[2/2] … the unjust consequences of the proprietary nature of Windows, but I don't actually know. It would be very useful to know for certain.
Conversation
Notices
-
Embed this notice
Richard Stallman (rms@mastodon.xyz)'s status on Monday, 22-Jul-2024 23:06:44 JST Richard Stallman -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 23-Jul-2024 00:44:54 JST 翠星石 @rms The "CrowdStrike" software can summed up to be a kernel-rootkit antivirus.
Via a remote control mechanism, "CrowdStrike" regularly automatically downloads updated "signature definition" files, which are parsed by a kernel module that looks for matching "signatures" of attacks and is meant to stop them or something.
"CrowdStrike" pushed out a corrupted definition file to pretty much every woedows computer in the botnet, which the parsing NT kernel module will choke on and try to access low kernel memory that it wasn't allowed to access - due to the unprofessional design of the NT kernel, this triggers a bluescreen and a shutdown, rather than it trying to handle the error.
As the buggy kernel driver is loaded not long after boot (aside from in safe mode), every time such affected woedows computer boots, the bluescreen would happen again - with the "fix" being to either boot up into "safe mode" (quite bothersome if bitlocker is enabled, as often a unique 48 character password is required to access "safe mode" on such computers) and to delete the corrupted definition files, or to reboot 15+ times and hope new definition files are fetched and overwrite the corrupted files before it crashes.
I wrote a buggy kernel module for Linux-libre, the kernel, that dereferences a NULL pointer (a similar kind of bug) and as that is a professionally written kernel, it just dumps an error to dmesg and does not crash.
"CrowdStrike" is also available for GNU/Linux, where is was previously a Linux module (which was known for causing kernel panics often due to terrible programming), but now it's a eBPF program - which is a VM designed to try to make it impossible for ran programs to crash or exploit Linux - but I'm sure "CrowdStrike" will eventually accidentally pull that feat off. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 23-Jul-2024 00:48:31 JST 翠星石 @rms Also, the only reason the GNU/Linux version of "CrowdStrike" hasn't previously bricked every single computer like as what as happened recently, is because the computer manager actually has control as to when updates are downloaded and such sort generally do some testing themselves before rolling out an update. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 23-Jul-2024 01:57:01 JST 翠星石 @anthk The "CrowdStrike" module was apparently GPLv2 as all Linux modules must be, or must be under a compatible license, but the details of this I can find are limited. -
Embed this notice
Anthk (anthk@paquita.masto.host)'s status on Tuesday, 23-Jul-2024 01:57:02 JST Anthk I think the crowdstrike module would taint the libre kernel.
-
Embed this notice