What everyone seems to be missing in the CrowdStri...

[strict9]

>How is it possible that someone sends out an update affecting the behavior of kernel mode code, all at once, simultaneously, to millions and millions of systems around the whole globe at once!?

>I've participated in many roll outs, and never would I allow a big-bang roll out like this. CrowdStrike should be charged with negligence for having this type of process. It's just plain irresponsible.

Agree with all of this. Related to deployment process or lack of one, the hour of the deployment has always struck me from the beginning. The largest impact was in the United States yet an update was pushed very early hours US time.

Presumably the off-hours deployment wasn't because of lowering the potential impact as they sent it to everyone.

[gruez]

>Agree with all of this. Related to deployment process or lack of one, the hour of the deployment has always struck me from the beginning.

This isn't some UI makeover that they can push until next Tuesday. They're pushing updates to the detection logic for what could be an evolving threat, so odd timing of the update is at least somewhat justified. Do you really want a botnet to rip through corporate networks over the weekend while you wait for a Tuesday deploy?

[svantex]

Well, you don't want a fancy anti-virus update to rip through the global population of customers, effectively killing 8.5 million systems (according to an estimate by Microsoft) either in the space of approximately 78 minutes, right? What possible malware threat warrants that risk? And in this case, according to CrowdStrike, it was "to detect novel attack techniques that abuse Named Pipes". That doesn't really sound like such an urgent situation.