From 9to5mac.com

CrowdStrike explained | Conceptual image of a broken window pane

The sheer scale of the global IT outage caused by a faulty software update has left many wondering how one update to one company’s security software could have such massive impact.

Ironically, the effect of the CrowdStrike flaw has been almost identical to the very thing it’s intended to prevent …

Part of the reason for the scale of the impact is the simple fact that CrowdStrike is used by almost every major corporation in the world.

United, Delta, and American Airlines are among the airlines who have been forced to ground flights. Broadcaster Sky News was taken off-air for several hours. Many retailers have been unable to accept payments. In short, it’s chaos out there.

But the other half of it is the nature of the software, as Bloomberg explains.

Traditional antivirus software was useful in the early days of computing and the internet for their ability to hunt for signs of known malware, but it has fallen out of favor as attacks have become more sophisticated. Now, products known as “endpoint detection and response” software that CrowdStrike develops do far more, continually scanning machines for any signs of suspicious activities and automating a response.

But to do this, these programs have to be given access to inspect the very core of the computers’ operating systems for security defects. This access gives them the ability to take disrupt the very systems they are trying to protect.

One of the biggest threats to today’s IT infrastructure is destructive ransomware attacks, where an attacker takes a company’s mission-critical systems out of action, and won’t restore them until a payment is made. That’s one of the main things CrowdStrike is intended to prevent.

But because the software is given such powerful access to machines, then a flaw in the software has as much potential destructive power as the type of attacks it’s supposed to block.

At least in this case, there is a workaround, and there will quickly be a fix. But actually implementing that fix is going to take considerable time. That’s because there may be no way to automate a rollout: as the affected machines are down, there’s no way to reach them remotely. It’s looking very much like it will involve IT staff physically visiting each of the PCs taken out (except for virtual machines, where up to 15 reboots can resolve it).

Even the temporary workaround means booting the machines in safe mode, and many of them will have corporate settings to render this impossible – again, because of the security risks of bypassing protections intended to run during boot-up.

Macs aren’t affected because Apple offers its own Endpoint Security framework.

This is why Apple forced everyone to move to its Endpoint Security framework.

— Bradley Chambers (@bradleychambers) July 19, 2024

Photo by Ivan Vranić on Unsplash

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

CrowdStrike explained: How one faulty update killed half the world’s IT systems

[ For more curated Computing news, check out the main news page here]

The post CrowdStrike explained: How one faulty update killed half the world’s IT systems first appeared on 9to5mac.com

New reasons to get excited everyday.



Get the latest tech news delivered right in your mailbox

You may also like

Subscribe
Notify of
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

More in computing