Announcement

**Tony Bandiera Jr** · 07-22-2024, 12:49 PM

"The more they overthink the plumbing, the easier it is to stop up the drain." - Montgomery Scott (James Doohan, RIP)

Microdork's Winblows OS is a prime example.

I have gone through the steps to disable and remove all the bloatware from Winblows 11, only to have it magically reappear every time it tries to do updates, which I have set to do manually....but somehow it reinstalls/re-enables services that I have disabled.

My next step will be to block connections to Winblows updates on my firewall.

**Mark Gulbrandsen** · 07-22-2024, 01:19 PM

Tony, Don't use W-11... I had it on one computer and replaced it with 10. It's awful... You can still get 10 COA's easily, then.download it from MS's site. Microsoft is rethinking the future support for it too, as in they will likely extend doing the updates. Possibly on a subscription basis. As awful as 11 is, and the stuff I've read about 12, I can imagine some new OS coming along and everyone switching to it. I'm sticking with 10 till hell freezes over.

**Ed Gordon** · 07-22-2024, 01:40 PM

Originally posted by Mark Gulbrandsen View Post

Tony, Don't use W-11... I had it on one computer and replaced it with 10. It's awful... You can still get 10 COA's easily, then.download it from MS's site. Microsoft is rethinking the future support for it too, as in they will likely extend doing the updates. Possibly on a subscription basis. As awful as 11 is, and the stuff I've read about 12, I can imagine some new OS coming along and everyone switching to it. I'm sticking with 10 till hell freezes over.

I am staying with Win10 as well.

BTW: You can install Win10 on a digitally activated Win11 machine. It has to be the same version (Home or Pro).

**Mark Gulbrandsen** · 07-22-2024, 01:57 PM

Originally posted by Ed Gordon View Post

I am staying with Win10 as well.

BTW: You can install Win10 on a digitally activated Win11 machine. It has to be the same version (Home or Pro).

When I got my HP Z2, I loaded 10 Pro on and no activation was required. It had an embeded liscense on it for 11 Pro. So I assume this is what you are referring to.
I have a number of 10 and 11 Pro install disks here, but it's much faster to download the latest install from Microsoft as it always includes the latest updates and that makes installation time much faster.

**Leo Enticknap** · 07-22-2024, 10:40 PM

Originally posted by Randy Stankey

Apparently, the Crowdstrike software runs as a driver, inside kernel space, but updates are sent out as P-code which resides outside of kernel space. Essentially, this allows unsigned code to be run inside kernel space without authentication.

This isn't just an "Oops! My bad!" moment! Somebody screwed the pooch!

That's an understatement. Shot it, Kristi Noem-style, and then screwed its corpse, more like! So all a bad actor needs to do is to fool a client into believing that their malicious code comes from CrowdStrike (not difficult if unsigned), and then they have full control over the PC.

**Randy Stankey** · 07-22-2024, 11:14 PM

Originally posted by Leo Enticknap View Post

So all a bad actor needs to do is to fool a client into believing that their malicious code comes from CrowdStrike (not difficult if unsigned), and then they have full control over the PC.

I was just about to suggest the same thing. Essentially, what CrowdStrike has done is to provide every hacker in the world an easy way to inject malicious code directly into the kernel in a virtually undetectable way!

It looks like CrowdStrike has shot themselves in the testicles! No reasonably intelligent person would get within a mile of their product! Now, their flagship product is essentially dead in the water!

I think I'm going to go back to what I first said... "Bye, bye! We're done!" <click>

**Bruce Cloutier** · 07-23-2024, 07:59 AM

People think we're crazy in not having any 3rd party code in our products. This CrowdStrike thing almost literally had me rolling on the floor laughing. I fear this is just the beginning. I can rant about the deterioration of technology. Sorry to laugh as I know this has caused many a lot of pain. So I got out my Mr. Robot merch. Using my Allsafe coffee mug in the office now. That was a reality show, right?

We've been watching raw Internet traffic. 99.99% of it is unsolicited/malicious traffic just frothing to make anyone's day a disaster.

**Frank Cox** · 07-23-2024, 11:13 AM

There are many things that pull code directly from a remote server when they are running.

So you can write a program and the code that you import today may not code that you're running tomorrow even though (supposedly) it's the same program.

This seems completely irrational to me.

Wouldn't basic sanity (let alone security) tell you to download the library you're using and run from a local copy?

**Randy Stankey** · 07-23-2024, 11:53 AM

People break the cardinal rule all the time: My computer is my property and I am the sole arbiter of what code gets executed on it. Breaking that rule puts your computer and your business at risk.

This does not mean that you have to be a computer expert who knows what every line of code does. It means that you need to be very careful of your sources and not allow third party code to run on your computer unless you trust the source, implicitly.

The problem is that it's very hard to know who to trust, these days.

I've done a little bit of reading on the subject of CrowdStrike. This isn't the first time they've had screw ups like this! In fact, it's the third time this year!

From Wikipedia: https://en.wikipedia.org/wiki/CrowdS...tage_incidents

Severe outage incidents

CrowdStrike software has been implicated in several major outages on various platforms. At times these have been relatively isolated, affecting a specific application or operating system that is not as widely deployed as others. In some cases, these issues have caused serious outages that impacted servers across the world.

2024 Debian Linux incident
On the evening of Friday, April 19, 2024, Crowdstrike issued a flawed software update that crashed computers running Debian Linux builds and kept them from rebooting normally. CrowdStrike acknowledged the bug a day later and weeks later determined the cause.

2024 Rocky Linux incident
On May 13, 2024, it was reported that Rocky Linux servers with CrowdStrike software may freeze after upgrading to Rocky Linux 9.4.CrowdStrike reported that they were aware of the problem as it was the same issue due to a Linux Sensor in user mode combined with specific 6.x kernel versions.

2024 Windows incident
On July 19, 2024, CrowdStrike released a software update to the vulnerability scanner Falcon Sensor. Flaws in the update caused blue screens of death on Microsoft Windows machines, disrupting millions of Windows computers worldwide. Affected machines were forced into a bootloop, making them unusable. This was caused by an update to a configuration file, Channel File 291, which CrowdStrike says triggered a logic error and caused the operating system to crash. The downtime caused a widespread global impact, grounding commercial airline flights, temporarily taking Sky News and other broadcasters offline, and disrupting banking and healthcare services as well as 911 emergency call centers.

Although CrowdStrike fixed the update, computers stuck in a boot loop were still unable to connect to the Internet to download the patch before Falcon can load in and crash the device again. The recommended solution from CrowdStrike was to boot into safe mode or Windows Recovery Mode and manually delete Channel File 291.This requires local administrator access and if the device is encrypted by Bitlocker will also require a recovery key.Microsoft has reported that some customers have been able to remediate the issue solely by rebooting impacted devices up to 15 times.

To me, this indicates a SEVERE problem with the way that company operates. Things like this should never happen. Certainly not three times within ninety days!

If I was in charge of CrowdStrike there would be heads on pikes!

**Ed Gordon** · 07-23-2024, 11:54 AM

Here is a video explaining what happened:

CrowdStrike IT Outage Explained by a Windows Developer

Even if it would take too long to certify the software in order to prevent a new threat, it appears to me that they did not even adequately test their software before setting it loose to do the damage.

**Randy Stankey** · 07-23-2024, 12:17 PM

Bottom line: CrowdStrike's flagship product is fundamentally flawed, at its core and should not be used by anybody, for any reason, at any time, ever!

This is disappointing because the company has a fairly long and successful history. It's sad to see such a company go down in flames like this!

Rhetorical: If I was in charge of a company that used CrowdStrike, I'd be thinking about removing their software, forthwith. I'd almost rather let my systems run with no malware protection than to allow anybody to inject bad code directly into the core of my operating systems at any time, without the ability to stop them.

Yes, yes! I know! That's not the smartest idea. I'm only talking about my emotional response to the situation. Practical reality is different.
Instead, I'd probably be putting a team of people on the task of replacing CrowdStrike with something else ASAP.

Then, I'd be making that phone call and telling CrowdStrike to go to hell!

**Jim Cassedy** · 07-25-2024, 09:04 PM

DIsneyStagecoach.jpg
When I saw this photo, my first thought was that "the times have changed",
and Disney wouldn't be able to get away with such a pose today. But then
I realized that, in reality, maybe things aren't really so different now, because
if any of those kids grew up and became theater owners, Disney is still
holding them hostage with every new release.

Announcement

Random photos, comics, etc.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment