The sheer scale of the global IT outage caused by a faulty software update has left many wondering how one update to one company’s security software could have such massive impact.
Ironically, the effect of the CrowdStrike flaw has been almost identical to the very thing it’s intended to prevent …
Part of the reason for the scale of the impact is the simple fact that CrowdStrike is used by almost every major corporation in the world.
United, Delta, and American Airlines are among the airlines who have been forced to ground flights. Broadcaster Sky News was taken off-air for several hours. Many retailers have been unable to accept payments. In short, it’s chaos out there.
But the other half of it is the nature of the software, as Bloomberg explains.
Traditional antivirus software was useful in the early days of computing and the internet for their ability to hunt for signs of known malware, but it has fallen out of favor as attacks have become more sophisticated. Now, products known as “endpoint detection and response” software that CrowdStrike develops do far more, continually scanning machines for any signs of suspicious activities and automating a response.
But to do this, these programs have to be given access to inspect the very core of the computers’ operating systems for security defects. This access gives them the ability to take disrupt the very systems they are trying to protect.
One of the biggest threats to today’s IT infrastructure is destructive ransomware attacks, where an attacker takes a company’s mission-critical systems out of action, and won’t restore them until a payment is made. That’s one of the main things CrowdStrike is intended to prevent.
But because the software is given such powerful access to machines, then a flaw in the software has as much potential destructive power as the type of attacks it’s supposed to block.
Top comment by FishWhisperer
Not sure the fact that Apple has its own endpoint security framework is inherently better or more secure, but it does show Apple's commitment to own parts of the security infrastructure that affect their users, and in this respect it looks to me they are ahead of Microsoft. This, together with the fact that Microsoft has suffered major security breaches where it has been very secretive in disclosing the true impact, together with the fact that corporations have widely different setups, makes me think Apple is a better choice, if you have one.
At least in this case, there is a workaround, and there will quickly be a fix. But actually implementing that fix is going to take considerable time. That’s because there may be no way to automate a rollout: as the affected machines are down, there’s no way to reach them remotely. It’s looking very much like it will involve IT staff physically visiting each of the PCs taken out (except for virtual machines, where up to 15 reboots can resolve it).
Even the temporary workaround means booting the machines in safe mode, and many of them will have corporate settings to render this impossible – again, because of the security risks of bypassing protections intended to run during boot-up.
Macs aren’t affected because Apple offers its own Endpoint Security framework.
Photo by Ivan Vranić on Unsplash
FTC: We use income earning auto affiliate links. More.
Comments