512
top 46 comments
sorted by: hot top controversial new old
[-] Australis13@fedia.io 142 points 3 months ago

This is why you do staged rollouts of updates... not the entire planet at once.

[-] vividspecter@lemm.ee 73 points 3 months ago

And don't have automatic updates enabled for critical infrastructure.

[-] Shameless@lemmy.world 21 points 3 months ago

So true, this really highlights the risk of updates impacting critical systems vs critical systems being exposed to critical vulnerabilities. Its a real balancing act.

[-] Thann@lemmy.ml 1 points 3 months ago

It actually highlights the risk of having unaudited third party software running on your critical infrastructure

[-] cybersandwich@lemmy.world 12 points 3 months ago

I don't know exactly how crowd strike works, but this sounded like a "virus signatures" update (IE not a software update per se). And thats what caused the issue.

I think "real time virus protection" is why people use it so they expect the signatures to get updated asap/with little to no human intervention.

This is a crowd strike epic fail...for how they let their software blue screen systems with a virus signature update.

[-] Thann@lemmy.ml 2 points 3 months ago

No, you run Linux with automatic secutity updates turned on

[-] DarkThoughts@fedia.io 92 points 3 months ago

Can someone in non marketing terms explain what the fuck CrowdStrike Falcon Sensor is? I literally never heard of this company or product before.

[-] farcaster@lemmy.world 105 points 3 months ago

It's basically corporate anti-virus software. Intended to detect and prevent malware.

[-] Alimentar@lemm.ee 30 points 3 months ago

Apparently it's the next iteration of AI based antivirus where it uses smart algorithms to detect system behaviours and makes assessments on whether they're malicious or not

[-] Boxscape@lemmy.sdf.org 37 points 3 months ago

Apparently it's the next iteration of AI based antivirus

CrowdskyStrikenet

[-] greybeard@lemmy.one 25 points 3 months ago

I know there is a lot of marketing fluff, but yes, it is an EDR. Which means instead of just checking file signatures against a database if known bad stuff, it actually examines what applications do and makes a sort of judgement on if it is acting maliciously or not. I use a similar product. Although the false positives can sometimes be baffling, it honestly can catch a legit program misbehaving.

On top of that, everything is logged. Every file, network connection, or registry key that every process on the computer touches is logged. That means when something happens, you can see the full and complete list of actions taken by the malicious system. Thus can actually be a drain on the computer, but modern systems handle it well enough.

[-] catastrophicblues@lemmy.ca 3 points 3 months ago

What do you use? I’d be interested in that sort of thing

[-] greybeard@lemmy.one 5 points 3 months ago

SentinelOne. They are more reseller/MSP friendly, but the product is very similar to CrowdStrike.

[-] dditty@lemm.ee 2 points 3 months ago

We also use S1 and while it does often flag false positives, that's a whole heck of a lot better than the alternative. Also I have not noticed it being very resource intensive.

[-] greybeard@lemmy.one 3 points 3 months ago

It's overhead is more subtle than task manager can tell. Because of all its watching and monitoring, it slows down applications themselves. Task take longer. Sometime it is by a trivial amount, but I've been able to measure a notable difference in some task with and without S1, even if task manager says all is well.

[-] sukotai@lemmy.world 11 points 3 months ago

obviously, A.I consider microsoft as a malicious software. Sometimes, A.I is very accurate 😁

[-] Thann@lemmy.ml 2 points 3 months ago

Is it less expensive than ransomware though?

[-] lud@lemm.ee 5 points 3 months ago
[-] Quill7513@slrpnk.net 2 points 3 months ago

By a wide margin

[-] sudo42@lemmy.world 1 points 3 months ago

Ransomware you have to pay $10,000 every few years. Crowdstrike you have to pay $1,000 per month. Same number of outages for both. /s

[-] Quill7513@slrpnk.net 2 points 3 months ago

Add some extra zeroes to that ransomware figure...

[-] xavier666@lemm.ee 1 points 3 months ago

Can you tell whether this update was delivered by Crowdstrike's own update delivery pipeline of via Window's update pipeline?

[-] Quill7513@slrpnk.net 4 points 3 months ago

Absolutely nothing to do with windows pipelines or Microsoft

[-] xavier666@lemm.ee 1 points 3 months ago

Okay, thanks. There was a parallel Microsoft outage, so I thought they were somehow linked.

[-] catloaf@lemm.ee 3 points 3 months ago

Crowdstrike updates don't come through Windows Update.

[-] vext01@lemmy.sdf.org 70 points 3 months ago

It checks for malicious falcons in your system's level 4 aviary cache.

[-] horseloaf@lemmy.world 4 points 3 months ago

Ha ha! Well done!

[-] rockSlayer@lemmy.world 61 points 3 months ago

I work in QA on the night shift at a video game company. It was absolute chaos at work tonight lmao we only had a grand total of 6 working PCs between all of us

[-] RememberTheApollo_@lemmy.world 56 points 3 months ago* (last edited 3 months ago)

Company spyware. We have that on our devices. They used to have an “about” stored locally on the app, but removed it and a web connection is required to view the docs. Basically says it downloads/sees everything on your device and checks for threats. Thing is a few people have been fired for having things in their devices they shouldn’t. I didn’t ask what it was, nor did I hear how these things were “threats”, but nonetheless they were fired. Too many people treat company hardware like “free device, bro!” and put all sorts of personal stuff on the device. Most industries it’s probably not too big of a deal, but for mine if there’s an incident that happens when you were busy watching Netflix or something instead of doing your job you’re fucked. First thing they’ll do is check your device and crowdstrike to see what you were doing, and even if you weren't watching Netflix all your personal data will be exposed.

[-] BarbecueCowboy@lemmy.world 20 points 3 months ago

They definitely could, but most cybersecurity departments are paid too much to worry about minor items like that. If HR tells us to look into a specific user and gets the proper approvals so that everything is in compliance, we'll definitely get someone on the team to do it, but otherwise if we happen to see evidence of unapproved usage, we're mostly going to overlook it unless it could lead to something dangerous to your machine or the company as a whole.

EDRs like Crowdstrike can see very very nearly everything you do though, definitely everything you would care about.

[-] fuzzywombat@lemmy.world 48 points 3 months ago

Yikes. I feel sorry for all the help desk and support staff that has to deal with this chaotic mess all day.

[-] VieuxQueb@lemmy.ca 31 points 3 months ago
[-] WhatAmLemmy@lemmy.world 14 points 3 months ago

What kind of criminally incompetent psychopath rolls out a global update on a fucking Friday afternoon?

Is the CEO of CrowdStrike Satan?

[-] catloaf@lemm.ee 12 points 3 months ago

They push updates every day. Attackers don't take Fridays off.

[-] Excrubulent@slrpnk.net 2 points 3 months ago* (last edited 3 months ago)

I have heard that Friday afternoon can be better because it gives you a full weekend to put out any fires before business hours start again.

That's assuming it's a small error that doesn't roll on into the week anyway.

[-] rottingleaf@lemmy.world 3 points 3 months ago

They'll need that beer.

[-] worldeater@lemmy.ml 7 points 3 months ago

Yup, my phone is nonstop going off with slack messages and tickets. Time to mute it for now

[-] falx@lemmy.ml 34 points 3 months ago

What a striking name... CrowdStrike heh. They definitely live up to it!

[-] ramble81@lemm.ee 4 points 3 months ago

More like CrashStrike

[-] HulkSmashBurgers@reddthat.com 14 points 3 months ago
[-] Dasnap@lemmy.world 6 points 3 months ago

Looking forward to the Kevin Fang video in a few years.

[-] UnderpantsWeevil@lemmy.world 4 points 3 months ago

Crowstrike Onstrike

[-] mo_lave@reddthat.com 3 points 3 months ago

Crowd Strike's Final Fantasy

[-] rottingleaf@lemmy.world 1 points 3 months ago
[-] ulkesh@lemmy.world 1 points 3 months ago

That’s a shame.

this post was submitted on 19 Jul 2024
512 points (100.0% liked)

Technology

59119 readers
2213 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS