christian_taillon (@christian_tail)
twiiit.com
You're correct. Full of zeros at least.

…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

    • planish@sh.itjust.worksEnglish
      381·
      2 年前

      That’s what the BSOD is. It tries to bring the system back to a nice safe freshly-booted state where e.g. the fans are running and the GPU is not happily drawing several kilowatts and trying to catch fire.

        • Aatube@kbin.melroy.orgOP
          22·
          2 年前

          what do you propose, run faulty code that could maybe actually nuke your system, not just memory but storage as well?

        • 𝙲𝚑𝚊𝚒𝚛𝚖𝚊𝚗 𝙼𝚎𝚘𝚠@programming.devEnglish
          11·
          2 年前

          Windows assumes that you installed that AV for a reason. If it suddenly faults, who’s to say it’s a bug and not some virus going ham on the AV? A BSOD is the most graceful exit you could do, ignoring and booting a potentially compromised system is a fairly big no-no (especially in systems that feel the need to install AV like this in the first place).

        • Morphit @feddit.ukEnglish
          9·
          2 年前

          A page fault can be what triggers a catch, but you can’t unwind what a loaded module (the Crowdstrike driver) did before it crashed. It could have messed with Windows kernel internals and left them in a state that is not safe to continue. Rather than potentially damage the system, Windows stops with a BSOD. The only solution would be to not allow code to be loaded into the kernel at all, but that would make hardware drivers basically impossible.

        • reddit_sux@lemmy.worldEnglish
          7·
          2 年前

          BSOD is the ultimate catch statement of the OS. It will gracefully close all open data streams and exit. Of course it is not the usual exit so it gives a graphic representation of what not have gone wrong.

          If it would have been nuking it wouldn’t show anything.

    • Kaboom@reddthat.comEnglish
      72·
      2 年前

      For most things, yes. But if someone were to compromise the file, stopping when they see it invalid is probably a good idea for security