undefined | Better HN

0 pointsbenfortuna1y ago0 comments

Keep in mind they don't just allow any old code to execute in the kernel.

They do have rigorous tests (WHQL), it's just Crowdstrike decided that was too burdensome for their frequent updates, and decided to inject code from config files (thus bypassing the control).

The fault here is entirely with Crowdstrike.

0 comments

capitainenemo1y ago

Is there any evidence that the config files had arbitrary code in them? The only analysis I'd seen so far indicated a parsing error loading a viral signature database that was routinely updated, but in this case was full of garbage data.

benfortunaOP1y ago

Perhaps not verified, but some smart people do have convincing arguments:

https://youtu.be/wAzEJxOo1ts?si=UNNxAN27VV1E6mcP&t=505

capitainenemo1y ago

Any article/blog/text-that-can-be-read?

1 more reply

remram1y ago

How rigorous are the tests if faulty data can brick the machine?

dwattttt1y ago

Not rigorous enough to have detected this flaw in the kernel sensor, although effectively any bug in this situation (an AV driver) can brick a machine. I imagine WHQL isn't able to find every possible bug in a driver you submit to them, they're not your QA team.

j / k navigate · click thread line to collapse

0 pointsbenfortuna1y ago0 comments

Keep in mind they don't just allow any old code to execute in the kernel.

They do have rigorous tests (WHQL), it's just Crowdstrike decided that was too burdensome for their frequent updates, and decided to inject code from config files (thus bypassing the control).

The fault here is entirely with Crowdstrike.

0 comments

capitainenemo1y ago

benfortunaOP1y ago

Perhaps not verified, but some smart people do have convincing arguments:

https://youtu.be/wAzEJxOo1ts?si=UNNxAN27VV1E6mcP&t=505

capitainenemo1y ago

Any article/blog/text-that-can-be-read?

1 more reply

remram1y ago

How rigorous are the tests if faulty data can brick the machine?

dwattttt1y ago

j / k navigate · click thread line to collapse