It would seem from the following…
" CrowdStrike Falcon Sensor is a kernel driver, meaning that it works at the lowest level of the operating system, where failure means a system crash, and a device reboot"
that crowdstrike software is a kernel module.
Maybe several kernel modules
" CrowdStrike Falcon platform offers 22 modules that span endpoint security, cloud security, identity security, data security, security and IT operations, threat intelligence, managed services and log management. All 22 modules are powered by a single agent that does not require reboot when installed."
I find that rather alarming. Kernel modules were meant to be for things like drivers of hardware that need to be at kernel level.
I can not see why security software needs to be in kernel space.
There is a discussion in that here
It also worries me that people are reaching out to addons to obtain security.
I thought Linux was supposed to be natively secure?
What would you think if someone sold you a vehicle, then told you that the safety features were third party extras.?
If native Linux does not have enough safety features, can we please have them built-in.
Crowdstrike is open source. If it is really needed we could fork it and make a gnu version.
There are overpaid “Cyber Security Experts” (who are experts at NOTHING other than parroting marketing spiel and stealing oxygen) foisting this shonky “solution” (to a problem that DOES NOT EXIST) into corporate enterprise environments with ZERO idea of the impact - they feel smugly secure that they’ve achieved something - but they’ve done nothing! They’ve probably made things worse…
I detest this stuff… and it really grinds my gears when I’m directed (unwillingly) to install agents like this onto Linux servers.
Note : Linux is not always “natively secure”… There are whole bunches of vulnerabilities which can get at stuff in the kernel… like Spectre and Meltdown for example…
Crowdstrike tries to be “clever” - but there’s nothing clever about trying to write a null pointer into a memory address from the kernel (which is essentially what Crowdstrike did with this worldwide IT outage - the biggest one EVER).
I’m hoping in coming weeks - we’ll see long term mitigations for this SHITE with more open source solutions from end to end… I can’t believe Airlines use MS Windows / Azure to schedule flights and book seats! I actually thought most of this sort of mission critical stuff ran on Linux… I was really surprised at the extent of the issue.
Don’t worry most of my life people tell me I am a funny bugger, but not in a humour mode, mainly i am strange.
I worked in a hospital that was paid for by private funding and outsourcing everything from cleaning catering computing … it would never arrive at a payback mode no matter how much was invested. For me outsourcing is a death warrent for so many things
I worked about 15 years in hospitals - but public funded… Not all of that was IT…
Best jobs in IT I ever had were doing stuff “in house” - i.e. not being an outsourced IT boffin for a “managed service provider”…
The worst customer I’ve ever had - and it’s still current - got hit by the Crowdstrike bullshit - and here’s why : they have about 8 different companies (including the one I work for) involved in their IT space - it’s a VAST recipe for disaster and inefficiency… some of the IT companies aren’t so bad - it’s all the other players with long acronyms like PWHC and KPMG and their ilk… You could wipe both those two companies off the face of the planet, and nobody would notice for a couple of weeks until someone pipes up “Hmmm - we seem to be getting on okay without these clowns…” No kidding - the Australia government spends BILLIONS on contracts with these jokers - JUST BRING THE EXPERTISE BACK IN-HOUSE and problem solved!
and “care” - as in “care factor” - why worry if you’re only going to hand over the infrastructure to the next cab off the rank?.. Outsourcing makes zero sense… Even knowing it’s my bread and butter - I know it’s wrong… but I’m just a cog in the wheel… there’s vast bureaucracies out there dictating the spiel…
The thing about outsourcing is that so long as you outsource to a reputable company (even if their reputation is unfounded), you can always pass the buck. Back in the day when I worked in the mainframe industry there was a saying… “No one ever got fired for buying IBM” It would appear that the old adage still rings true today.
What you bought was support. The hardware was primitive but well supported. We used to lease IBM equipment. Support was vital… noone had the skills to maintain hardware and software was all proprietary. You were trapped.
Where I worked we eventually revolted and bought Control Data mainframes. You were still trapped, but it was better hardware and software.
When Unix came in , it changed everything. You could self maintain software and minicomputer hardware was more affordable.