CrowdStrike Outage Exposes Windows Risks: Why Linux is the Better Choice

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
1,244
Reaction score
2,372
Credits
3,794
On July 19, 2024, a significant incident underscored the vulnerabilities of Windows for mission-critical tasks. A CrowdStrike sensor configuration update caused system crashes and blue screens of death (BSOD) on millions of Windows devices, disrupting businesses, hospitals, airlines, and more. This event highlights the need for a robust and reliable alternative: Linux.

The Incident: A Case Study

The CrowdStrike incident had far-reaching consequences:

  • Affected Sectors: Hospitals, airlines, government offices, banks, and educational institutions.
  • Scale: An estimated 8.5 million Windows devices were disabled.
  • Impact: Flights canceled, emergency services disrupted, and critical business operations halted.

This was not a cyberattack but a severe misconfiguration issue, showcasing the risks of frequent and automated updates on Windows systems. The outage not only highlighted the fragility of the Windows ecosystem but also prompted a reevaluation of alternative operating systems for mission-critical applications.

Linux: A Reliable and Secure Alternative

Linux systems were unaffected by this event, highlighting several key advantages over Windows for mission-critical tasks:

1. Stability and Reliability
Linux is known for its stability. Unlike Windows, which often requires reboots due to updates, Linux can run for extended periods without downtime. This reliability is crucial for continuous operation in sectors like healthcare and finance, where any interruption can have serious consequences.

2. Security
Linux's security model emphasizes strong permissions and user roles. While no system is completely immune to threats, Linux's architecture makes it less vulnerable to the systemic issues that can arise from updates, as seen in the CrowdStrike incident. The open-source nature of Linux allows for rapid identification and patching of vulnerabilities by a global community of developers.

3. Transparency and Control
Being open-source, Linux offers full transparency and control. Organizations can customize their Linux distributions to meet specific needs, reducing unnecessary components and potential vulnerabilities. This customization can be tailored to the specific security and operational requirements of any organization.

4. Community and Support
The Linux community is vast and active, providing a wealth of expertise. Many enterprises offer professional Linux support, ensuring businesses have the help they need. The collaborative nature of the Linux community also means that best practices and solutions are shared widely, benefiting all users.

5. Cost-Effectiveness
Linux is often more cost-effective than Windows, especially in terms of licensing fees. This can lead to significant savings for large organizations, freeing up resources for other critical areas such as innovation and security enhancements.

Successful Linux Implementations

Many organizations have successfully implemented Linux for critical operations:

  • Stock Exchanges: The New York Stock Exchange and London Stock Exchange use Linux for its reliability and performance, handling billions of transactions smoothly.
  • Air Traffic Control: Some systems use Linux for its stability and real-time capabilities, ensuring that air traffic operations run without interruptions.
  • Supercomputers: Most of the world’s supercomputers run on Linux, showcasing its scalability and efficiency. These supercomputers perform complex computations essential for scientific research, weather forecasting, and more.

Key Takeaways

The CrowdStrike outage highlights the risks of relying solely on Windows for mission-critical systems. With its stability, security, and flexibility, Linux offers a compelling alternative. Businesses, especially those in critical sectors, should consider integrating Linux into their IT infrastructure to enhance resilience and ensure reliable operations.

Exploring Linux can provide organizations with a more secure and reliable foundation, minimizing the risk of future disruptions and maintaining continuous, reliable service for their critical tasks.
 


This event highlights the need for a robust and reliable alternative: Linux
Affected Sectors: Hospitals, airlines, government offices, banks, and educational institutions
This is what I would expect from managers of these sectors, at least they're supposed to be smarter than those who aren't managers.
 
My take from this incident is different:mono-culture is dangerous. What is needed by any organization is to keep different OSes in equal ratio.
Crowdstrike broke Linux Debian too, except that Crowdstrike did not care and let it go unfixed for long time (month?).
If one combines Linux/BSD/OSX/Windows then system will be more resilient to breakage the way it happened.
 
Microsoft says the European Union is to blame for the world's biggest IT outage on Friday following a faulty security update.

A 2009 agreement insisted on by the European Commission meant that Microsoft could not make security changes that would have blocked the update from cybersecurity firm Crowdstrike that caused an estimated 8.5 million computers to fail.
Microsoft has Windows Defender, its in-house alternative to CrowdStrike, but because of the 2009 agreement made to avoid a European competition investigation, had allowed multiple security providers to install software at the kernel level.

I'm not going to prove a link because of politics forum policy but this is basically a quote from newspaper, MS blames the EU for their unstable $hity spyware system.

I hope the EU bans MS all together together together with the rest of hostile services and products that we in EU don't need nor benefit from.

MS was supposed to update their kernel according to the law, and if they're not capable do that then they have no right to blame anyone.
 
Last edited:
This is what I would expect from managers of these sectors, at least they're supposed to be smarter than those who aren't managers.
In many cases, this decision is not in the hands of the managers and IT departments, when I was working, I delivered a car to the new head of IT at a large NHS hospital group, we were chatting about different OS's, and he told me they were running XP. that's years out of date I said, his reply was I know, I would like to change to enterprise Linux, BUT the government has the say in what system the whole health service uses, they won't even pay for upgrades.[that was about 6 yrs ago]
 
The same thing could happen on Linux if you ran an anti-virus or security tool that has kernel level access and the vendor pushed a bad update.
 
Linux is always the better choice but you can't tell some people as they are set in their ways...doesn't matter what happens.
1721717332756.gif
 
his reply was I know, I would like to change to enterprise Linux, BUT the government has the say in what system the whole health service uses
Wow, if the government's budget is so low to not be able to pay for latest Windows then it's yet another reason to switch to Linux which is free.
I really don't understand their rationale but I heard in universities students are learning on several years out of date compilers as well, and that's not in some poor country but in the US and basically almost everywhere.
It's really difficult to say why, at least MS gives up free IDE editions for students.
 
Wow, if the government's budget is so low to not be able to pay for latest Windows then it's yet another reason to switch to Linux which is free.
Governments don't care about how expensive something is and they don't care about something being free. They care about if it all goes to crapper they they can call on a vendor to fix it for support. If you use an opensource project such Debian then you have no one to call if it goes to the crapper.
 
Last edited:
If you use an opensource project such Debian then you have no one to call if it goes to the crapper.

we get Rob to change the name of the site to crap busters
GuksxMydCVPtOBFhKrhX.gif
 
Governments don't care about how expensive something is and they don't care about something being free. They care about if it all goes to crapper they they can call on a vendor to fix it for support. If you use an opensource project such Debian then you have no one to call if it goes to the crapper.
Redhat? Lol.
 
Governments use Redhat too but either way Governments don't really care about opensource.
I think I know another reason why, it's well known universities have contracts with MS to use their software for reduced price if not for free, only to make new developers embrace Windows and MS's way of programming.

I'm pretty sure governments also have contracts with MS for reduced price, after all governments are above universities.
 
Governments use Redhat too but either way Governments don't really care about opensource.
The issue being discussed in the thread is not really about open source, but linux having better uptime. There would be a way for governments to fix that but they probably won't because they also don't have much of an issue with catastrophic error and incompetence. Those two things give governments another way to pretend they have the only real solution to a crisis.
 
It's an eye opening event for sure. And I hope some will heed the warning it gives, before some not so friendly entity takes advantage and puts the whole system in a dire situation. Thanks Rob for the post
 
Wow, if the government's budget is so low to not be able to pay for latest Windows ...
I don't think their budget is low. Their priorities are elsewhere. Just learned yesterday, that Rwanda fiasco costed us over 700 million already, I think nobody was sent out there yet, and in the about 5 years span it would cost us further £10bn, just to send a few hundreds out there (if ever). Test and Trace with daily pay £7000 to some individual 'consultants' and not really delivering for some £30bn is another such sad case. Dido Harding put into charge, after failing Talk-Talk for two consecutive years... I could go on and on... efficient service to the public wasn't the top priority. Hope the new govt will make some positive changes. It is about the time.
 
Wow, if the government's budget is so low to not be able to pay for latest Windows then it's yet another reason to switch to Linux which is free.

I hear this argument all the time, even where I work. It costs too much to upgrade.
I wonder how much this little snafu cost crowdstrike? Fines from the airlines, banks, legal fees, employee overtime,
extra contractors, etc...

Also, while I'm definitely a Linux proponent, all Linux support isn't free.
You can get a Redhat Enterprise subscription for VMs only for about $2700.00 (unlimited), but physical machines add up in a hurry,
close to about $100 each, but that's a large-scale price. We support several different customers, so they can't use the same license. I'm not in the finance dept, but best guess we are paying over $30,000 a year for Redhat support.

Still, while that isn't free. It's much cheaper than Windows.
For example Windows Server Datacenter edition is about $6100.00 per server. (ours is a 16 core system)


If you're running something like MS SQL, with a 20 user CAL, on that same server, add about another $4500.00.


I wouldn't doubt that large scale Windows Servers users get discounts, but we don't have that many Windows servers.
So that's over $10,000 for just one M$ server. Three of them cost the same as my entire Linux infrastructure.
About 550 physical Linux servers, and well over 2,000 Linux VMs. It's possible we have some Windows VMs, but
that's a different team.

500 servers for the same cost as 3?
 
Last edited:
The issue being discussed in the thread is not really about open source, but linux having better uptime.
I know, some people were claiming it couldn't happen to Linux saying why governments should switch to opensource.
 

Staff online

Members online


Top