this post was submitted on 19 Jul 2024
1 points (100.0% liked)

Technology

59566 readers
3555 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

you are viewing a single comment's thread
view the rest of the comments
[–] PriorityMotif@lemmy.world 0 points 4 months ago (2 children)

You would think that Microsoft would implement some basic error handing.

[–] Kaboom@reddthat.com 0 points 4 months ago

For most things, yes. But if someone were to compromise the file, stopping when they see it invalid is probably a good idea for security

[–] planish@sh.itjust.works 0 points 4 months ago (1 children)

That's what the BSOD is. It tries to bring the system back to a nice safe freshly-booted state where e.g. the fans are running and the GPU is not happily drawing several kilowatts and trying to catch fire.

[–] TimeSquirrel@kbin.melroy.org 0 points 4 months ago (5 children)

No try-catch, no early exit condition checking and return, just nuke the system and start over?

[–] kogasa@programming.dev 0 points 4 months ago

Catch and then what? Return to what?

[–] reddit_sux@lemmy.world 0 points 4 months ago

BSOD is the ultimate catch statement of the OS. It will gracefully close all open data streams and exit. Of course it is not the usual exit so it gives a graphic representation of what not have gone wrong.

If it would have been nuking it wouldn't show anything.

[–] Aatube@kbin.melroy.org 0 points 4 months ago

what do you propose, run faulty code that could maybe actually nuke your system, not just memory but storage as well?

[–] ChairmanMeow@programming.dev 0 points 4 months ago

Windows assumes that you installed that AV for a reason. If it suddenly faults, who's to say it's a bug and not some virus going ham on the AV? A BSOD is the most graceful exit you could do, ignoring and booting a potentially compromised system is a fairly big no-no (especially in systems that feel the need to install AV like this in the first place).

[–] Morphit@feddit.uk 0 points 4 months ago

A page fault can be what triggers a catch, but you can't unwind what a loaded module (the Crowdstrike driver) did before it crashed. It could have messed with Windows kernel internals and left them in a state that is not safe to continue. Rather than potentially damage the system, Windows stops with a BSOD. The only solution would be to not allow code to be loaded into the kernel at all, but that would make hardware drivers basically impossible.