Greek Opposition recommends adopting Linux following the Crowdstrike event.
Greek Opposition recommends adopting Linux following the Crowdstrike event.
These GPOs are meant solely for managing Windows updates. This wasn’t a standard update. The Crowdstrike release was essentially a definition update for their antivirus scanner. The system that interprets these changes operates in kernel space, which led to instability. When the parser encountered errors, it crashed, triggering a system-wide failure or BSOD. It seems these updates can be deployed without oversight, and better patch management—like using a WSUS server first—might have avoided most issues. The rules parser should ideally run in user space rather than kernel space, with the driver handling only parsed data, not parsing itself.
Additionally, this incident mirrors a Linux issue where Crowdstrike’s software caused similar crashes: https://www.theregister.com/2024/07/21/c...ion_tools/. Switching to Linux doesn’t fix the problem if third parties still push updates simultaneously without checks.
Linux offers numerous security layers. Automatic updates and simpler recovery options are among them. While the problem wasn’t entirely prevented, it would be far easier to recover from it and less common now.
Crowdstrike broke Debian and Rocky Linux the same way a few months ago, so no. OS updating strategies don't do anything, the whole point of this product is that it can update itself directly without OS intervention, before the OS is even fully loaded, by design. Apparently there is normally a system for management of updates but it can be bypassed when deemed critical enough and it was.
Considering an immutable distribution might be the optimal choice. This ensures no software can be installed at the operating system level. If issues arise, you can simply revert.
Real-time defense remains essential. It must constantly adapt and stop threats before they can execute harmful actions, like deploying newly released malware. A fixed operating system offers no advantage in achieving this objective.
An unchangeable, packaged distribution offers significant advantages across various aspects. For instance, if Crowdstrike operated at a Flatpak level, it would eliminate the need for kernel modules entirely. Because the root filesystem is read-only, it becomes much more difficult to compromise. Even if someone attempts such an action, the user can always restart from a previous image. With this approach, such issues would never occur.
The idea of third-party modules operating inside kernel space raises serious security concerns. Addressing this issue goes beyond typical IT expertise and isn't supported by standard operating system tools. Generally, security requires balancing protection with ease of use, but here it would come at a higher cost. Implementing strict IT controls would require a larger, more expensive staff, which could slow down operations. Historically, computer usage has been chaotic for years. To shift users accustomed to maintaining the current system, we often end up with temporary fixes that don't fully meet their needs.