Tag Archives: Antivirus

Microsoft / CrowdStrike: Who is responsible for global IT outage?

Is Microsoft or CrowdStrike to blame for the global IT outage of Windows-based systems?! Take a look at the viral claims, and find out what the facts really are!

 

Claim : Microsoft Is Responsible For Global IT Outrage, Not CrowdStrike!

On Friday, 19 July 2024 – a day that will live in digital infamy, businesses and organisations worldwide were hit by an IT outage on their Windows-based systems. Inevitably, some people are blaming Microsoft for this debacle…

Circulating on WhatsApp : Very interesting to see how the media is playing down on the disaster.

Question remains “Not sure how microsoft is going to rollback the update or to install the patch as affected pcs have locked themselves out.”

Recommended : Elon Musk Bitcoin + Ethereum Giveaway Scam Alert!

 

Truth : CrowdStrike, Not Microsoft, Is Responsible For Global IT Outrage!

This appears to be complete misunderstanding of the global IT outage that’s happening only to systems and cloud services based on Microsoft Windows, and here are the reasons why…

Fact #1 : Global IT Outage Caused By CrowdStrike, Not Microsoft

Let me start by simply pointing out that the global IT outrage that started on Friday, 19 July 2024, was caused by CrowdStrike, not Microsoft.

Soon after the outage occurred, CrowdStrike announced (and again) that it was caused by a bug in an update to its Falcon threat detection system.

The IT outage notably did not affect all Microsoft customers and users, only those who purchased and installed CrowdStrike Falcon, which is an “endpoint detection and response” software. This kind of software is designed for large organisations, and that is why this global IT outage is mainly affecting those organisations.

The scale is massive, because CrowdStrike is a leading provider of Endpoint Detection and Response (EDR) software. However, home users and small business users are not affected, because they rely on the built-in Windows Defender software, or consumer-grade software from the likes of Norton and McAfee.

Blaming Microsoft for the buggy update that CrowdStrike issued would be like blaming BMW for defective third-party tyres that leak air, and asking the automotive company to replace or fix those tyres.

Fact #2 : Microsoft Denies Responsibility For Global IT Outage

A Microsoft spokesperson has officially denied responsibility for the global IT outage caused by the CrowdStrike update:

CrowdStrike update was responsible for bringing down a number of IT systems globally. Microsoft does not have oversight into updates that CrowdStrike makes in its systems.

Recommended : Will Microsoft Disable Your Computer If You Share Fake News?!

Fact #3 : Global IT Outage Caused By Bug In CrowdStrike Update

As CrowdStrike explained (and again), the infamous Windows Blue Screen of Death (BSOD) that is caused by a bug in an update meant for Windows-based systems.

The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.

We are working closely with impacted customers and partners to ensure that all systems are restored, so you can deliver the services your customers rely on.

CrowdStrike further confirmed that the buggy code was introduced in a single channel file – C-00000291.sys, with the timestamp of 0409 UTC.

As former Google engineer Arpit Bhayani explained, the buggy code was trying to access an invalid memory location, triggering a panic and causing the BSOD.

I saw many engineers blaming the outage on Microsoft 🤦‍♂️ SWEs blaming without knowing the root cause is concerning.

It is not Microsoft, it is Crowdstrike who released an update for Windows that had a bug. The patch runs in Kernel mode to monitor system activity at a low level.

Because it was running in Kernel mode, the buggy code was trying to access an invalid memory location that triggered a panic and which showed Blue Screen of Death.

The name of the driver file that had the buggy update is “C-00000291.sys”, deleting it fixes the issue and unfortunately this needs to be done manually.

Microsoft has nothing to do with it.

Deleting the file, or replacing it with the previous or newer version, fixes the problem. However, it has to be done manually, as the affected computers and servers have “bricked” and cannot be remotely accessed.

Recommended : US Bans Kaspersky Software Over National Security Risk!

Fact #4 : Microsoft Is Supposed To Vet Driver Updates

While Microsoft may not be responsible for the bug in the CrowdStrike update, some cybersecurity experts believe that it may hold some responsibility.

Costin Raiu who worked at Kaspersky for 23 years and led its threat intelligence team, says that Microsoft is supposed to vet the code and cryptographically sign it. This suggests that Microsoft may have also missed the buggy code in the CrowdStrike Falcon kernel driver update.

It’s surprising that with the extreme attention paid to driver updates, this still happened. One simple driver can bring down everything. Which is what we saw here.

Raiu also noted that past updates to Kaspersky and Microsoft’s own Windows Defender antivirus software have also triggered similar Blue Screen of Death crashes in previous years.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

US Bans Kaspersky Software Over National Security Risk!

The US just announced a ban of Kaspersky Lab software, over national security concerns! Here is what you need to know!

 

US Bans Kaspersky Software Over National Security Risk!

On Thursday, 20 June 2024, the Biden Administration announced a ban of the sale of software made by Kaspersky Lab in the US, due to national security concerns. Unfortunately, this will also cut off updates for users who have already purchased Kaspersky software.

Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use.

US Commerce Secretary Gina Raimondo stated that Russia’s influence over the Russian company posed a significant security risk:

Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponise sensitive US information.

Recommended : The Kaspersky Global Transparency Initiative Explained!

In response, Kaspersky issued a statement to AFP, denying the claim and saying that the US Commerce Department “made its decision based on the present geopolitical climate and theoretical concerns” and vowed to “pursue all legally available options to preserve its current operations and relationships”.

Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies.

In addition to banning its software, the US Commerce Department also added two Russian and one UK-based unit of Kaspersky Lab to its Entity List, for allegedly cooperating with Russian military intelligence to support Moscow’s cyber intelligence goals. US companies are forbidden from providing goods or services to companies on the Entity List.

This is the most serious sanction affecting the Russian company after the US Department of Homeland Security banned its flagship antivirus software from federal networks in 2017, alleging ties to Russian intelligence. The DHS also pointed out that Russian law lets intelligence agencies compel assistance from Kaspersky and intercept communications using Russian networks.

Recommended : Kaspersky Lab Challenges DHS Ban Of Kaspersky Products

 

What Does US Ban Of Kaspersky Software Mean?

While the US has publicly announced its ban of Kaspersky Labs software, it doesn’t go into effect immediately.

The ban on sales of Kaspersky Lab software will only kick in on 29 September 2024 – 100 days after publication, to give businesses time to switch to alternative software. The ban also bars resales, and licensing of Kaspersky products in the US.

New US business for Kaspersky will also be blocked 30 days after the restrictions are announced. Sales of white-labelled products – software products sold or packaged under a different brand name, will also be banned.

Under the new rules, sellers and resellers who violate these restrictions will face fines from the US Commerce Department. Software users won’t face legal penalties, but are strongly encouraged to stop using Kaspersky software. However, critically – users will stop receiving updates for their software from 29 September 2024 onwards.

Russian companies are already subject to US export sanctions, but the UK-based unit of Kaspersky Lab will now be banned from receiving goods and services from US companies.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Fixed Disk Boot Sector – The BIOS Optimization Guide

Fixed Disk Boot Sector

Common Options : Normal, Write Protect

 

Quick Review

The Fixed Disk Boot Sector BIOS feature provides rudimentary anti-virus protection by write-protecting the boot sector.

If this feature is enabled, the BIOS will block any attempt to write to the boot sector and flash a warning message. This protects the system from boot sector viruses. Please note that it offers no protection against other types of viruses.

If this feature is disabled, the BIOS will not block any writes to the boot sector.

This feature can cause problems with software that need to write to the boot sector. One good example is the installation routine of all versions of Microsoft Windows, from Windows 95 onwards. When enabled, this feature causes the installation routine to fail.

Many hard drive diagnostic utilities that access the boot sector can also trigger the system halt and error message as well. Therefore, you should disable this feature before running such utilities, or when you intend to install a new operating system.

 

Details

The Fixed Disk Boot Sector BIOS feature provides rudimentary anti-virus protection by write-protecting the boot sector.

If this feature is enabled, the BIOS will block any attempt to write to the boot sector and flash a warning message. This protects the system from boot sector viruses. Please note that it offers no protection against other types of viruses.

If this feature is disabled, the BIOS will not block any writes to the boot sector.

This feature can cause problems with software that need to write to the boot sector. One good example is the installation routine of all versions of Microsoft Windows, from Windows 95 onwards. When enabled, this feature causes the installation routine to fail.

[adrotate banner=”4″]

Many hard drive diagnostic utilities that access the boot sector can also trigger the system halt and error message as well. Therefore, you should disable this feature before running such utilities, or when you intend to install a new operating system.

Please note that this BIOS feature is useless for storage drives that run on external controllers with their own BIOS. Boot sector viruses will bypass the system BIOS with such anti-virus protection features, and write directly to the drives. Such controllers include additional IDE, SATA or SCSI controllers that are either built into the motherboard or part of add-on PCI Express or PCI cards.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Mikko Hypponen On The Death Of Antivirus @ AVAR 2016

Mikko Hypponen is the Chief Research Officer at F-Secure, where he has worked since 1991. He is one of the world’s foremost expert on computer security, serving on the advisory board of IMPACT (International Multilateral Partnership against Cyber Threats).

He is a sought-after speaker who has given keynotes and presentations at security events like Black Hat and DEF CON, as well as mainstream events like TED and SXSW. He even speaks at military events and writes for BetaNews and Wired.

It was therefore a great opportunity to hear him speak about the purported death of antivirus software and services at the 2016 AVAR Conference. Join us for his full talk on the latest security threats and the future of the antivirus industry!

 

The 2016 AVAR Conference

Malaysia was the host for the 2016 AVAR (Association of Anti-Virus Asia Researchers) Conference with delegates from all over the world. The hosts were F-Secure Malaysia, together with MDEC (Malaysia Digital Economy Corporation) and Cybersecurity Malaysia.

MDEC Vice President Norhizam Kadir kicked off the 2016 AVAR conference by explaining how MDEC aims to catalyse the Malaysian digital economy.

Every year, the AVAR Conference is held in one of its many members’ countries with focus on various aspects of the information security world or underworld. The mission of AVAR is to develop cooperative relationships among prominent experts on cyber security, with participation from countries such as Malaysia, Australia, China, Hong Kong, India, Japan, Korea, Philippines, Singapore, Taiwan, UK, and the USA. [adrotate banner=”5″]

 

Mikko Hypponen : Is Antivirus Dead?

Now, learn from Mikko Hypponen about the latest security threats and the future of the antivirus industry! Whether you are an antivirus researcher, a computer security professional, or just a tech geek, this talk will rivet you. No wonder he’s such a sought-after speaker!

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!