Microsoft says EU to blame for the worst IT outage (opens in new tab)

(euronews.com)

43 pointsmatthewmorgan1y ago52 comments

52 comments

35 comments · 16 top-level

jcfrei1y ago· 6 in thread

What a disingenuous argument by Microsoft - I really hope nobody buys it. Lots of the most mission critical software runs on Linux. They don't have these security issues because they were open from the start.

overstay89301y ago

Linux has the same “security issue” (your words), it’s just considered a skill issue if you foot gun with the tools given to you.

Maxatar1y ago

My understanding is that Linux is just as vulnerable to this issue as Windows but isn't used as often for desktop software. In fact there two security incidents just this year involving Crowdstrike on Debian and Rocky Linux.

thuridas1y ago

What I understood is that in Linux you could program this kind of security tools in use space by having a somehow estable binary API.

Sure, if you access the kernel you can break it. So we should make easier to do the right thing.

EU complained that Microsoft was the only one that could access the kernel because a lot of Microsoft applications needed kernel access.

1 more reply

gjsman-10001y ago

Meh - Microsoft can point to the fact that they saved the day by preventing every Linux device from getting backdoored with the `xz-utils` debacle. The fact that it was caught was an exceedingly lucky break, and had nothing to do with quality engineering, or even that the code was open source.

(Edit for the downvoters - nothing I said above was an opinion. https://news.ycombinator.com/item?id=41049312)

vectorhacker1y ago

I think the fact that it was caught is a testament to the power of open source and the quality of engineering. It speaks volumes about the promise of OSS.

2 more replies

sonthonax1y ago

Linux outages and upgrade fuckups happen all the time. The difference is that Linux isn't on a unified upgrade cycle so issues come as a trickle rather than a dulge, so the problems are usually localised to a corporation and don't make the news.

Also Linux fanboys will usually blame the system admin for not configuring things properly if things break: "it's not the operating system, it's <something stolen from OpenBSD>".

End of the day Linux is only popular because of the inertia UNIX had on mini-computers/servers. For standard end users GNU Linux is lightyears behind Windows and macOS in terms of usability and stability.

wordofx1y ago· 4 in thread

MS is damned if they do damned if they don’t. You can already see it in the comments. “They had 15 years to fix this”, “this na an excuse”, “they are already on the attack” etc.

If MS had blocked these type of things people would be in here complaining about antitrust and MS is evil.

shufflerofrocks1y ago

HN and in general the software community has a hate-boner for Microsoft, it is almost tradition at this poin.

While the hate is valid in many cases, I've observed that the cribbing about it has also been unwarranted or unjustified a lot of the time (also no other corp is held to the same standard) - and this is a prime example.

MS cannot legally restrict third party kernel. Apple can, bc they didn't get struck down like MS did.

MS has an option to not bundle Defender with their OS, which would let them lock the kernel to avoid the anti-trust restrictions, but that would be an insane decision to make.

Damned if they do, Damned if they don't indeed

Alupis1y ago

Every time something like this comes up - people are unwilling and incapable of comprehending regulation has consequences. This is one of the consequences...

Our EU friends really enjoy having all the regs on everything... but then demand to be treated as-if the regs don't exist. It's amazing to see...

throwawayFanta1y ago

Microsoft is stuck because anything they'd do would reduce the "freedom" of end users.

I work in big tech, and unfortunately we frequently need to have conversations about the smallest features because we have evidence about us giving users an inch and they taking a mile.

drawfloat1y ago

They had 15 years to fix this.

bloopernova1y ago· 3 in thread

> Microsoft says 2009 law made cloudstrife outage happen

Or, an alternative interpretation: Microsoft had 15 years to fix any issues.

geitir1y ago

You can’t “fix issues” if the software is running at the kernel level

alephnerd1y ago

The fix is preventing kernel mods, but MS legally cannot.

Sayrus1y ago

Apple did, Microsoft is working on eBPF for Windows[1] but I doubt they'll sunset their kernel modules support. At the very least, it means there are safer ways to load third-party code in the kernel without allowing them to crash your entire system by mistake. Even if kernel modules are still supported, a compliance framework may introduce a "No kernel module" requirement, just like they require a CrowdStrike-like software to be installed.

However, doing so is no easy feat. The first version of eBPF was released over 10 years ago.

[1] https://github.com/microsoft/ebpf-for-windows

1 more reply

poikroequ1y ago· 3 in thread

Why would Microsoft even bother making this comment? Is the outage in some part their fault? I was under the impression it had everything to do with the botched croudstrike update, and nothing to do with Windows itself. This could have just as well happened with some widely deployed antivirus running in the Linux kernel.

dagmx1y ago

The headline is clickbait. Microsoft is saying why they couldn’t secure the kernel against such an attack, and are right in saying that the EU prevents them from closing it off to third parties.

They are not saying the EU is the root cause of the failure, just that they cannot close the hole currently due to the EU.

What they leave out is that they could choose to integrate Defender into the OS for free, thereby removing it as a product to compete against. They could also move Defender to not require kernel hooks either. Neither are options they want to consider currently.

zogrodea1y ago

Integrating Defender sounds like it would create an antitrust issue? If I remember correctly, MS was in the past taken to court and forced to sell some product or other separately, when they previously provided it for free.

No comment about being able to move Defender to not require kernel hooks (I don't know).

gumby1y ago

> Why would Microsoft even bother making this comment? Is the outage in some part their fault?

Two reasons:

1 - Few people understand anything about how their computer (/car/stove/phone/medicine/...) works -- they spend their time on other things.

Without any model of how their device works its easy to misassign responsibility (see how many people think that Safari is Google or vice versa). So it's in MS's interest to try to get the message out. Of course people do this when they are at fault as well.

2 - EU is in a wave of beating up* on certain large companies. This can also be an opportunistic way to push back.

* I am not implying whether I think the EU is correct or not.

Timber-65391y ago· 2 in thread

A ridiculous excuse. They could have provided an non-EU Windows version if that's the case or better yet, create a robust solution as a software vendor to the said security companies.

Tabular-Iceberg1y ago

Then they wouldn't be able to use CrowdStrike.

People interested in running CrowdStrike would be forced to use the EU version anyway, and people uninterested wouldn't be affected by the Crowdstrike bug whether they used the EU version or not, so I don't see exactly how having two versions of Windows would help here.

Timber-65391y ago

My assumption here is that only the EU version of Windows would crash as Crowdstrike bugged only those versions.

The rest of the world would have come to a different solution not based on kernel-level access.

I.e Taking Microsoft's argument to it's literal conclusion.

offmycloud1y ago· 1 in thread

Would that be the same Microsoft that approved and digitally signed the buggy CrowdStrike Falcon Agent kernel mode driver for Windows?

jeroenhd1y ago

From what I can tell, Microsoft signed DigiCert's certificate, and DigiCert signed CrowdStrike's certificate, and CrowdStrike signed the driver file.

Windows kernel signing does not work like Apple's Big Brother approach, it uses a set of certificate authorities.

Microsoft does have a program for verifying drivers: WHQL, which you may recognise from the slower driver that Windows Update installs for your GPU before you download the faster one that didn't pass Microsoft's verification from the manufacturer's website. CrowdStrike doesn't seem to be WHQL-certified.

heisig1y ago

Now Microsoft just sounds like pre-Brexit Britain. Why reflect on your own shortcomings when you can blame the EU instead :)

I suggest Microsoft follows Britain's example and leaves. The main difference is that we Europeans actually miss the Brits, whereas nobody would miss Microsoft and its shoddy products and business practices.

On a more serious note, I fully understand that the Digital Markets Act is causing Microsoft headaches. But I think this headache is well deserved. Big Tech has been building moats where they should have built bridges, and now our computing landscape resembles medieval Germany where everything was at the mercy of a few feudal lords. It is time to drive out those lords and reshape software in a way that empowers, not enslaves.

2 more replies

amai1y ago

The EU prays for a MSexit from the EU. The efficiency gains by that would be enormous. If we could just get also a SAPexit, Europe would become unbeatable.

lionradio1y ago

I laughed

jmclnx1y ago

Looks like a third dup of the same plot:

https://news.ycombinator.com/item?id=41038520

https://news.ycombinator.com/item?id=41029590

ChrisArchitect1y ago

[dupe]

More discussion: https://news.ycombinator.com/item?id=41029590

justin661y ago

I didn’t notice any actual quotations, and the article ends:

Euronews Next has contacted Microsoft for comment

High quality stuff.

throwaway57521y ago

What an incredibly embarrassing response. They didn't even have to say anything.

sandworm1011y ago

Never waste a crisis. MS is already on the attack, seeking to leverage this crisis for its own ends. Machiavelli would be proud.

ragebol1y ago

LOL, sure

asmnzxklopqw1y ago

TLDR; Microsoft says EU to blame for letting competition to exist.

j / k navigate · click thread line to collapse

52 comments

35 comments · 16 top-level

jcfrei1y ago· 6 in thread

overstay89301y ago

Linux has the same “security issue” (your words), it’s just considered a skill issue if you foot gun with the tools given to you.

Maxatar1y ago

thuridas1y ago

What I understood is that in Linux you could program this kind of security tools in use space by having a somehow estable binary API.

Sure, if you access the kernel you can break it. So we should make easier to do the right thing.

EU complained that Microsoft was the only one that could access the kernel because a lot of Microsoft applications needed kernel access.

1 more reply

gjsman-10001y ago

(Edit for the downvoters - nothing I said above was an opinion. https://news.ycombinator.com/item?id=41049312)

vectorhacker1y ago

I think the fact that it was caught is a testament to the power of open source and the quality of engineering. It speaks volumes about the promise of OSS.

2 more replies

sonthonax1y ago

Also Linux fanboys will usually blame the system admin for not configuring things properly if things break: "it's not the operating system, it's <something stolen from OpenBSD>".

wordofx1y ago· 4 in thread

MS is damned if they do damned if they don’t. You can already see it in the comments. “They had 15 years to fix this”, “this na an excuse”, “they are already on the attack” etc.

If MS had blocked these type of things people would be in here complaining about antitrust and MS is evil.

shufflerofrocks1y ago

HN and in general the software community has a hate-boner for Microsoft, it is almost tradition at this poin.

MS cannot legally restrict third party kernel. Apple can, bc they didn't get struck down like MS did.

MS has an option to not bundle Defender with their OS, which would let them lock the kernel to avoid the anti-trust restrictions, but that would be an insane decision to make.

Damned if they do, Damned if they don't indeed

Alupis1y ago

Every time something like this comes up - people are unwilling and incapable of comprehending regulation has consequences. This is one of the consequences...

Our EU friends really enjoy having all the regs on everything... but then demand to be treated as-if the regs don't exist. It's amazing to see...

throwawayFanta1y ago

Microsoft is stuck because anything they'd do would reduce the "freedom" of end users.

I work in big tech, and unfortunately we frequently need to have conversations about the smallest features because we have evidence about us giving users an inch and they taking a mile.

drawfloat1y ago

They had 15 years to fix this.

bloopernova1y ago· 3 in thread

> Microsoft says 2009 law made cloudstrife outage happen

Or, an alternative interpretation: Microsoft had 15 years to fix any issues.

geitir1y ago

You can’t “fix issues” if the software is running at the kernel level

alephnerd1y ago

The fix is preventing kernel mods, but MS legally cannot.

Sayrus1y ago

However, doing so is no easy feat. The first version of eBPF was released over 10 years ago.

[1] https://github.com/microsoft/ebpf-for-windows

1 more reply

poikroequ1y ago· 3 in thread

dagmx1y ago

The headline is clickbait. Microsoft is saying why they couldn’t secure the kernel against such an attack, and are right in saying that the EU prevents them from closing it off to third parties.

They are not saying the EU is the root cause of the failure, just that they cannot close the hole currently due to the EU.

zogrodea1y ago

No comment about being able to move Defender to not require kernel hooks (I don't know).

gumby1y ago

> Why would Microsoft even bother making this comment? Is the outage in some part their fault?

Two reasons:

1 - Few people understand anything about how their computer (/car/stove/phone/medicine/...) works -- they spend their time on other things.

2 - EU is in a wave of beating up* on certain large companies. This can also be an opportunistic way to push back.

* I am not implying whether I think the EU is correct or not.

Timber-65391y ago· 2 in thread

A ridiculous excuse. They could have provided an non-EU Windows version if that's the case or better yet, create a robust solution as a software vendor to the said security companies.

Tabular-Iceberg1y ago

Then they wouldn't be able to use CrowdStrike.

Timber-65391y ago

My assumption here is that only the EU version of Windows would crash as Crowdstrike bugged only those versions.

The rest of the world would have come to a different solution not based on kernel-level access.

I.e Taking Microsoft's argument to it's literal conclusion.

offmycloud1y ago· 1 in thread

Would that be the same Microsoft that approved and digitally signed the buggy CrowdStrike Falcon Agent kernel mode driver for Windows?

jeroenhd1y ago

From what I can tell, Microsoft signed DigiCert's certificate, and DigiCert signed CrowdStrike's certificate, and CrowdStrike signed the driver file.

Windows kernel signing does not work like Apple's Big Brother approach, it uses a set of certificate authorities.

heisig1y ago

Now Microsoft just sounds like pre-Brexit Britain. Why reflect on your own shortcomings when you can blame the EU instead :)

2 more replies

amai1y ago

The EU prays for a MSexit from the EU. The efficiency gains by that would be enormous. If we could just get also a SAPexit, Europe would become unbeatable.

lionradio1y ago

I laughed

jmclnx1y ago

Looks like a third dup of the same plot:

https://news.ycombinator.com/item?id=41038520

https://news.ycombinator.com/item?id=41029590

ChrisArchitect1y ago

[dupe]

More discussion: https://news.ycombinator.com/item?id=41029590

justin661y ago

I didn’t notice any actual quotations, and the article ends:

Euronews Next has contacted Microsoft for comment