this post was submitted on 06 Oct 2024
338 points (98.3% liked)

Asklemmy

44143 readers
1278 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

I would honestly think freezing airports, hospitals and other services for days would cause a lot of legal trouble.

At least that's what would happen if an experienced hacker did the same thing.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] digdilem@lemmy.ml 20 points 2 months ago (1 children)

They have a shitload of big contracts with a great many companies across the world. Money keeps coming in.

Legal actions take time. Years. Sometimes decades.

The software, when it isn't bricking computers, is actually pretty good.

This could equally have been caused by any other software running at ring 0. That's most antivirus software and most drivers. Drivers caused BSODs all the time - the difference here is only one of scale and timing. And, as it turns out, some pretty terrible quality control, test processes and release scheduling - and that is likely to be the focus of many of the legal actions.

Your reference to a hacker is spurious - deliberate vs accidental is a major distinction. As is cause and effect - Microsoft can be seen as equally to blame for allowing software to run at ring 0 and allowing this to happen.

[โ€“] clutchtwopointzero@lemmy.world 6 points 2 months ago (1 children)

Need to remember that Microsoft was forced by regulators overseas to allow ring 0 third party software as part of antitrust proceedings. But the notion that antivirus software companies must be allowed to exist (instead of making the kernel infection proof) is also ridiculous

[โ€“] digdilem@lemmy.ml 4 points 2 months ago (1 children)

Microsoft was forced by regulators overseas to allow ring 0 third party software as part of antitrust proceedings.

Interesting - I wasn't aware of that. Gave me a few minutes of interesting googling, thanks.

Looks like some people don't agree that is an excuse.

Also worth remembering is that Crowdstrike stopped RHEL 9 machines booting in a vaguely similar update to their falcon service a few months earlier, so it's not something that is exclusive to Windows. That also needed manual intervention to get vms booting. (I dealt with that one too - but it's easier to roll back to the previous kernel with Linux and we had fewer machines that were running falcon) Not surprisingly, there was a very similar blame game played them.

I heard the argument on the link you shared before but I can't figure out what "appropriate controls" would look like. That too sounds quite hand-wavy.