Bad Code And Overreliance On Windows: CrowdStrike Outage Sparks Debate On Alternatives

Last week, the world faced, what was likely, the biggest IT failure in history. Many individuals logging onto their systems with the Windows operating system were greeted with the “blue screen of death.”

However, the problem did not originate from Microsoft, but from a cybersecurity firm CrowdStrike. A buggy software update from CrowdStrike crashed Windows systems, causing widespread disruption, and taking down nearly 8.5 million computers globally.

Industries across the board were affected. Airlines canceled flights, broadcasters couldn’t go to air, and shops couldn’t open. Businesses worldwide use CrowdStrike’s software to protect their IT systems from hackers.

For instance, take the example of Delta Airlines – the carrier is staring at a $500 million financial hit because the outage resulted in thousands of cancellations.

Although CrowdStrike rolled back the update, it took time for companies to get back online. This incident highlighted the fragility of global businesses’ reliance on a few IT vendors.

Microsoft also isn’t safe from criticism, with some suggesting the issue might not have arisen with Apple’s macOS.

In response, Microsoft said that due to a previous agreement with the European Commission, the tech giant is legally unable to implement the same security measures as Apple. 

This has raised an important question: Should companies continue to rely on Windows after this incident?

Will It Happen Again? Experts Are Divided

Troy Hunt, founder and CEO of Have I Been Pwned and Microsoft Regional Director, spoke about the unprecedented nature of the outage. 

“This is undoubtedly the most significant IT outage we’ve ever seen, not just because of the number of impacted machines but because of how suddenly it happened,” he told Benzinga.

Hunt noted that while there is always a risk of such an event recurring, it is likely low given that decades have passed without any similar large-scale incidents.

Mikko Hypponen, chief research officer at WithSecure, described the outage as historical.

He said, “The only comparisons to this would be malware outbreaks like Wannacry or Notpetya. With this incident, the software that was supposed to keep your machine up and running was now taking it down.”

Hypponen went on to say that repairing all affected systems would take days, possibly weeks. He also predicted that this would become one of the most expensive IT problems in history.

Chuck Brooks, president of Brooks Consulting International, also highlighted the severity of the situation in response to Benzinga’s queries.

“The problem is bound to reoccur again as a result of a patching error or misconfiguration issue,” adding, “As expected, threat actors are taking full advantage of the CrowdStrike misstep.”

Outages like These Erode Trust

The incident has raised questions about the future reliance on CrowdStrike and Windows. According to Brooks, some high-profile companies have already abandoned the cybersecurity firm.

However, he noted that replacing cybersecurity platforms is not easy for CISOs and can be costly, so widespread shifts to other vendors in the EDR space are unlikely.

Hunt believes this incident will not push people away from automatic updates. 

“Whilst this outage was impactful for the organizations hit by it, it was nowhere near as impactful as a ransomware incident which is the type of threat regular updates protect us from,” he said.

Few Lines Can Wreak Havoc

To prevent such incidents in the future, experts highlight the need for better quality assurance processes and more resilient IT stacks.

Brooks said that the significant disruption caused by a few lines of bad code in CrowdStrike's update underscores the urgent need for “better quality assurance processes, more resilience, and redundancy” in the IT infrastructures. 

“Better risk management processes are needed to adapt to the new sophisticated cyber-threat ecosystem,” he said. 

Hunt suggested that organizations ensure they have appropriate disaster recovery plans in place. “There are many different circumstances that can lead to an outage and plans to roll over to manual processes remain very relevant, even in this era,” he advised.

Hypponen echoed the need for robust testing and risk management. “End-point security software needed to run with low-level access in order to protect the computer.”

Hypponen said that, unlike standard software that affects only itself when it crashes, security software has the potential to crash the entire computer. 

“Security companies had built very effective quality assurance processes, testing huge amounts of software combinations to avoid crashes. Obviously, those processes failed here,” he stated.

Stick With Windows Or Ditch It?

While experts are divided about how much this will impact companies that rely on both Windows, as well as CrowdStrike’s security solutions, the logistics involved in moving away from either of the two, or both, are considerably massive.

Microsoft’s Windows still owns a significant pie when it comes to desktop operating systems currently in use, with a 72% market share. That means every 3 out of 4 computers in the world run on Windows.

For now, experts remain divided over whether an outage of this proportion will happen again – after all, the world did manage to avoid the massive problem that “Y2K” could have been.

However, IT administrators around would likely be a little more proactive now when it comes to critical updates such as this. Microsoft, on its part, would want to revisit its agreement with the European Commission that grants such critical-level access to third-party solutions.

That's all for this week! If you found these updates useful, you'll like more from this newsletter. Get deeper dives, hot takes, and all the latest tech news delivered straight to your inbox.