The CrowdStrike aftermath is seeing IT teams around the world struggle to restore the 8.5 million Windows PCs taken out by the bug. The mess included thousands of flights cancelled, health centers unable to make appointments, retailer payment terminals down, and even some 911 services unavailable.
Macs weren’t affected thanks to protections put in place by Apple, but Microsoft has reportedly claimed that antitrust law means it’s unable to take the same approach …
Microsoft says around 8.5M PCs affected
Microsoft published a blog post over the weekend acknowledging the scale of the problem.
We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines. While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services.
Some have pointed out that this percentage can give a misleading impression. The most mission-critical PCs are the ones most likely to have CrowdStrike installed, precisely because any problem with those machines would have dramatic consequences. So those 8.5M machines had a disproportionate impact on global IT operations.
CrowdStrike provides partial explanation
CrowdStroke posted its own blog post giving a little more information.
On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.
It says these updates take place several times a day, but has not explained how a bug which crashed PCs was released worldwide without being detected in testing.
Apple’s protections meant Macs weren’t affected
It didn’t take long to understand how one faulty update from a third-party company could create an IT disaster on such an unprecedented scale.
These programs have to be given access to inspect the very core of the computers’ operating systems for security defects. This access gives them the ability to take disrupt the very systems they are trying to protect.
Macs weren’t affected because Apple doesn’t allow security apps to have such deep-level access to the operating system. Instead, macOS itself does the type of monitoring performed by CrowdStrike, then allows security apps to see the results.
The root of the problem is that CrowdStrike’s tools run at very deep levels on Windows. On the Mac, they can’t run at those levels – anymore. Apple’s Endpoint Security Framework is a modern API toolkit designed to help security vendors build security solutions for the Mac. It was introduced in macOS 10.15 Catalina and provides a comprehensive set of tools and services to monitor and secure endpoints.
The framework allows developers to monitor various security-related events, such as file system access, process creation, and network connections. This enables real-time monitoring of activities on a Mac, but it does it in a way that protects user privacy and also limits how low a level it can run.
Microsoft claims it can’t legally do this
The WSJ cites Microsoft saying that an agreement with the EU means that it isn’t allowed to block low-level access to Windows.
A Microsoft spokesman said it cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.
9to5Mac’s Take
Microsoft’s claim here seems dubious.
Antitrust law means that it cannot give its own security software an unfair advantage over third-party apps. However, if it took the same endpoint security framework approach as Apple, and gave third-party apps the same access to the results as it does its own security apps, this would seem to be fully compliant with the law.
9to5Mac collage of images from Apple and James Lee on Unsplash
FTC: We use income earning auto affiliate links. More.