It is one of the best systems available for realtime protection of windows systems against various threat actors. Prior to today you could probably have said 'no one gets fired for recommending Crowdstrike as the security tool for the company.' It is everywhere and in particular if you are a large org with a lot of Windows seats you are likely a Crowdstrike customer.
What the heck is it doing? My work laptop fan always seems to be blasting air whether it is 10pm or 3am. It's in a reboot loop now so I just shut it off.
All my Linux machines are all quiet when nothing is running. In contrast I go to the bathroom at 10pm or 3am and the work laptop fan is blasting. I've logged and see some other security stuff taking up CPU cycles but it happens at least a few times an hour. I wonder how much electricity the world is wasting with this crap.
When I first got the laptop when I started this job 5 years ago I thought it must be infected with malware because it was always running the fan so I put it in a separate VLAN so it can't attack my home Linux machines. IT told me it is security software. Who knew that the cyber attack would come from inside the security software.
Some of these services go even further. One time, our IT department was being sales-bombed with a service that would remove our actual login credentials to servers, and then "for security" we'd access said servers using a MITM website kind of thing that would be behind our corporate AD-login. I didn't even find out the full intricate details before telling them to "nope this the fuck out" and stay away with a 10-ft pole.
It's like these people have nothing better to do with their time and just absolutely have to have to design and build a product for the sake of it, and then dump it on marketing for > 0 amounts of sales through pretty-much wearing IT departments down. Or in the case of this Crowdstrike thing, through the protection racket known as security audit compliance.
It injects itself into (at least) every executable startup and every executable write to disk. It's quite noticeable if you have it installed and run, say, an installer that unpacks a lot of DLL files, because each one gets checksummed and the checksum sent to a remote host. Every time.
I hated it before this incident and I will be bringing this incident up every time it is mentioned.
So it exists because nobody has any idea what the execution graph of their programs are, and CS is down because of that too.. Do we really need this level of dynamism in our programs?
And like most AV systems it seems to be a bigger threat than what it supposedly protects against. Seriously how is it acceptable to have one corporation push a live update and take down tons of critical services all over the world. Just imagine what a malicious actor could accomplish with such a delivery vector.
Indeed. The xz backdoor team must be kicking themselves: "We spent years getting our own vector into a tool, only for our world domination plans to be thwarted at the last minute ... we could have just bribed someone at CS!"
