chapotraphouse

they were not to blame

Hard disagree. Both Crowdstrike and Microsoft are to blame here. Crowdstrike are obviously stupid for pushing out a broken update to everyone. But Microsoft are also stupid for not doing driver validation, as well as not making their OS stack tolerant of driver faults.

For the record, the Linux kernel automatically does driver verification to prevent this happening, Microsoft deliberately opted not to do that in favour of their own paid-for certification program. This wasn't an unforeseen problem, it was a problem they purposefully avoided addressing in favour of money and vendor control. At least Crowdstrike's failure was a genuine accident.

Yes, Crowdstrike slammed the table hard, but Microsoft actively chose to make the wobbly legs that snapped.

It is micro$oft's fault actually for having a major hand in building this current hell of proprietary software and cloud bullshit we're all trapped in.

I'd say MS gets a small cut of the blame for signing a driver that didn't properly validate it's input, allowing this to happen, but yeah you are right, the problem definitely sits in crowdstrike and it's status as a premium rootkit. Ultimately, it doesn't matter if you run MS, Apple or Linux. If you install someone's kernel level backdoor, they own your machine.

Unfortunately I expect anything these businesses move to be state-vulnerable just the same. Some might go down the open source + in house team route but that is seen as an expensive and wasteful route by capitalists.

Simpler explanation is blaming MS generates more views and clicks than a random company 99.9% never heard of specialy when you can use some hand wavy circumstantial evidence to support that.

The media doesn't care about "truthful" or "responsible" journalism(if you believe these words have meaning). Its all a business now so who actualy cares? MS is a megacorp, they'll do fine regardless.

Separate from technical concerns it is OK to blame Microsoft because they are trying to argue they could have stopped this if it wasn't for those pesky EU regulations

Good luck trying to get over the ingrained security by obscurity notion that open source software is vulnerable by the nature of source code being widely readable. This isn’t business type brain worms but the IT workers and consultants who can’t manage a server unless it has the same attack surface of a desktop interface they have used their whole lives.

Network booting or VDI are criminally underrated. This shouldn’t happen but when it does and you have thousand of endpoints that fail it should be as easy to going back to a previous snapshot. Especially with the latest in atomic updates like silver blue or micro os.

As for web services. I still mourn unikernals. Fight me.

Microsoft is a good target because they've been in the news for their culpability in the Solarwinds hacks. They managed to get off the hook at the time, placing the blame on their users, when they were absolutely at fault for it. The media bought Microsoft's bullshit deflections to the point that they still call it Solarwinds when referencing the hacks, even though it's clear now that MS should get much more of the blame. They had plenty of warning that their MFA system had a fundamental flaw and made a deliberate business decision to ignore it because they wanted to win a big government contract.

My guess is the media doesn't want to be fooled again, but I could be wrong about that.

Nah c > rust fr

I don't think so. As far as I know, crowdstrike Falcon is really only marketed and sold to corporations. It runs on your employer owned devices, not your personal devices.