The CrowdStrike Windows outage that hit the world this week stems back to an EU-Microsoft deal from 2009 that meant Microsoft had to give antivirus vendors the same Windows API access it had.
But what if Windows have something similar to eBPF in Linux, and CS opted to use it, will this disaster won’t happen at all or in a much smaller scale and less impactful?
If you load hacky shit into the kernel it can always find a way to make a nasty surprise. eBPF is a little bit better fence, not some miracle that automatically fixes shitty code.
But what if Windows have something similar to eBPF in Linux, and CS opted to use it, will this disaster won’t happen at all or in a much smaller scale and less impactful?
Crowdstrike managed to fuck up Linux through eBPF just as well.
https://access.redhat.com/solutions/7068083
If you load hacky shit into the kernel it can always find a way to make a nasty surprise. eBPF is a little bit better fence, not some miracle that automatically fixes shitty code.
But these eBPF loader bugs are fixed now. Windows drivers are still causing BSODs and will continue to do so until Microsoft adopts eBPF.