The sheer scale of the global IT outage caused by a faulty software update has left many wondering how one update to one company’s security software could have such massive impact.
Ironically, the effect of the CrowdStrike flaw has been almost identical to the very thing it’s intended to prevent …
Part of the reason for the scale of the impact is the simple fact that CrowdStrike is used by almost every major corporation in the world.
United, Delta, and American Airlines are among the airlines who have been forced to ground flights. Broadcaster Sky News was taken off-air for several hours. Many retailers have been unable to accept payments. In short, it’s chaos out there.
But the other half of it is the nature of the software, as Bloomberg explains.
Traditional antivirus software was useful in the early days of computing and the internet for their ability to hunt for signs of known malware, but it has fallen out of favor as attacks have become more sophisticated. Now, products known as “endpoint detection and response” software that CrowdStrike develops do far more, continually scanning machines for any signs of suspicious activities and automating a response.
But to do this, these programs have to be given access to inspect the very core of the computers’ operating systems for security defects. This access gives them the ability to take disrupt the very systems they are trying to protect.
One of the biggest threats to today’s IT infrastructure is destructive ransomware attacks, where an attacker takes a company’s mission-critical systems out of action, and won’t restore them until a payment is made. That’s one of the main things CrowdStrike is intended to prevent.
But because the software is given such powerful access to machines, then a flaw in the software has as much potential destructive power as the type of attacks it’s supposed to block.
At least in this case, there is a workaround, and there will quickly be a fix. But actually implementing that fix is going to take considerable time. That’s because there may be no way to automate a rollout: as the affected machines are down, there’s no way to reach them remotely. It’s looking very much like it will involve IT staff physically visiting each of the PCs taken out.
Even the temporary workaround means booting the machines in safe mode, and many of them will have corporate settings to render this impossible – again, because of the security risks of bypassing protections intended to run during boot-up.
Macs aren’t affected because Apple offers its own Endpoint Security framework, so there’s no need to use CrowdStrike.
Photo by Ivan Vranić on Unsplash
FTC: We use income earning auto affiliate links. More.
