Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Nah. That’s not the problem.

Kernel level code blindly loading arbitrary files?

Panicking when the file doesn’t parse because it’s not a memory safe language?

Not validating the files before loading them?

Not validating the files before SHIPPING them? No CI? No safety net?

No staged rollout in case of explosion?

There are far FAR bigger mistakes here than “sys admin didn’t have to press button”.



To play devil’s advocate, a staged rollout for antivirus definitions somewhat defeats the point since those definitions are supposed to be constantly updated.

I agree with the rest, especially the use of a memory unsafe language to do parsing in the kernel by a billion dollar security company blows my mind.

How can you even run a security company without any security professionals reading your code even incidentally? An impressive level of incompetence.


At least they could make a in house playground in the process to see if their new version ever work. Maybe something like guest computer in public area. Or some sort of vm to emulate end user system to see if they ever boots. And somehow we still get this.

How the heck they didn't find out the new version prevent the computer from booting at all?


Yeah that had crossed my mind too. I’m not sure which risk is bigger, breaking things or leaving them insecure.

I lean towards breaking things being the bigger risk.

But if even a handful of the other errors were corrected this would have been prevented and they wouldn’t have had to make that choice.


> Panicking when the file doesn’t parse because it’s not a memory safe language?

Whether a program panics or recovers when attempting to parse bad data is entirely orthogonal to memory safety. Do you have any in-depth technical information about the bug itself that you're basing this on?


Exactly this.

This is a faulty and dangerous product from conception to execution.


Is it normal to make outbound connections during boot? Doesn't that circumvent a firewall? That seems like something a security team evaluating whether they want this software on their network might care about during an eval period.. right?


Looking at the contents of c:\windows\system32\drivers\crowdstrike suggests it does all sorts of weird shit right down to injecting itself into UEFI and futzing with firmware. It's literally in everything.

Unfortunately "security" folk these days are box ticking fuckwits and this product brief ticked all the boxes. They do not understand any more traditional methodologies other than "install these magic beans and action the reports".

Invest in better software and network architecture and DR strategy instead.


CrowdStrike is so invasive that it needs firewall exceptions. It does a lot of the actual antivirus work in the cloud. It's a security nightmare.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: