Basically, crowdstrike wrote bad code that run as a driver, windows doesn’t like bad code in their drivers. Kernel level code is generally expected to run properly. crowdstrike’s kernel level code was really bad. Embarrassingly bad.
If the host creates a playlist and everyone can add their favorite song to the playlist, the host won’t be blamed if you add “erika”. People rightfully think you are an ignorant weirdo or a bad person, not the host.
Except that the playlists are super complex and there is no way to make sure. Like building an engine and having to make sure that no 3rd party accessory will break it. Like the parented “sand injector”.
The problem with CrowdStrike’s solution is that they got csagent.sys driver signed by WHQL, and the driver will download p-code from the internet and execute it. This allows them to push out changes without waiting for Microsoft approval.
The biggest problem occurs when you don’t sanitize your inputs and someone accidentally uploads a blank file padded with zeroes. The driver dereferences a null value, and crashes your system. Hard.
I don’t want to argue with you and I admit that my phrasing wasn’t ideal but I assumed that it was obvious that i was talking about everything that would be executed on the machine. Apparently it wasn’t.
Basically, crowdstrike wrote bad code that run as a driver, windows doesn’t like bad code in their drivers. Kernel level code is generally expected to run properly. crowdstrike’s kernel level code was really bad. Embarrassingly bad.
If the host creates a playlist and everyone can add their favorite song to the playlist, the host won’t be blamed if you add “erika”. People rightfully think you are an ignorant weirdo or a bad person, not the host.
OTOH, if you build a playlist manager for playlists everyone can add to, you make sure nothing anyone adds will break it…
Except that the playlists are super complex and there is no way to make sure. Like building an engine and having to make sure that no 3rd party accessory will break it. Like the parented “sand injector”.
They were legally not allowed to as part of an agreement to not be s monopoly and allow competition.
Well do you want to have Microsoft approving EVERY driver for windows? Rip 3rd party open source drivers for retro hardware
What do you think WHQL is?
The problem with CrowdStrike’s solution is that they got csagent.sys driver signed by WHQL, and the driver will download p-code from the internet and execute it. This allows them to push out changes without waiting for Microsoft approval.
The biggest problem occurs when you don’t sanitize your inputs and someone accidentally uploads a blank file padded with zeroes. The driver dereferences a null value, and crashes your system. Hard.
I don’t want to argue with you and I admit that my phrasing wasn’t ideal but I assumed that it was obvious that i was talking about everything that would be executed on the machine. Apparently it wasn’t.
Ahh. Approving every piece of software would make them… Apple.
You did say “driver”, and Microsoft typically approves every single driver on the majority of PCs.