The Path You Choose

The Start

A long time ago, the almighties decided to chart their path regarding the operating system (OS) they were building.

Microsoft : “We are open for everyone, here is our kernel to play with.”

Unix : “No No No No, naughty folks! The kernel is kosher, you won't get access to it.”

The “kernel” of an operating system is the core of the operating system. All software running in the kernel is fully privileged. If software crashes in the kernel, the entire computer crashes. Everything else on a computer runs in “user space”. If software crashes in user space the rest of the computer is fine. A very simplified view but good to keep an eye on.

This is the late 90s and Microsoft with the help of Office and third-party software got off like a dream and Windows were everywhere.

The 2000s

The 2000s were the wild wild west of viruses and malware when you can't work without an antivirus. The viruses and malware?were exploiting the openness of Windows “kernel” to target its users. The goal of antivirus programs or malware scanners was to catch these bad actors and eliminate them. The best way to do so was to patch the “kernel” and operate at the lowest, most powerful layer of Windows.

The Fix

Microsoft realizes what they have done and in the run-up to the release of Windows Vista, introduced PatchGuard. PatchGuard guarded the kernel from being patched by 3rd-parties to increase security. This was a threat to security companies as Microsoft was shutting off access to the “kernel”.

The Retaliation

The matter went straight to E.U. regulators, making the case that Microsoft was unfairly limiting competition for security offerings. The E.U. agreed and Microsoft soon backed down. All this happened between 2004 and 2006. The stage is set as Microsoft can’t box its OS now.

The Cloud

After the disastrous 2000s, a wave of regulations was imposed on companies (this is important as we will see later) requiring them to adhere to a host of requirements that are best met by subscribing to an all-in-one cloud-based security solution that checks all of the relevant boxes, and CrowdStrike fits the bill. What is the same is “kernel”-level access.

The Crash

“On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems. The sensor configuration update that caused the system crash was remediated on Friday, July 19, 2024 05:27 UTC. This issue is not the result of or related to a cyberattack.” This is from the CrowdStrike blog.

So what happened is that software, which has the “kernel” access and will boot automatically with the Windows, had an error that is forcing affected PCs and servers into a recovery boot loop so machines can’t start properly. The solution for this was out within 90 minutes but the damage was already done. Since the systems were not booting, they can’t be repaired by an automatic update and need to be taken care of physically. The scale of this : 8 million systems which need to be fixed. Most of these are in the commercial space as there is almost no use case for something like CrowdStrike for personal machines. What this means is that some of the most critical infra is down including emergency response, hospital systems, airlines, hotel reservations, etc.

The Alternate Reality

Let's summarise what has happened:

• CrowdStrike created a faulty file.
• Failed to test it properly.
• Deployed it to its entire customer base in one shot, instead of rolling it out in batches.

Doing something different at each one of these steps would have prevented the widespread failures.?

The Future

Apple and Linux were not impacted as both have long since locked out 3rd-party software from “kernel” space. Microsoft, though, despite having tried to do just that in the 2000s, has its hands tied as it cannot legally wall off its operating system in the same way Apple does.?

So the future (as of now) = past.