CrowdStrike effectively bricked windows, Mac and Linux today.

Windows machines won’t boot, and Mac and Linux work is abandoned because all their users are on twitter making memes.

Incredible work.

  • Klanky@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    132
    ·
    4 months ago

    I wish my Windows work machine wouldn’t boot. Everything worked fine for us. :-(

    • Affidavit@lemm.ee
      link
      fedilink
      arrow-up
      55
      ·
      4 months ago

      Could be worse. I was the only member of my entire team who didn’t get stuck in a boot loop, meaning I had to do their work as well as my own… Can’t even blame being on Linux as my work computer is Windows 11, I got ‘lucky’; I just got a couple of BSODs and the system restarted just fine.

    • cheesepotatoes@lemmy.world
      link
      fedilink
      arrow-up
      130
      ·
      4 months ago

      Good lord I would hope critical surgical computers like that aren’t networked externally… Somehow I’m guessing I’m wrong.

    • half coffee@lemy.lol
      link
      fedilink
      arrow-up
      26
      ·
      4 months ago

      Anecdotal, but my spouse was in surgery during the outage and it went fine, so I imagine they take precautions (like probably having a test machine for updates before they install anything on the real one, maybe)

      • Blank@lemmy.world
        link
        fedilink
        arrow-up
        37
        ·
        4 months ago

        There were no test rings for this one and it wasn’t a user controlled update. It was pushed by CS in a way that couldn’t be intercepted/tested/vetted by the consumer unless your device either doesn’t have CS installed or isn’t on an external network… or I suppose you could block CS connections at the firewall. 🤷‍♂️

      • Zacryon
        link
        fedilink
        arrow-up
        8
        ·
        4 months ago

        Depending on the machine, I guess it’s likely that those aren’t using Windoofs at all. I would be surprised if there were devices in use during surgery who run on that.

      • Dran@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        4 months ago

        I’ve heard anecdotally that some 911 services were down in my area, but I can’t speak to how wide that was.

    • tiredofsametab@kbin.run
      link
      fedilink
      arrow-up
      9
      ·
      4 months ago

      Good News! Unless something has changed since I worked in healthcare IT, those systems are far too old to be impacted!

      I’m half-joking. I don’t know what that kind of equipment runs, but I would guess something embedded. The nuke-med stuff was mostly linux and various lab analyzers were also something embedded though they interface with all sorts of things (which can very well be windows). Pharmaceutical dispensers ran various linux-like OS’s (though I couldn’t even tell you the names anymore). Some medical records stuff was also proprietary, but Windows was replacing most of it near the end of my time.

      One place we had ran their keycard system all on a windows 3.1 box still. I don’t doubt some modern systems also are running on Windows which has interesting implications for getting into/out of places.

      That said, a lot of that stuff doesn’t touch the outside internet at all unless someone has done something horribly wrong. Medical records systems often do, though (including for billing and insurance stuff).

    • variants@possumpat.ioOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I was just watching this show called Connections and the first episode was about a power blackout and it showed how the lights went out during a birth.

      Great show it went on about what do you do if the power stays off permanently and how we aren’t well prepared for that and how to start a civilization after you kill some farmers and steal their land but non of their tools work without power either and if you know how to mount an old-school plow to oxen

  • danc4498@lemmy.world
    link
    fedilink
    English
    arrow-up
    80
    arrow-down
    1
    ·
    4 months ago

    Is there a good eli5 on what crowdstrike is, why it is so massively used, why it seems to be so heavily associated with Microsoft and what the hell happened?

    • Baggie@lemmy.zip
      link
      fedilink
      arrow-up
      100
      arrow-down
      1
      ·
      4 months ago

      Gonna try my best here:

      Crowdstrike is an anti-virus program that everyone in the corporate world uses for their windows machines. They released a update that made the program fail badly enough that windows crashes. When it crashes like this, it tries to restart in case it fixes the issue, but here it doesn’t, and computers get stuck in a loop of restarting.

      Because anti-virus programs are there to prevent bad things from happening, you can’t just automatically disable the program when it crashes. This means a lot of computers cannot start properly, which means you also cannot tell the computers to fix the problem remotely like you usually would.

      The end result is a bunch of low level techs are spending their weekends manually going to each computer individually, and swapping out the bad update file so the computer can boot. It’s a massive failure on crowdstrikes part, and a good reason you shouldn’t outsource all your IT like people have been doing.

      • themeatbridge@lemmy.world
        link
        fedilink
        arrow-up
        77
        ·
        4 months ago

        It’s also a strong indicator that companies are not doing enough to protect their own infrastructure. Production servers shouldn’t have third party software that auto-updates without going through a test environment. It’s one thing to push emergency updates if there is a timely concern or vulnerability, but routine maintenance should go through testing before being promoted to prod.

        • PainInTheAES@lemmy.world
          link
          fedilink
          arrow-up
          39
          ·
          4 months ago

          It’s because this got pushed as a virus definition update and not a client update bypassing even customer staging rules that should prevent issues like this. Makes it a little more understandable because you’d want to be protected against current threats. But, yeah should still hit testing first if possible.

          • suction@lemmy.world
            link
            fedilink
            arrow-up
            22
            ·
            4 months ago

            If a company disguises a software update as a virus definition update, that be a huge scandal and no serious company should ever work with them again…are you sure that’s what happened?

            • PainInTheAES@lemmy.world
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              4 months ago

              Ah, was a bit off. The update disregarded update controls per reddit and I must have misunderstood what exactly the channel update did. I know for the sensors you can set how closely you want to track current releases but I guess the driver update is not considered under those rules. I use CrowdStrike in my day to day but not from the administrative side, sorry for the misinformation. Thanks for the details Gestrid.

        • Baggie@lemmy.zip
          link
          fedilink
          arrow-up
          11
          ·
          4 months ago

          100% agree. I haven’t been on the backend of managing crowdstrike so I don’t know if this is a option, but running a wsuz server and manually weeding out bad updates was such an improvement over rawdogging windows updates.

      • Flying Squid@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        4
        ·
        4 months ago

        Really there’s a sub-joke here about how, because no one ever bothers scanning their Mac for viruses since they think they’re virus-proof, all the Macs are functioning as the virus farms they’ve been for quite some time.

    • Captain Aggravated@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      68
      ·
      4 months ago

      Crowdstrike is a cybersecurity company that makes security software for Windows. It apparently operates at the kernel-level, so it’s running in the critical path of the OS. So if their software crashes, it takes Windows down with it.

      This is very popular software. Many large entities including fortune 500 companies, transport authorities, hospitals etc. use this software.

      They pushed a bad update which caused their software to crash, which took Windows down with it on an extremely large number of machines worldwide.

      Hilariously bad.

      • ipkpjersi@lemmy.ml
        link
        fedilink
        arrow-up
        20
        arrow-down
        4
        ·
        4 months ago

        Honestly it is kind of hilarious, with how many people I have had make fun of me for using Linux, and now here I am laughing from my Linux desktop lol

      • danc4498@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        1
        ·
        4 months ago

        So, do all windows machines use this, or do you have to add this software?

                • rottingleaf@lemmy.world
                  link
                  fedilink
                  arrow-up
                  11
                  arrow-down
                  1
                  ·
                  edit-2
                  4 months ago

                  Third parties love their trojans just being treated as normal way of life.

                  “Anti-cheats” instead of not being imbeciles while designing protocols for multiplayer, “anti-viruses” which need to run kernel-level and download databases with executable code, video drivers which just can’t be packaged with Windows.

                  One thing I’ve realized is that large parts of social structure are dependent on cheating. We all want to cheat, so we all agree to a system where cheating is possible, but pretend it’s not happening until someone gets caught and then just behave as if nothing happened.

                  One necessary part of someone’s upbringing is honesty. There’s an amazingly deep moment in LOTR where Eomer says that Rohirrim don’t lie, so they are not easily deceived.

                  This is not a poetic device. This is how it works. Ponzi schemes usually target people who think they are smarter and more cunning and will gain something from them. And rigged security systems work because most of participants think they are the ones who may at some point abuse those systems, but most of them are the ones becoming eventually victims of such abuse.

                • Dashi@lemmy.world
                  link
                  fedilink
                  arrow-up
                  4
                  ·
                  4 months ago

                  If there is any software you want running at kernel though it is your AV. Not saying Spotify has a reason for running at kernel though… But running AV at kernel in theory is a better way to protect the machine and you.

        • hondacivic@lem.sabross.xyz
          link
          fedilink
          arrow-up
          12
          ·
          4 months ago

          It seems to be an enterprise product, meaning normal users might not have been affected. I wouldn’t personnaly be able to confirm since I usually have 1-2 month uptime on my windows machine.

          • Gestrid@lemmy.ca
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Their computers may not be affected, but their everyday lives might be. Some of the affected services include 911, stoplights, banks, hospitals, and a whole other smorgasbord of stuff.

        • tyler@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          It’s a general security solution. They run on Mac and Linux as well. It just happened that crowdstrike only released the broken update for windows.

      • tyler@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        They make security software for every OS. My company has it running on our Macs, and Linux servers as well. It just happened to only break windows because that’s what they released the update for.

      • Abnorc@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        I was puzzled since my work continued on as usual. I guess my company doesn’t use it.

      • smb@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        This is very popular software.

        if that’s a “good” argument for you, then i’ve already heared that, and it nearly never really fits. here is another one for you that is an argument as generic as yours: “maybe try eating poo, trillions of flies cannot be wrong, poo is VERY popular food, much more popular than any human food !!! (as in mass per day as well as in its number of consumers)”

        • Captain Aggravated@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          I wasn’t making a case for adopting this software. Just pointing out that it is widely used, which is why it had such a wide effect.

          I think you’ll find most corporations would jump off a bridge if they saw their competitors jump.

          • smb@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            so i misunderstood. sry then.

            and yes, every company running an alltime-ever-in-news-due-to-critical-exploitable-bugs-in-the-mailclient already IS in freefall after that said jump.

    • smb@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      well maybe letting them pay compensation to all(!) victims (not just their customers) for all losses including lost time already would solve that problem.

      that would leave the decades-long unsolved problem of microsoft not beeing held liable for their buggy products (which is the reason for all security-products-as-a-workaround-to-compensate-that-crappy-os companies existance) open.

      why not in general hold companies liable for the damage they cause so they CAN develop beeing more cautious with what they do? i mean not ONLY cs should be sued to hell, but ALL of them should be sued until they are reasonable cautious with all possible damages they can cause (and already did in the past)

      • tibi@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        4 months ago

        It’s not Microsoft’s fault a third party company wrote a kernel module that crashes the OS.

        Unlike the mobile world where apps are severely limited and sandboxed, the desktop is completely the opposite. Microsoft has tried many times to limit what programs can do, but encountered a lot of resistance and ultimately had to let it go.

        • Justin@lemmy.jlh.name
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          4 months ago

          Windows requires that antuviruses run at kernel level, programs which are notoriously buggy and harmful. It is a design flaw to require users to implement mandatory security features in this way. (it is literally not possible to run windows 10 or 11 without an antivirus) Similar security programs on Linux do not run at kernel level, nor should they.

          Furthermore, every copy of Windows since Windows 7 requires that kernel modules are signed by Microsoft themselves. Microsoft personally signed off on this code that crashed millions of computers.

          • tibi@lemmy.world
            link
            fedilink
            arrow-up
            6
            ·
            4 months ago

            Antivirus software for Linux also has kernel access. You can’t intercept OS operations like opening files or launching executables without kernel access. And some of the companies I worked at also required antivirus software on Linux servers.

            You can absolutely run Windows without an anti-virus, it has plenty of security features built-in.

            It’s all a matter of trust. Do you trust your engineers to properly configure machines to be secure and not run exes from dubious sources, or do you trust a cybersecurity company to do it for you? Anti-virus software nowadays is more about restricting users from doing stupid shit.

          • tibi@lemmy.world
            link
            fedilink
            arrow-up
            5
            ·
            4 months ago

            Oh, and signed drivers aren’t about Microsoft validating and testing every driver. It’s about verifying that the driver comes from a trusted company and isn’t tampered with.

          • rockSlayer@lemmy.world
            link
            fedilink
            arrow-up
            13
            arrow-down
            1
            ·
            4 months ago

            What if that someone is another toddler that found the gun in the street, and it got in the street because it fell off a truck? Your Honor, what if the toddler had murderous intent because they were denied a sucker?

          • jedibob5@lemmy.world
            link
            fedilink
            English
            arrow-up
            8
            arrow-down
            3
            ·
            4 months ago

            Is this implying that a publicly-traded corporation whose software is installed on millions of computers around the world has the same level of agency and responsibility as a preschooler?

            I mean, yes, Microsoft bears responsibility for blindly accepting whatever deployment package CrowdStrike gave it and immediately yeeting it out to 100% of customers via Windows Update without any kind of validation or incremental rollout, and should probably be sued for it. That still doesn’t negate the complete and catastrophic failures at every step of the development process on the part of CrowdStrike. It takes a lot of people to fuck up this bad.

              • peopleproblems@lemmy.world
                link
                fedilink
                arrow-up
                9
                arrow-down
                5
                ·
                4 months ago

                That’s the impressive part of all this. Microsoft didn’t do it. CloudStrike did it.

                Microsoft left something in a state that allowed CloudStrike to fuck up enough to brick systems.

                It’s why we spend a lot of time reviewing security analysis of our own software - if there’s a way to fuck everything up, it better not because we enabled it to get fucked.

            • Justin@lemmy.jlh.name
              link
              fedilink
              English
              arrow-up
              6
              ·
              4 months ago

              Is this implying that a publicly-traded corporation whose software is installed on millions of computers around the world has the same level of agency and responsibility as a preschooler?

              When it comes to IT reliability and security, kinda, yeah.

              Windows AV and MDM is a bit of a horror show in the corporate space. I worked somewhere where developers weren’t allowed to use WSL because it was blocked by McAfee. We also had 3 different MDMs running and they were slow as balls even though they were modern 8 core laptops.

  • Lucidlethargy@sh.itjust.works
    link
    fedilink
    arrow-up
    38
    ·
    4 months ago

    Lol, they only bricked specific machines running their product. Everyone else was fine.

    This was a business problem, not a user problem.

  • PrettyFlyForAFatGuy@feddit.uk
    link
    fedilink
    arrow-up
    36
    arrow-down
    1
    ·
    edit-2
    4 months ago

    As a career QA, i just do not understand how this got through? Do they not use their own software? Do they not have a UAT program?

    Heads will roll for this

    • HyperMegaNet@lemm.ee
      link
      fedilink
      arrow-up
      24
      arrow-down
      3
      ·
      4 months ago

      From what I’ve read, it sounds like the update file that was causing the problems was entirely filled with zeros; the patched file was the same size but had data in it.

      My entirely speculative theory is that the update file that they intended to deploy was okay (and possibly passed internal testing), but when it was being deployed to customers there was some error which caused the file to be written incorrectly (or somehow a blank dummy file was used). Meaning the original update could have been through testing but wasn’t what actually ended up being deployed to customers.

      I also assume that it’s very difficult for them to conduct UAT given that a core part of their protection comes from being able to fix possible security issues before they are exploited. If they did extensive UAT prior to deploying updates, it would both slow down the speed with which they can fix possible issues (and therefore allow more time for malicious actors to exploit them), but also provide time for malicious parties to update their attacks in response to the upcoming changes, which may become public knowledge when they are released for UAT.

      There’s also just an issue of scale; they apparently regularly release several updates like this per day, so I’m not sure how UAT testing could even be conducted at that pace. Granted I’ve only ever personally involved with UAT for applications that had quarterly (major) updates, so there might be ways to get it done several times a day that I’m not aware of.

      None of that is to take away from the fact that this was an enormous cock up, and that whatever processes they have in place are clearly not sufficient. I completely agree that whatever they do for testing these updates has failed in a monumental way. My work was relatively unaffected by this, but I imagine there are lots of angry customers who are rightly demanding answers for how exactly this happened, and how they intend to avoid something like this happening again.

        • smb@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          or maybe even automatically like in any well done CD or CI environment. at least their customers now know that they ARE the only test environment CS actually has or uses. ¯_(ツ)_/¯

          “if only” - poem (“3 seconds” edition):

          if only.

          if only there would exist CEOs in the world that could learn from their noob-dumb-brain-dead-faults instead of always ever speaking about their successes which were always-ever really done by others instead.

          if only.

          if only there were shareholders willing to really look at that wreck that tells all his false success storys and lies, so CEOs could then maybe develop at least a minimum of willingness to learn. maybe a minimum of 3 seconds of learning per decade and per ceo could already help lots of companies a really huge lot.

          if only.

          if only there was damage compensation in effect so that shareholders would be actually willing to take at least some seconds - maybe 3 seconds of really looking at new CEOs could already help, but its only shareholders, not sure if they would be able to concentrate that long or maybe are already too much degenerated over the generations of beeing parasitic only - to look at the CEOs and the damage they cause before giving them ability to cause that damage over and over again.

          if only.

        • JonsJava@lemmy.world
          link
          fedilink
          arrow-up
          7
          ·
          4 months ago

          I’d be looking to see who made the most shorting the stock.

          A corrupt file wouldn’t be nulled. I’ve never ran across a file with all zeroes that wasn’t intentional.

          • smb@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            4 months ago

            maybe just lookup the name of the ceo and where he already did similar ;-)

  • db2@lemmy.world
    link
    fedilink
    arrow-up
    36
    arrow-down
    13
    ·
    4 months ago

    They make software for both of them also though, IMO they’re at fault for sure but so should be Microsoft for making a trash operating system.

    • sylver_dragon@lemmy.world
      link
      fedilink
      English
      arrow-up
      60
      arrow-down
      1
      ·
      4 months ago

      Not saying Windows isn’t trash, but considering what CrowdStrike’s software is, they could have bricked Mac or Linux just as hard. The CrowdStrike agent has pretty broad access to modify and block execution of system files. Nuke a few of the wrong files, and any OS is going to grind to a halt.

      • Djtecha@lemm.ee
        link
        fedilink
        arrow-up
        19
        ·
        4 months ago

        Probably would have been worse if this was on Linux. That’s like 90% of the internet.

        • Ooops
          link
          fedilink
          arrow-up
          14
          ·
          4 months ago

          Good thing is the kind of people making decisions based on buzzword-bongo filled PR campaigns like Crowdstrike’s are already forcing their IT to use Windows anyway.

          • Djtecha@lemm.ee
            link
            fedilink
            arrow-up
            3
            ·
            4 months ago

            It was a serious ask to install it from auditors that don’t know what the fuck they are doing. On all ec2 machines for “reasons” I’m sure there are companies out there pushed into doing this because they don’t have people willing to die on those hills.

          • sylver_dragon@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Oddly, one of CrowdStrike’s selling point is that it provides pretty good EDR for Linux and Mac. If you want crap EDR, which pushes you towards Windows, Microsoft Defender for Endpoint is the ticket.

        • db2@lemmy.world
          link
          fedilink
          arrow-up
          6
          arrow-down
          1
          ·
          4 months ago

          I’m sure the three people that use Linux and Crowdstrike together would have been very upset. 🤣

        • jabjoe@feddit.uk
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          4 months ago

          Yes and no. Linux is inherently more diverse. All the different distros doing things in different ways, sometimes with different components. It’s not as much of a monoculture as Windows. There isn’t a Linux that 90% is.

      • peopleproblems@lemmy.world
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        4 months ago

        That’s… Not great. I didn’t actually think about what all these wild AV systems could do, but that’s incredibly broad access.

        Maybe I’m just old, but it always strikes me as odd that you’d spend so much money on that much intrusive power that on a good day slows your machines down and on a bad day this happens.

        I get that Users are stupid. But maybe you shouldn’t let users install anything. And maybe your machines shouldn’t have access to things that can give them malware. Some times, you don’t need everything connected to a network.

        • sylver_dragon@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          I didn’t actually think about what all these wild AV systems could do, but that’s incredibly broad access.

          Always has been. I’ve clean Symantec A/V off way too many systems in my time, post BSOD. That crap came pre-loaded on so many systems, and then borked them. The problem is, that in order to actually protect system from malware, the A/V has to have full, kernel level access. So, when it goes sideways, it usually takes the system down. I’ve seen BSODs caused by just about every vendor’s A/V or EDR product. Shit happens. Everyone makes mistakes, but when that mistake is in A/V or EDR, it usually means a BSOD.

          Maybe I’m just old, but it always strikes me as odd that you’d spend so much money on that much intrusive power that on a good day slows your machines down and on a bad day this happens.
          I get that Users are stupid. But maybe you shouldn’t let users install anything. And maybe your machines shouldn’t have access to things that can give them malware. Some times, you don’t need everything connected to a network.

          It’s tough. The Internet and access to networks provides some pretty good advantages to users. But, it also means users making mistakes and executing malware. And much of the malware now is targeted at user level access; so, you can’t even prevent malware by denying local admin/root. Ransomware and infostealers don’t need it. A/V ends up being a bit of a backstop to some of that. Sure, it mostly is a waste of resources and can break stuff when things go bad. But, it can also catch ransomware or alert network defenders to infostealers. And either of those can result in a really, really bad day. A ransomed network is a nightmare. And credentials being stolen and not known about can lead to all kinds of bad stuff. If A/V catches or alerts you to just one or two of those events and lets you take action early, it may pay for itself (even with this sort of FUBAR situation) several times over.

      • puchaczyk@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        4 months ago

        When a kernel fails to boot in Linux it rollback to a previous working version so there is a chance it might recover from CrowdStrike update.

    • Montagge@lemmy.zip
      link
      fedilink
      arrow-up
      17
      arrow-down
      1
      ·
      4 months ago

      I’d say the issue isn’t that Windows is a trash OS, but everyone using the exact same trash OS and same trash security program.

      • db2@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        4 months ago

        The impacted Channel File in this event is 291 and will have a filename that starts with “C-00000291-” and ends with a .sys extension. Although Channel Files end with the SYS extension, they are not kernel drivers.

      • TrickDacy@lemmy.world
        link
        fedilink
        arrow-up
        5
        arrow-down
        21
        ·
        4 months ago

        Except not make an OS so shitty and vulnerable that it needs millions of hours and billions of dollars pumped into keeping it from being hacked in a split second. But yes nothing besides that one minor thing.

        • Revan343@lemmy.ca
          link
          fedilink
          arrow-up
          24
          arrow-down
          4
          ·
          4 months ago

          Companies use the same software on Linux and Mac systems, and it’s a kernel module there as well; this could have happened to any OS that companies are using it on, it just happened to happen on Windows.

          Giving kernel access to outside software is always a risk; these companies chose to take that risk

          • TrickDacy@lemmy.world
            link
            fedilink
            arrow-up
            3
            arrow-down
            16
            ·
            4 months ago

            They make plastic pocket protectors too but that doesn’t mean we need to use them. Sounds you missed my point

        • Someone64@sh.itjust.works
          link
          fedilink
          arrow-up
          17
          arrow-down
          4
          ·
          4 months ago

          The reason Windows gets attacked so much to begin with is because of its market share, not necessarily how vulnerable it is. If you want to cast as wide a net as possible while wasting as little effort as possible, why the fuck would you target the lesser used OSes? In the same vein, why would you invest so much in protecting OSes that aren’t as big of targets as Windows? Your comment sounds as ill informed as those people that think Macs can’t get viruses.

          • TrickDacy@lemmy.world
            link
            fedilink
            arrow-up
            8
            arrow-down
            11
            ·
            4 months ago

            It’s well known that windows is chocked full of security issues and ALWAYS has been. Never once implied other OSes are perfect, just better. You sound ill informed yourself, and simping for a corporation

              • TrickDacy@lemmy.world
                link
                fedilink
                arrow-up
                1
                arrow-down
                2
                ·
                edit-2
                4 months ago

                My guess would be you have instincts opposite reality

                Given that I’m not even close to that, and it has zero relationship to talking about how shitty windows is.

  • thecodeboss@lemmy.world
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    4 months ago

    What’s the criteria for a Windows machine to be affected? I use Windows but haven’t had any issues today.

  • gencha@lemm.ee
    link
    fedilink
    arrow-up
    6
    arrow-down
    9
    ·
    4 months ago

    CrowdStrike effectively bricked windows, Mac and Linux today.

  • hsdkfr734r@feddit.nl
    link
    fedilink
    arrow-up
    15
    arrow-down
    24
    ·
    edit-2
    4 months ago

    Can an OS be bricked?:

    A brick (or bricked device) is a mobile device, game console, router, computer or other electronic device that is no longer functional due to corrupted firmware, a hardware problem, or other damage.[1] The term analogizes the device to a brick’s modern technological usefulness.[2]

    Edit: you may click the tiny down arrow if you think it can’t. ;)

    • n4utix@lemm.ee
      link
      fedilink
      arrow-up
      27
      ·
      4 months ago

      🤓

      It’s just a setup to the punchline, not a legitimate assessment of the situation.

    • Emerald@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      4 months ago

      no longer functional due to corrupted firmware, a hardware problem, or other damage.

      Other damage being an invalid driver

      • hsdkfr734r@feddit.nl
        link
        fedilink
        arrow-up
        7
        arrow-down
        2
        ·
        4 months ago

        :) the hardware is still more capable than a brick:
        Plug in favourite installation media stick, push reset button (if there is one), reinstall.

    • macniel
      link
      fedilink
      arrow-up
      5
      arrow-down
      5
      ·
      4 months ago

      No, unless its an embedded OS and it has no external ports.

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        2
        ·
        4 months ago

        You can absolutely start writing garbage to bios and brick the mobo firmware.

        • macniel
          link
          fedilink
          arrow-up
          4
          arrow-down
          4
          ·
          4 months ago

          and the one I was replying to was asking about an OS being bricked, not about the bios or firmware.

          AND even then you can reflash the bios, its time consuming and costly but you can.

          • Ooops
            link
            fedilink
            arrow-up
            4
            ·
            4 months ago

            Yes, time consuming. But it’s still working hardware, not a now useless, now unrepairable paper weight…

            Which is the definiton of “bricked” although people nowadays start to use the term inflationary.

          • Phuntis@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            it’s not costly or time consuming maybe in the past but now you plug in a memory stick and hit a button then wait 5 minutes for a light to stop flashing

          • Saik0@lemmy.saik0.com
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            2
            ·
            4 months ago

            AND even then you can reflash the bios, its time consuming and costly but you can.

            then nothing can be bricked because on paper you can desolder the rom chip and put another one in place.

            If you want to be stupidly pedantic about shit, then nothing is anything.

            • anton@lemmy.blahaj.zone
              link
              fedilink
              arrow-up
              4
              ·
              4 months ago

              I agree with the sentiment but …

              then nothing can be bricked because on paper you can desolder the rom chip and put another one in place.

              Companies already put serial numbers in components and configure them so only specific ones work together, requiring OEM tools to pair them.
              It’s imaginable that someone makes something similar with e-fuzes instead.

            • macniel
              link
              fedilink
              arrow-up
              2
              arrow-down
              5
              ·
              edit-2
              4 months ago

              well, you started this pedantic shit. So deal with it.

              • Saik0@lemmy.saik0.com
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                4
                ·
                4 months ago

                Nah. The person you responded to asked a facetious question. You started being pedantic.Everyone know what it means when someone says something is bricked.