CrowdStrike effectively bricked windows, Mac and Linux today.
Windows machines won’t boot, and Mac and Linux work is abandoned because all their users are on twitter making memes.
Incredible work.
CrowdStrike effectively bricked windows, Mac and Linux today.
Windows machines won’t boot, and Mac and Linux work is abandoned because all their users are on twitter making memes.
Incredible work.
Always has been. I’ve clean Symantec A/V off way too many systems in my time, post BSOD. That crap came pre-loaded on so many systems, and then borked them. The problem is, that in order to actually protect system from malware, the A/V has to have full, kernel level access. So, when it goes sideways, it usually takes the system down. I’ve seen BSODs caused by just about every vendor’s A/V or EDR product. Shit happens. Everyone makes mistakes, but when that mistake is in A/V or EDR, it usually means a BSOD.
It’s tough. The Internet and access to networks provides some pretty good advantages to users. But, it also means users making mistakes and executing malware. And much of the malware now is targeted at user level access; so, you can’t even prevent malware by denying local admin/root. Ransomware and infostealers don’t need it. A/V ends up being a bit of a backstop to some of that. Sure, it mostly is a waste of resources and can break stuff when things go bad. But, it can also catch ransomware or alert network defenders to infostealers. And either of those can result in a really, really bad day. A ransomed network is a nightmare. And credentials being stolen and not known about can lead to all kinds of bad stuff. If A/V catches or alerts you to just one or two of those events and lets you take action early, it may pay for itself (even with this sort of FUBAR situation) several times over.
Fair. Thanks for that counterpoint.