Tuesday, 23 July 2024

CrowdStrike and Other Security Nonsense

I don’t have CrowdStrike on my laptop.

So it never stopped working.

*smug*

Computer security software is generally a waste of processing cycles, RAM and storage space. In a corporate, all the security should be on the corporate wall and whitelist maintenance. Inside the corporate wall, no security except firewalls which are more or less unavoidable now. On a personal machine, let the OS take care of security.

If the NSA, GCHQ, the Chinese, Israelis, French, or very probably the Finnish security services want to get at your computer, they’re going to do so. Private or corporate. Does anyone not think the Russians and Chineses had Crowdstrike reverse-engineered (or were just sent a copy of the code) within about a couple of months?

The criminals are pretty obvious, though anyone can be caught off-guard, as I was a few months ago until the voice told me they could not cancel a transaction unless I was at my machine to do this and that. My guard came right back.

Personally, I think the companies who let CrowdStrike - or anyone - push an update out onto their live systems without testing it on an isolated guinea pig system first, deserve anything that happens to them.

And it is way past time that all these software companies, from Microsoft onwards, carried insurance to compensate the consumers who were affected. Not the freaking airlines, but the suffering passengers. The corporates can sue each other, but the consumers should be compensated.

No comments:

Post a Comment