- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Botched update leads to claims that competitors are “ambulance chasing.”
I honestly don’t understand they’re still in business. First of all I’d think the claims by impacted customers would be fairly astronomical, and second, any IT director worth his or her salt will never, ever touch anything from this company again with a 10-foot pole.
They do long term contracts. They’re not gonna see many renewals but before then they’re likely to continually see cash influx from monthly current subscribers. But I view them as a dead company walking, like LastPass
Who else do you go to though? Ring 0 fed ramp security vendors are not exactly common.
They’ll keep a lot of business just from lock in
There’s gonna be at least a few companies who correctly assess that there aren’t many because it wasn’t a good idea giving third party access to corporations to Ring 0
I would be less worried about being on the receiving end of a Nelson “Ha Ha” from the entire IT world, and more worried that Microsoft will ban the side load pattern into the kernel area CrowdStrike depends on for updating their software but also the potential of a major exploit through their software. They have essentially recreated a similar pattern that had Microsoft introduce DEP but for the Kernel. There would be individuals and groups now trying to work out how to exploit knowing there are at least 8 million machines vulnerable and access to the kernel became slightly easier. Hopefully they at least have some cryptographic protection on code that is side loaded so someone can’t just dump a file in the right location.