this post was submitted on 23 Jul 2024
83 points (88.1% liked)

Technology

59108 readers
3276 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 24 comments
sorted by: hot top controversial new old
[–] Womble@lemmy.world 139 points 3 months ago (2 children)

Microsoft has Windows Defender, its in-house alternative to CrowdStrike, but because of the 2009 agreement made to avoid a European competition investigation, had allowed multiple security providers to install software at the kernel level.

Its all the EU's fault for having the temerity to think users should be able to control their own hardware instead of us!

[–] 0x0@programming.dev 42 points 3 months ago

I'm still to see the doc where MS is forced to give ring-0, certified, boot-start to everyone.

[–] PrincessLeiasCat@sh.itjust.works 33 points 3 months ago

JUST LET US BE A MONOPOLY!!!!

[–] norimee@lemmy.world 88 points 3 months ago (4 children)

If a EU regulation was at fault, only systems in the EU should've been affected. There would be no reason to adhere to complicated EU rules everywhere else globally.

This doesn't add up. They need to find a more believable fall guy.

[–] neidu2@feddit.nl 30 points 3 months ago* (last edited 3 months ago)

I blame their parents!
And video games!
And satanic music!

[–] Tetsuo@jlai.lu 28 points 3 months ago

There would be no reason to adhere to complicated EU rules everywhere else globally.

But there are a ton of websites that do adhere to complicated GDPR rules even though they serve 99.99% US based clients.

I think this has nothing to do with EU and it's just some far fetched bullshit excuse from Microsoft.

[–] lastunusedusername2@sh.itjust.works 7 points 3 months ago (1 children)

This argument makes zero sense.

[–] norimee@lemmy.world 5 points 3 months ago (1 children)
[–] jj4211@lemmy.world 4 points 3 months ago

So I don't agree with this blame game, but in order to limit the scope of this to EU, they would have had to maintain two different designs, so it just makes sense to change the global design to suit the EU agreement. If it were something like bundling, then that's light enough to maybe change regionally, but it's too much to maintain a whole other kernel architecture.

Happens all the time with regulations. For example my company doesn't have different products to comply with different environmental regulations, they just compose the strictest superset of the international regulations and follow those. California passes a law and it may change the global strategy.

[–] silkroadtraveler@lemmy.today 38 points 3 months ago

Typical MS gaslighting and manipulation to subvert meaningful regulation.

[–] VonReposti@feddit.dk 38 points 3 months ago (3 children)

Why is Microsoft defending Crowdstrike?

[–] thurstylark@lemm.ee 44 points 3 months ago

My guess: Because they reviewed and signed the kernel space code which calls code that is unreviewed and unsigned (or, at the very least, pulls directly from files that are unreviewed and unsigned without proper validation or error checking), calling out CrowdStrike's failure puts them on the hook too.

[–] Strykker@programming.dev 12 points 3 months ago

They aren't, it's more "it's the EUs fault for forcing us to allow businesses like cloud strike to write kernel level antivirus, because we already have our own."

[–] apfelwoiSchoppen@lemmy.world 6 points 3 months ago

Exactly, wtf.

[–] hornedfiend@sopuli.xyz 34 points 3 months ago (2 children)

Then,Microsoft,just leave EU. Simple.

[–] db2@lemmy.world 10 points 3 months ago (1 children)
[–] Tabula_stercore@lemmy.world 1 points 3 months ago

blEU screen of death

[–] mannycalavera@feddit.uk 5 points 3 months ago (1 children)

They should, but then they'd be replaced by other US multinationals. So they won't.

The EU (and not just the EU by the way) loves US tech. It can't get enough. They both play a cat and mouse game with each other for the public but the EU aren't going to force MS out and MS aren't going to leave.

Put it another way, of the EU wanted to be principled and demand fairness for EU citizens they'd take away MS (and other US multinational's) tax breaks via Dublin. But they're not going to do that.

[–] mosiacmango@lemm.ee 3 points 3 months ago* (last edited 3 months ago) (1 children)

Put it another way, of the EU wanted to be principled and demand fairness for EU citizens they'd take away MS (and other US multinational's) tax breaks via Dublin. But they're not going to do that.

The EU is literally doing that.

[–] mannycalavera@feddit.uk 1 points 3 months ago

Literally dragging their heels over this. The biggest opposition was from EU bloc nations.

Now Ireland have eventually signed up to this but it's a minimum threshold. i.e. they're still highly comfortable about letting US multinational's get away with complex tax arrangements in the EU to lower the amount they pay.

[–] Toes@ani.social 18 points 3 months ago* (last edited 3 months ago) (1 children)

tl;dr The crash came from kernel level influence that Microsoft was blocked from denying by regulation.

This is a good thing for consumers as it continues to allow the user more control over the computer.

[–] aard@kyu.de 9 points 3 months ago

This doesn't have anything to do with user control - modern windows versions need drivers to be WHQL signed to get that kind of access. Alternatively you'll need to enable developer mode on your system, and install your own developer certificate into its keyring for running own code, which has its own drawbacks.

Crowdstrike is implemented as a device driver - but as there is no device Microsoft could've argued that this is abusing the APIs, and refused the WHQL certification. Microsofts own security solution (Defender) also is implemented as a device driver, though, and that's what the EU ruling is about: Microsoft needs to provide the same access they're using in their own products to competitors. Which is a good thing - but if Microsoft didn't have Defender, or they'd have done it without that type of access it'd have been fully legal for them to deny the certification for Crowdstrike.

Both MacOS and Linux have the ability to run the type of thing that requires those privileges on Windows in an unprivileged process - and on newer Linux versions Crowdstrike is using that (older versions got broken by them the same way they now broke Windows). So Microsoft now trying to blame the EU can be seen as an attempt to keep people from questioning why Microsoft didn't implement a low privilege API as well, which would've prevented this whole mess.

[–] ICastFist@programming.dev 11 points 3 months ago

Yeah, it's all the EU's fault and not at all companies pushing updates whenever. "Here's a new update, we'll install and restart your PC. Fuck you"

I know, it was a security update, patching a possible attack vector. I will take a very wild guess here and say that this has caused much more damage than what the update would ever protect from