow down here and there requiring a restart to stop whatever runaway process was happening, and have had some wonky behavior where an app takes control of the keyboard and won’t let go, I have’t had a KP in years. And that’s a good thing.
Shame on the customers allowing a third party to push ANY kernel level anything onto their mission critical systems.As always probably no money for testers, testers blamed for too slow product deployment but damn smokes on several versions of Windows it's not that hard... like 10 virtual machines or physical (not sure how it's done on such low level, had only experience with Windows RTX apps and normal ones), Jenkins and little time. The more the machines shorter tests of installing windows, updates for app, and updates for windows scenarios.
Then doing 2 more stupid things - deploying by Friday (ok if this was serious issue to be fixed with this antivirus update it can be missed) + deploying everywhere at once FFS... then as we know sys admins also should have possibilities to get patches always on test machines at first (so on "animals" to sacrifice) but who cares... maybe this almighty product does not have such line.... so let's allow auto updates on everything they have in the middle of night what could go wrong
Edit - this issue was on system boot so... extremely hard to test and notice on sysadmin side. Literally a clocking bomb.
If it was during system run - system crash would trigger guys.
Also I am surprised why kernel-level app has not done any more verification another than check for CRC and sign as it was said that faulty file had many nulls inside - so lack of data required I guess (not expert on such low level but somehow embedded stuff has that).
Shame on their testers indeed, hopefully they still had some humans on this role... but McAffee guys knows this f up very well. The more I think the more I see that the whole line of responsibilities was broken...
/tester
Crowdstrike caused the problem. MS made it possible.
The ruling was over a decade ago, and wasn't specific to doing this particular installation. Microsoft had plenty of opportunity to change the way it worked, both for themselves and thus equally for third parties as that is what it was about; the uncompetitive nature where consumers and businesses could not choose an alternative product, it was not about weakening security or operating system protections.
I disagree slightly. Testing will never catch everything, that's why you do staged rollouts. This would have limited the damage immensely.The real issue here is lack of testing by CrowdStrike, whose CEO was the CTO of McAfee the last time a similar thing happened:
This is the 2nd time CrowdStrike CEO George Kurtz has been at the center of a global tech failure
CrowdStrike CEO George Kurtz was the CTO of McAfee in 2010 when another security update caused millions of computers to crash around the world.www.businessinsider.com
Not true! He has the power to decide to install or not any software like Crowdstrike.
Oversight is not allowed by regulators (US and EU).
MR aligned to the war against EU to protect a$$le; but we know how it works: one bad comment, a non positive review and you enter into the cult marketing black list. No more pear stickers, ...
Last Friday, a major CrowdStrike outage impacted PCs running Microsoft Windows, causing worldwide issues affecting airlines, retailers, banks, hospitals, rail networks, and more. Computers were stuck in continuous recovery loops, rendering them unusable.
The failure was caused by an update to the CrowdStrike Falcon antivirus software that auto-installed on Windows 10 PCs, but Mac and Linux machines were not affected even though they received the same software. A report from The Wall Street Journal delves into what happened and includes some critical information from Microsoft on why Macs did not get taken out by the update.
On Windows machines, CrowdStrike's Falcon security software is a kernel module, which gives the software full access to a PC. The kernel manages memory, processes, files, and devices, and it's basically the heart of the operating system. Much of the software on a PC is typically limited to user mode, where bad code can't cause harm, but software with kernel mode access can cause catastrophic total machine failures, like what was encountered last week.
The Falcon software was not able to wreak similar havoc on Macs because Apple does not give software makers kernel access. In macOS Catalina, which came out in 2019, Apple deprecated kernel extensions and transitioned to system extensions that run in a user space instead of at a kernel level. The change made Macs more stable and more secure, adding protection against unstable software updates like the one CrowdStrike pushed out. It is not possible for Macs to have a similar failure because of the change that Apple made.
In a statement to The Wall Street Journal, Microsoft blamed the European Commission for an inability to offer the same protections that Macs have. Microsoft said that it is unable to wall off its operating system because of an "understanding" with the European Commission. Back in 2009, Microsoft agreed to interoperability rules that provide third-party security apps with the same level of access to Windows that Microsoft gets. Microsoft agreed to provide kernel access in order to resolve multiple longstanding competition law issues in Europe.
Apple has not been forced to make changes to how Macs work, but the European Commission has been targeting the closed nature of iOS, and Apple has warned that the updates that have already been implemented could lead to security risks in the future. The European Union's Digital Markets Act has pushed Apple to allow developers to offer apps through third-party marketplaces and websites. Apple says explicitly that the DMA compromises its ability to "detect, prevent, and take action against malicious apps."
The major CrowdStrike failure that affected Windows PCs highlights some of the unintended consequences and the tradeoffs inherent in legislation that weakens security in the name of open access. CrowdStrike's simple software update impacted global infrastructure, bringing travel, commerce, and healthcare to a standstill.
Microsoft does not seem to have a way to stop a recurrence because it can't cut off kernel access. The company says that significant incidents "are infrequent" and that less than one percent of all Windows machines were impacted. CrowdStrike says that it is "deeply sorry for the inconvenience and disruption," and that in the future, it will share the steps that it is taking to prevent a similar situation.
Article Link: Microsoft Blames European Commission for Major Worldwide Outage
You linked two posts that say you can’t access the Kernal on iOS or Mac, even via sideloading. What makes you think you can?
You seem to miss the point. People aren’t disagreeing with you about that. The point is that this is wholly within control of Microsoft, and has nothing to do with the EU. It’s Microsoft choice how they implement it, just do it in compliance with the rules.
