Post AkC6Bd6ms5swqnWBiS by Netux@mastodon.sdf.org
(DIR) More posts by Netux@mastodon.sdf.org
(DIR) Post #AkBtonNZJvUoatiG6y by rms@mastodon.xyz
2024-07-22T14:06:39Z
0 likes, 0 repeats
[2/2] … the unjust consequences of the proprietary nature of Windows, but I don't actually know. It would be very useful to know for certain.
(DIR) Post #AkC2aQoZJj0y92ZF7g by Suiseiseki@freesoftwareextremist.com
2024-07-22T15:44:49.305505Z
0 likes, 0 repeats
@rms The "CrowdStrike" software can summed up to be a kernel-rootkit antivirus.Via a remote control mechanism, "CrowdStrike" regularly automatically downloads updated "signature definition" files, which are parsed by a kernel module that looks for matching "signatures" of attacks and is meant to stop them or something."CrowdStrike" pushed out a corrupted definition file to pretty much every woedows computer in the botnet, which the parsing NT kernel module will choke on and try to access low kernel memory that it wasn't allowed to access - due to the unprofessional design of the NT kernel, this triggers a bluescreen and a shutdown, rather than it trying to handle the error.As the buggy kernel driver is loaded not long after boot (aside from in safe mode), every time such affected woedows computer boots, the bluescreen would happen again - with the "fix" being to either boot up into "safe mode" (quite bothersome if bitlocker is enabled, as often a unique 48 character password is required to access "safe mode" on such computers) and to delete the corrupted definition files, or to reboot 15+ times and hope new definition files are fetched and overwrite the corrupted files before it crashes.I wrote a buggy kernel module for Linux-libre, the kernel, that dereferences a NULL pointer (a similar kind of bug) and as that is a professionally written kernel, it just dumps an error to dmesg and does not crash."CrowdStrike" is also available for GNU/Linux, where is was previously a Linux module (which was known for causing kernel panics often due to terrible programming), but now it's a eBPF program - which is a VM designed to try to make it impossible for ran programs to crash or exploit Linux - but I'm sure "CrowdStrike" will eventually accidentally pull that feat off.
(DIR) Post #AkC2uSeaBp09djRnzU by Suiseiseki@freesoftwareextremist.com
2024-07-22T15:48:26.221078Z
0 likes, 0 repeats
@rms Also, the only reason the GNU/Linux version of "CrowdStrike" hasn't previously bricked every single computer like as what as happened recently, is because the computer manager actually has control as to when updates are downloaded and such sort generally do some testing themselves before rolling out an update.
(DIR) Post #AkC6Bd6ms5swqnWBiS by Netux@mastodon.sdf.org
2024-07-22T16:25:12Z
0 likes, 0 repeats
@rms it's a software monitor, kind of like an anti-virus but it doesn't rely on definitions. It watches code execution. It can, and has broken Linux (Debian) . The kernel module doesn't update. It downloads code that the kernel module runs, so it does in effect force a download. Anyone running it in Linux was required to install it by their workplace or school administrator. It's not a normal user kind of thing that one would buy and install by choice.
(DIR) Post #AkC91iCxMAVhdJMlUW by anthk@paquita.masto.host
2024-07-22T15:52:15Z
0 likes, 0 repeats
@Suiseiseki @Suiseiseki @rmsI think the crowdstrike module would taint the libre kernel.
(DIR) Post #AkC91iirRY1zEGIFDk by Suiseiseki@freesoftwareextremist.com
2024-07-22T16:56:55.606281Z
0 likes, 0 repeats
@anthk The "CrowdStrike" module was apparently GPLv2 as all Linux modules must be, or must be under a compatible license, but the details of this I can find are limited.