Another portion of the information on Crowdstrike

July 27. 2024 0 Comments

This is the next part of my previous post about the issue with the Crowdstrike.

Because many people saw that Windows was crashing they assumed that it was a Windows issue. Later, after the root cause of the problem was found, they still blamed Windows and said that nothing like that happened to other OSes.

But exactly the same issue happened 19th of April 2024 but with Linux this time. After that issue, Linux machines were not able to boot as well. Then another issue happened 13^th of May 2024 affecting another Linux distro. The last case wasn’t as bad and there were only freezes but it was still bad. And it is not just something I read on the internet. I know people who were affected by one of these issues for Linux.

But, indeed, this issue didn’t affect MacOS because it is simply not possible to run 3^rd party kernel drivers for this purpose in MacOS. I’m sure that otherwise, Crowdstrike will crash there as well.

Combine all these cases with issues on the user-mode side and you will see quite a bad picture. It isn’t a one-time error that can happen even to the best. To me, it looks like a systematic issue that happened over and over, and all signs point to a bad culture inside Crowdstrike.

Perhaps if they had spent more time on proper development and testing of their product instead of running PR stunts that were blaming Microsoft this would not happened. And now after they made fun of Microsoft for many years they just look just stupid, especially when Microsoft (or anybody else) never had anything bad on that scale.

At the moment we know that around 8.5 million computers were affected by this issue and many companies are still not fully recovered from it. It takes so much time simply because a lot of computers were affected. It is a lot of manual labor and as a result, requires a lot of time.

Also according to CNN this “been described as the largest IT outage in history will cost Fortune 500 companies alone more than $5 billion in direct losses, according to one insurer’s analysis of the incident published Wednesday”.

Preliminary reports show that I was correct in my assumption that they don’t have a correct deployment policy that first deploys the update only on a very small number of computers. Probably the update should be delivered first to less critical businesses.

Then, after careful monitoring, this update should be delivered to more critical businesses. Only after deployment shows no issue in any previous waves of deployment, then and only then it should be delivered to hospitals and other critical infrastructure that will receive that update last.

Instead, for 90 minutes when this update was available, it was downloaded by 8.5 million computers without any waves. All of this tells me that the issue was simply destined to happen sooner or later.

Also, Crowdstrke couldn’t resist and formulated the issue as “it caused an “out-of-bounds memory read” that “could not be gracefully handled, resulting in a Windows operating system crash,” CrowdStrike said”.

English is not my first language, but to me, it sounds like an issue with Windows and not with Crowdstrike. But the issue is 100% within Crowdstrike and it is 100% not a Windows issue. From analyzing the Crowdstrike crash dump it is clear that the code they are trying to access class or struct using NULL pointer.

If the driver accesses bad memory Windows has no choice but to crash because it means that the driver has a bug and it is not possible to recover from this state because the driver can corrupt data on the computer. And exactly the same happens on any other operating system because it is by design.

Windows has a mechanism to detect a bad driver and prevent it from loading on the next restart, but CrowdStrike disabled it by setting a flag that this driver is required to boot Windows and as a result, Windows will not even try to boot without it.

So not only did they make fun of Microsoft and then miserably fail, but they still formulated it as the fault of Windows. And this tells me that this is simply karma. If you dig a grave for someone, there is a chance that you will be at its bottom.