Yes in that we have a lot of stuff deployed on Microsoft stuff because it's easy. A lot of things are done via the "just do it via Azure/PowerApps/Excel" because it's quick and gets the job done, whereas rolling something more sustainable would take time and effort.
No, because this isn't the 1990s where we didn't really have other choices and if one cropped up, Microsoft would crush them ruthlessly, if not illegally. Microsoft now is the easy choice, but back then it was the only choice. Microsoft has viable competition today.
I really do wish Google or Amazon could roll out low-code stuff on par with PowerApps, and I really, really wish line-of-business staff would stop using Excel for everything.
Sure they could, they have Linux security software as well and DTNS reported it impacted some distributions before windows was hit, but it didn’t get as much press because few end users were inconvenienced.
Yes. But what if the world was 1/3rd Linux, 1/3rd windows, 1/3rd OSX? Then potentially the overall failure would have been less, which I think the point of this piece was.
The problem with that logic is that this failure was not caused by Microsoft, it was caused by ClownStrike. Their software works on Windows and Linux (not sure about Mac) and they fucked up the linux software a few weeks before the Microsoft incident.
Even if Linux had more market share in the affected endpoints they would still have been affected, just on different timelines I guess.
Yes. But what if the world was 1/3rd Linux, 1/3rd windows, 1/3rd OSX?
The 1/3 running macOS (they haven’t called in OS X in many years now) wouldn’t have to worry, because Apple provides kernel event access for security tools running in user space. The CrowdStrike Falcon Sensor driver on macOS runs as a System Extension, and runs 100% in user space (“Ring 3” in Intel parlance) only — so if it misbehaves, the kernel can just shut it down and continue on its merry way.
The problem with Windows (and to a certain extend Linux) is that Falcon Sensor needs to run in kernel mode (Ring 0) on those OS’s, and if it fucks up you lose all guarantees that the kernel and all of the apps running on the system haven’t been fucked with, hence the need for a full system crash/shutdown. The driver can (and did) put these systems in an indeterministic state. But that can’t happen on modern macOS with modern System Extensions.