Kind of sharing this because the headline is a little sensationalist and makes it sound like MS is hard right (they are, but not like this) and anti-EU.

I mean, they probably are! Especially if it means MS is barred from monopolies and vertical integration.

You are viewing a single thread.
View all comments View context
21 points
*

i find the level of ms apologia unsettling. remember, we’re only a few news cycles away from the time ms almost shipped windows with spyware and keylogger built-in

permalink
report
parent
reply
-2 points

Best summary;

The whole problem with Microsoft in general is that they want to be Apple. They want their own hardware & software ecosystem that they rule over with absolute power. But culturally they’re not Apple, they’re a child that needs 24/7 adult supervision. They can’t and won’t do security, their track record of handling all types of incidents is abysmal, and they’re absolutely terrified of making any changes that might mildly inconvenience enterprise customers. They want all the benefits of controlling their own ecosystem, but will take on exactly zero of the responsibilities. They literally cannot be trusted to secure their own ecosystem and the EU for sure knew this.

https://infosec.exchange/@malwaretech/112837847830156923

permalink
report
parent
reply
7 points

and they’re absolutely terrified of making any changes that might mildly inconvenience enterprise customers

Correction, they don’t think about such changes at all. There are no other concerns than those of big-paying customers, and even then you need a bunch of big enterprise customers request something for the thing to even end up being considered for the backlog.

permalink
report
parent
reply
-6 points

The unaccountable 3rd Party market that is built around MS is what caused the issue.

No OS is 100% secure, but as soon as you allow 3rd Party vendors to fuck around at the kernel level, they get much less secure.

Microsoft is to blame for allowing these fucktards kernel-level access. There were other ways they could have enabled third-party intrusion prevention software without giving away keys to the city.

permalink
report
parent
reply
11 points

again, there’s no need to defend microsoft: microsoft could do the right thing and not try to use the situation in an attempt to undermine eu antitrust policies using a bullshit take.

permalink
report
parent
reply
7 points

Microsoft is to blame for allowing these fucktards kernel-level access.

This is a backwards take.

The only way to have actual security is for the entire kernel to be completely open source. Microsoft is too blame for not giving everyone kernel-level access.

permalink
report
parent
reply
7 points

This is a unique situation because absolutely everyone involved deserves to go bankrupt and disappear into the darkness.

You have a closed-source OS that causes a vast swath of our infrastructure vulnerable to MSFT’s whims and incompetence, and built on top a closed-source AV market that allows the infra to be extremely vulnerable in a second, unrelated way, plus the cross-product of them both since AV gets so tightly integrated to the kernel.

Until we can force MSFT to open-source Windows with a small military invasion of Redmond or some shit, maybe at least this will make people think twice before they install "anti"malware from an equally untransparent corpo straight into mission-critical infrastructure like a horny teenager putting his raw dog into a coconut.

permalink
report
parent
reply
8 points

yup.

also: it was microsoft’s business decision to make the api required for av (or, more general security subsystems) to function so low-level that it has to be delivered as a kernel driver and operate in ring0. i guess it’s primarily for the performance reasons, but still, there are other technical options. someone made the executive decision there.

on the other hand, it was crowdstrike’s business decision to make the bloody update parser run in ring0, and without verification that the update data is correct, nobody forced them to do it that way.

let them both burn.

permalink
report
parent
reply

TechTakes

!techtakes@awful.systems

Create post

Big brain tech dude got yet another clueless take over at HackerNews etc? Here’s the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

Community stats

  • 2K

    Monthly active users

  • 432

    Posts

  • 9.6K

    Comments

Community moderators