this post was submitted on 29 Jul 2024
112 points (95.2% liked)

Cybersecurity

5689 readers
152 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
top 22 comments
sorted by: hot top controversial new old
[–] floofloof@lemmy.ca 29 points 3 months ago (1 children)

"This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,"

Business-speak for "Maybe it's time we started making it not break so easily."

[–] BearOfaTime@lemm.ee 9 points 3 months ago (1 children)

More like they want to use this to justify locking the kernel from end user change completely, thus enabling them to truly lock down any system.

[–] Veticia@lemmy.ml 9 points 3 months ago (1 children)

I'm fine with game anticheats not having root access.

[–] BearOfaTime@lemm.ee 1 points 3 months ago (2 children)

I don't disagree, but it's MY machine. I can choose to not use the apps that want kernel access, which is about the only thing we can do.

The reason anti-cheats use kernel is because end users keep playing the games. I don't have a good answer here, because too many people just can't be bothered to understand their tacit agreement to this garbage

[–] iAmTheTot@sh.itjust.works 3 points 3 months ago

it’s MY machine

Yes, and you don't need to install Windows on your machine.

[–] Veticia@lemmy.ml 1 points 3 months ago

At this point I'm scared to install a game without doing a research of what kind of intrusive software it uses. Sometimes it's just safer to install it on a console.

[–] kibiz0r@midwest.social 11 points 3 months ago (2 children)

This seems intractible.

Malware scanners want to run at as low a level as possible so they can catch stuff.

Fault-recovery mechanisms want to run at as low a level as possible so there are very few things that can cause a BSOD.

It seems like the only possible solution is “just never make any mistakes”.

Like, either don’t have any vulnerabilities that a user space scanner can’t catch, or don’t ever ship a bad update to a kernel mode scanner.

[–] sylver_dragon@lemmy.world 9 points 3 months ago

Another solution is to accept that mistakes happen and do a phased rollout of updates. Heck, Windows Updates are known to be enough of a crapshoot that every place I've worked at, over the past decade or so, has had a plan for updating systems in batches. That CrowdStrike just YOLO'd their updates out (on a Friday, no less) to everyone at once, shows a mindset which didn't accept that bad stuff can happen.

[–] Anticorp@lemmy.world 1 points 3 months ago

An ounce of actual QA and QC work would go a long way, but Microsoft fired their entire QA department years ago, and told engineers that they're responsible for QA'ing all of their own work. That's a terrible policy, but it saves them money, so they like it.

[–] Yewb@lemmy.world 5 points 3 months ago

What if they made a kernal that could not be compromised and tools to say exactly what is not a windows component and have people white list background workers.

There is process explorer but make dependencies to the application not always on data thieves.

[–] Snowflake@sh.itjust.works 1 points 3 months ago

Just give access to a test environment where the corporate companies can deploy and bug test their update? Maybe some regulation making it required to pass the test environment before pushing the update.

[–] EmperorHenry@infosec.pub 0 points 3 months ago (1 children)

or! or!...Maybe put more restrictions on which antivirus programs will be able to register with the security center?

Like...if they have a long history of fucking up, they get theirs revoked, if they have a history of quality control failures...like crowdstrike does, they get revoked.

If they want to be able to register with the security center, they need to be audited by several different cybersecurity analysis teams that are all completely independent from each other, preferably from different countries with strong data privacy laws to prove that they're actually worth using.

For norton and mcAfee and now crowdstrike and a few others that suck, that means they're going to have to improve massively before anyone will be able to use them...for others like comodo, secureage and other whitelisting applications on par with those two, that means much more business for them.

Like it or not, the majority of the world's computers, including those of which for critical infrastructure around the world run on windows. If you're an antivirus company, trusted enough to be able to register with the security center, you better be ready to prove that you're not going to be worse than using microsoft APT or MS defender with configure defender on MAX...that's an easy bar to overcome, but many antivirus programs, like norton and McAfee and even Avast/AVG now and Avira...I think Avira is now owned by norton lifelock... insist on limboing under that bar.

If you're expecting your product to be trusted, it better be fucking trustworthy. Making an antivirus program that works and works well can literally be the difference between people living and dying. Imagine how many life-saving surgeries had to be postponed because of crowdstrike's lack of QC. imagine how many transplant organ shipments had to be postponed because of this fuckup.

And of course, scammers capitalized on the confusion, put malware links that promised to fix machines destroyed by crowdstike only to install zero-day malware instead...data-stealers, very quiet forms of malware that the vast majority of antivirus products are useless against.

TLDR...GET YOUR SHIT TOGETHER, people depend on their computers for all kinds of things now.

[–] capital@lemmy.world 9 points 3 months ago (1 children)

Nah let admins admin. It would piss me off to have chosen a product just to have Microsoft effectively veto my decision as the machine owner.

If companies are going to buy stuff that crashes, let em. Don’t ask Microsoft to hand hold.

[–] EmperorHenry@infosec.pub 2 points 3 months ago (1 children)

I honestly can't think of any other way to force shitty antivirus programs to improve. Every boomer I know uses Norton or McAfee and refuses to even hear about other options.

Kaspersky is pretty good at protecting the average user from scammers, because they blacklisted remote desktop programs in their malware database, and now that's being banned within the US.

The US government's definition of "compliant" when it comes to something like that will completely cancel out anything good that comes from using Kaspersky, so it's never going to be un-banned and also be worth using

[–] lost_faith@lemmy.ca 2 points 3 months ago

We switched from kas to bitdefender. Bit seems as good as kas as my windows is still clean, well clean as windows can be, and my (Boomer) mother takes my advice and dropped nortons decades ago. Some of my alternate sites are just absolutely infested with malware and a buddy of mine, half my age, was using nortons and was having trouble connecting to me and server hosted online games. Had him run Malware bytes, I also ran it on my system to help him use it, and he was heavily infected; Nortons: Everything is fine, carry on. He is using bit now

[–] cheese_greater@lemmy.world -2 points 3 months ago (1 children)

Windows changes

Change from Windows to something else. Boom! Solved

[–] darvocet@infosec.pub 11 points 3 months ago* (last edited 3 months ago) (2 children)

Crowdstrike also runs on Linux and also broke several OSes there before. The blanket statement to not use windows doesn’t really address the issue.

[–] cheese_greater@lemmy.world -2 points 3 months ago (1 children)
[–] BearOfaTime@lemm.ee 4 points 3 months ago* (last edited 3 months ago) (1 children)

Lol, sigh.

You've clearly never managed an environment of even a dozen users.

Are you going to pay to develop apps for Linux, such as CAD, which is effectively non-existant in Linux?

Are you going to pay for the trillions of lost hours of productivity and training required for end users?

Are you going to re-write the millions of excel spreadsheets that simply won't work in Open Office, or all the systems that import/export to excel via automation?

We lose thousands of hours a year just from changes within apps, let alone replacing the entire OS (without even considering which distro, which shell, what tools will be included, how will you manage deployments, etc, etc).

Go manage an Enterprise, then you can talk about where to use Linux. It ain't the desktop, that's for sure. Even better, just go to an SMB where they really don't like to pay for you to "figure things out" - they expect IT to be a black box that "just works" for them, the way they expect it to work - with Windows, Since anyone they hire will have experience.

This "just go Linux" thing would be laughable, if it weren't so blindingly ignorant of how business works (I've been hearing "Year of Linux Desktop" since 1998...they never mention which distro, which shell).

My standard response to "just go Linux" :

I keep having to say this, as much as I like Linux for certain things, as a desktop it's still no competition to Windows, even with this awful shit going on.

As some background - I wrote my first Fortran program on a Sperry Rand Univac (punched cards) in about 1985. Cobol was immediately after Fortran (wish I'd stuck with Cobol). I had my first UNIX class in about 1990.

I run a Mint laptop (mostly for "fun", which it isn't). Power management is a joke. Configured as best as possible, walked in the other day and it was dead - as in battery at zero, won't even boot. Windows would never do this, unless you went out of your way to config power management to kill the battery (even then, to really kill it you have to boot to BIOS and let it sit, Windows will not let a battery get to zero).

There no way even possible via the GUI in Mint to config power management for things like low/critical battery conditions /actions - stuff that has multiple settings and good defaults in Windows.

There are many reasons why Linux doesn't compete with Windows on the desktop - this is just one glaring one.

Now let's look at Office. Open an Excel spreadsheet with tables in any app other than excel. Tables are something that's just a given in excel, takes 10 seconds to setup, and you get automatic sorting and filtering, with near-zero effort. The devs of open office refuse to support tables, saying "you should manage data in a proper database app". No, I'm not setting up a DB in an open-source competitor to Access. That's just too much effort for simple sorting and filtering tasks, and isn't realistically shareable with other people. I do this several times a day in excel.

Now there's that print monitor that's on by default, and can only be shut up by using a command line. Wtf? In the 21st century?

Networking... Yea, samba works, but how do you clear creds you used one time to connect to a share, even though you didn't say "save creds"? Oh, yea, command line again or go download an app to clear them for for you. Smh.

Oh, you have a wireless Logitech mouse? Linux won't even recognize it. You have to search for a solution and go find a download that makes it work. My brand new wireless mouse works on any version of windows since 2000, at the least, and would probably work on Win95.

Someone else said it better than me:

Every time I've installed Linux as my main OS (many, many times since I was younger), it gets to an eventual point where every single thing I want to do requires googling around to figure out problems. While it's gotten much better, I always ended up reinstalling Windows or using my work Mac. Like one day I turn it on and the monitor doesn't look right. So I installed twenty things, run some arbitrary collection of commands, and it works.... only it doesn't save my preferences.

So then I need to dig into .bashrc or .bash_profile (is bashrc even running? Hey let me investigate that first for 45 minutes) and get the command to run automatically.. but that doesn't work, so now I can't boot.. so I have to research (on my phone now, since the machine deathscreens me once the OS tries to load) how to fix that... then I am writing config lines for my specific monitor so it can access the native resolution... wait, does the config delimit by spaces, or by tabs?? anyway, it's been four hours, it's 3:00am and I'm like Bryan Cranston in that clip from Malcolm in the Middle where he has a car engine up in the air all because he tried to change a lightbulb.

And then I get a new monitor, and it happens all damn over again. Oh shit, I got a new mouse too, and the drivers aren't supported - great! I finally made it to Friday night and now that I have 12 minutes away from my insane 16 month old, I can't wait to search for some drivers so I can get the cursor acceleration disabled. Or enabled. Or configured? What was I even trying to do again? What led me to this?

I just can't do it anymore. People who understand it more than I will downvote and call me an idiot, but you can all kiss my ass because I refuse to do the computing equivalent of building a radio out of coconuts on a deserted island of ancient Linux forum posts because I want to have Spotify open on startup EVERY time and not just one time. I have tried to get into Linux as a main dev environment since 1997 and I've loved/liked/loathed it, in that order, every single time.

I respect the shit out of the many people who are far, far smarter than me who a) built this stuff, and 2) spend their free time making Windows/Mac stuff work on a Linux environment, but the part of me who liked to experiment with Linux has been shot and killed and left to rot in a ditch along the interstate.

Now I love Linux for my services: Proxmox, UnRAID, TrueNAS, containers for Syncthing, PiHole, Owncloud/NextCloud, CasaOS/Yuno, etc, etc. I even run a few Windows VM's on Linux (Proxmox) because that's better than running Linux VM's on a Windows server.

Linux is brilliant for this stuff. Just not brilliant for a desktop, let alone in a business environment.

Linux doesn't even use a common shell (which is a good thing in it's own way), and that's a massive barrier for users.

If it were 40 years ago, maybe Linux would've had a chance to beat MS, even then it would've required settling on a single GUI (which is arguably half of why Windows became a standard, the other half being a common API), a common build (so the same tools/utilities are always available), and a commitment to put usability for the inexperienced user first.

These are what MS did in the 1980's to make Windows attractive to the 3 groups who contend with desktops: developers, business management, end users.

All this without considering the systems management requirements of even an SMB with perhaps a dozen users (let alone an enterprise with tens of thousands).

[–] Miaou@jlai.lu 1 points 3 months ago

I don't have experience in IT, but 5/7 places I've been to supported multiple OSes, and the one thing I can definitely agree with is; that the cheaper places seem to hire clickops for their IT team and wonder why everything is so difficult.

We don't need to replace every accountant's Excel with LibreOffice overnight, but forcing your dev team to basically setup their own mini IT infra to get anything done is incredibly inefficient. I spend a few hours every week dealing with hanging explorer, crashing software, filesystem operations, buggy windows manager etc.

[–] cooopsspace@infosec.pub -3 points 3 months ago (1 children)

Still didn't critically break any of the good operating systems though. Because no other operating system would run Crowdstrike as a critical "must be present" driver.

[–] narc0tic_bird@lemm.ee 3 points 3 months ago* (last edited 3 months ago)

CrowdStrike Falcon literally runs as a kernel module. It can "break any of the good operating systems" (like your favorite Linux distribution) just fine.