Crowdstrike's malware-as-a-service is now affecting Linux. Red Hat, Rocky and Debian stable are affected. According to distrowatch.com, most of us here running linux as a desktop are using debian and debian stable based distros like Mint, Ubuntu, MX. Stop updating, 2 wks+
(www.theregister.com)
🚔 Crime & Democrats 💸
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (25)
sorted by:
User or admin having complete control over the OS is fundamentally more secure than a central 'authority' releasing updates and pushing them no matter what the use case for the device. I am so sick of people trying to argue that Microsoft should be able to update Windows and reboot it on something like a factory control system computer rather than to keep entire control over when and how the control system OS updates and reboots with those designing and maintaining the control system.
Security and stability go hand in hand.. Without stability, there is zero security. Somehow the software industry has pushed this idea of 'security no matter what' which means often the least tested code is pushed out to everyone to close 'security holes' that may or may not matter depending on the end user environment.
Exactly. Which is a good example of why decentralized systems are superior to excessively centralized alternatives.
In the companies where I worked, no patch or update was EVER made directly to production environments... especially for Windows and Linux OS (many companies run mixed environments).
All patches and updates were downloaded to safe environments, thoroughly tested and proven to be safe BEFORE ever pushing them to production environments - which in corporate networks also included user desktops/laptops, etc.
Crowdstrike Falcon pushed updates directly from the cloud to local computers - which is bat shit crazy from a security/reliability perspective. Will people learn from this? That remains to be seen...
I wonder if Crowdstrike hiring policies, and the people they have attracted to their company due to such policies, had anything to do with it:
"CrowdStrike is an advocate for diversity and equal employment opportunities. To enhance our culture as we grow, we offer unconscious bias training for recruiters and hiring managers with the goal of helping our people be more inclusive managers, run inclusive meetings and be thoughtful of inclusivity in everyday process and practice."
https://www.crowdstrike.com/about/environmental-social-governance/diversity-equity-inclusion/