Somebody’s getting fired and that company is getting sued. I’m very curious how much this outage will have ended up costing the global economy.
This was a separate outage unrelated to CrowdStrike a few hours earlier that took down a couple of airlines as well.
A majority of the VMs in the Azure CentralUS datacenter went down due to some sort of backend storage issue.
Clearly didn’t resolve it that well considering that most of a continent is out now
Edit: world, not continent now
I am thrilled right now that our company only started relying on cloud resources a few years ago and still don’t use services like this… I hope this is a wake-up call to them, so we never use something like this. I know the execs finally realized the cloud is not cost effective, and I hope we keep it a mixed bag instead of going in fully. I have been in IT for 18 years now, and thankfully, I have never had to deal with a disaster like this. Another close call was outsourcing our IT service desk to a company, and they wanted us to put agents on our pc’s so they could do their job easier. Luckily, our network team said absolutely not. Sure enough, that same year at Christmas time, they got hit with a crypto attack, and instead of having to deal with the agents, we just shut down the tunnel, and we’re fine. A lot of their clients were not so lucky. Screw the cloud and 3rd party services… it doesn’t save what you think, and you get poor services in return a lot of the time.
Airlines relying on Windows.
Sometimes I do feel afraid.
Dude, every bit of critical infrastructure around you is running Windows XP and McAfee ePO. The shit hidden in segregated control networks would make a security researcher from 2009 cringe.
Where I live infrastructure is actually a bit more modern, but I have seen Windows XP, 2003, 2008 very recently too.
I just did a fresh install of Windows 7 this week.
Whoa! Slow down! Does the plant manager know you’re on the bleeding edge?
Don’t worry, it was 32-bit.
Time to switch to alternatives
It isn’t a Microsoft issue in the first place. Doesn’t mean switching to alternatives isn’t a good idea, but this one isn’t on them for a change.
In a way it is a Microsoft problem. Windows can’t handle live updates to the system like Linux can. Security updates mean downtime to be scheduled. So they need a program to do security, so CrowdStrike comes in to do security for these companies since Microsoft can’t protect them. And mistakes happen.
Ah so it’s a linux problem when the gpu driver causes instability, cause NVidia is making a shitty and proprietary linux driver and the market share is too small to warrant putting more effort in. Linux doesn’t have it’s own fully-featured graphics driver, so that company has to come in and provide their own since linux can’t supply it. And mistakes happen. Roughly the same logic.
That’s not linux fault. Neither is it Microsofts fault when a company selling a security product decides it has to run in kernel mode and then they don’t properly test a release and just decide to yolo it.
Security definition updates can be installed without rebooting.
And Crowdstrike is a more advanced system compared to normal antivirus you would use at home. It’s an endpoint protection system that does more than scan for viruses.
Microsoft offers their own alternative called Microsoft Defender for Endpoint.
Both Crowdstrike and Microsoft Defender for Endpoint are available on Windows, MacOS, and Linux.
It’s an argument for decentralization. An argument that won’t be heeded.
Monocultures are like this, yes. The reason bananas are less tasty than they were 100 years ago.
Incidentally CrowdStrike has a Linux agent and my previous company was pushing us to install it to check another box on their Cyberliability insurance form. So this could just as easy happen there too.