Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:can't see how the meritless line stands up (Score 1) 56

To find out whether the lawsuit has merit, sometimes you have to sue. It could be an honest mistake and then there's no issue. However, the execs could have made decisions that made something like this happening only a matter of time, for instance firing QA staff. You would want to find out if this is the case so things like this can be avoided in the future through punitive measures. There's no point in taking CS's word for it.

Comment Re:Except Microsoft DID cause the underlying issue (Score 1) 166

All OSs will crash if a kernel module accesses invalid memory. That's not just a Microsoft thing. The risk of ignoring it is too great. You can blame Microsoft for creating an OS that requires third party kernel code to secure it. However, it's too late now. If they were to try to lock down the kernel too many people would complain. It seems the direction they're going in is to try to provide safer alternatives to kernel drivers.

Comment Re:They're all to blame (Score 1) 189

Crowdstrike was using a risky architecture. The driver should not have been parsing directly from a configuration file downloaded from the internet. It should have been processed through a user mode service and then sent to the driver over a well tested interface. In the worst case scenario, the service crashes. It's good to minimize kernel code to prevent things like this from happening. It would be interesting to find out why the CS developers thought that was a good idea. Maybe, some developers complained it was a bad idea and it was never taken seriously.

Comment Re:Liability (Score 1) 201

Agreed that it would be crazy to make a claim that automated tools can find all invalid pointer references. However, if a basic run of VS code analysis in their driver did find this defect that would suggest basic negligence. Kernel developers are supposed to understand what's at stake and code more carefully. They should be using automated code analysis tools and Driver Verifier at minimum. CrowdStrike also chose an architecture that complicates testing by acting directly on updateable configuration data from kernel mode. The configuration should be processed through a usermode service and then sent to the driver through a well defined and tested device driver interface (DDI). MS suggests this approach. In the worst case scenario, the usermode service crashes and the system continues to run.

Comment Re:Liability (Score 1) 201

The MS driver testing doesn't go that far. It does some basic tests and makes sure it's not malware. They simply don't have the resources or know how to thoroughly test each code path of a third party driver. See https://github.com/olljanat/Bl.... They provide resources and documentation on how to create a reliable driver and as a kernel driver developer you're expected to realize you can't crash the system.

Slashdot Top Deals

"It's what you learn after you know it all that counts." -- John Wooden

Working...