On Sun, 21 Jul 2024 10:13:55 +0900 (JST) Akira Urushibata <[email protected]> wrote: > I would like to know about the relationship between Microsoft and > CrowdStrike. It is quite likely that security software requires > privileges that the OS maker has to provide through a special > agreement. I understand this outage a bit differently.
Personally I don't think that the company names are very relevant here. As for the kind of software (anti-malware): it needs to have the most privileges possible to work properly as that kind of software is supposed to detect things like rootkits. To make such an outage you need: - A lot of people and/or organizations to rely on some software that is updated automatically. - To have the producer of that software issue an update that prevent computers from booting (you don't necessarily need privileged software for that, bad luck and a bug, let's say in a filesystem driver for instance, could trigger that too, but if it's more likely if the software is privileged already). The update could either be malicious or be an accident. It could even happen with free software in the future if some (new?) free software businesses follow a business model that has all these ingredients. Now, with free software and the distribution model (what you get with a regular distribution like Trisquel, and that you don't get with Appimage / Flatpak), the update of a software (like xz for instance) doesn't happen instantaneously, and the maintainer(s) of a given software (like xz) cannot force users nor distributions to install the latest update. So that leaves a lot of space for testing and for finding issues, so in case of issues not everything goes down at the same time, and some people/organizations will often find the issue before others. The bigger issue: ----------------- Note that more broadly the free software distribution model differs a lot from nonfree OS, Android, or things like Appimage / Flatpak, so even extremely basic threat modeling can differ a lot. A key difference is that in the distribution model, applications are basically trusted not to be malicious, and a lot of security systems / features are built around that assumption (the privilege drop, or hardening at compilation time are good examples of that). This reduces a lot the attack surface. If we look at Microsoft Windows instead, there people download and run random binaries, so the attack surface is way bigger and too complex to really secure in practice. And if you look at the Iphone instead, in practice it practice manages to remove all users freedom (you can't even run the program you want there without Apple allowing it) without even managing to guarantee users's privacy due to the business model of many applications in the appstore. The issue is that the more we follow a model where we basically give all control to the developers of applications, the more we are exposed to issues that plague these operating systems (Windows, IOS, Android). And the only thing in the way with this model is probably the sandbox, and the fact that not everybody runs the same piece of nonfree or badly written software. For instance you could in theory have an application that for some reason become malicious (it already happened to some libraries packaged with NodeJS), and is updated automatically (this is by design), and manage to escape sandboxing (it only needs 1 exploit, that is not trivial to do though), then exploit buggy out of tree (free or nonfree) WiFi drivers or nonfree firmwares (that is probably easy to do), exploit bugs inside nonfree UEFI (that is probably easy to do but probably doesn't scale well to a big variety of devices) and completely take control of the computers at a very targeted or large scale. And then if that starts happening, you might be tempted to start relying on the same kind of security mechanism nonfree operating systems use to avoid such issues (secure boot, remote control from the company that manages the operating system / app store, using anti-malware software that detect threats, etc). Not only this approach doesn't work well for users freedom in practice, but then you also end up being vulnerable to incident like the Crowdstrike one you mentioned. So the only solution I know to avoid all that mess is probably to use what works well: free software, ideally of good quality (to limit both the attack surface and the need to always update), and to get it though some distribution (like Trisquel, Guix, etc) that don't give all powers to the developers of applications / OS components. As for updates some distributions (like Guix or Trisquel) also provide tools to track CVEs, and some use backported security fixes (like Trisquel). And also a good practice if you run some infrastructure with it is also to reduce the attack surface as this tend to work well (not run services that you don't need, etc). Denis.
pgp2TyAT6gW8k.pgp
Description: OpenPGP digital signature
_______________________________________________ libreplanet-discuss mailing list [email protected] https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
