Southwest Airlines Avoids Crowdstrike Issues - Thanks to Windows 3.1? (digitaltrends.com) 118
Slashdot reader Thelasko shared Friday's article from Digital Trends:
Nearly every flight in the U.S. is grounded right now following a CrowdStrike system update error that's affecting everything from travel to mobile ordering at Starbucks — but not Southwest Airlines flights. Southwest is still flying high, unaffected by the outage that's plaguing the world today, and that's apparently because it's using Windows 3.1.
Yes, Windows 3.1 — an operating system that is 32 years old. Southwest, along with UPS and FedEx, haven't had any issues with the CrowdStrike outage. In responses to CNN, Delta, American, Spirit, Frontier, United, and Allegiant all said they were having issues, but Southwest told the outlet that its operations are going off without a hitch. Some are attributing that to Windows 3.1. Major portions of Southwest's systems are reportedly built on Windows 95 and Windows 3.1...
UPDATE: Reached for comment, Southwest "would not confirm" that's it's using Windows 3.1, reports SFGate. But they did get this quote from an airline analyst:
âoeWe believe that Southwestâ(TM)s older technology kept it somewhat immune from the issues affecting other airlines today."
Yes, Windows 3.1 — an operating system that is 32 years old. Southwest, along with UPS and FedEx, haven't had any issues with the CrowdStrike outage. In responses to CNN, Delta, American, Spirit, Frontier, United, and Allegiant all said they were having issues, but Southwest told the outlet that its operations are going off without a hitch. Some are attributing that to Windows 3.1. Major portions of Southwest's systems are reportedly built on Windows 95 and Windows 3.1...
UPDATE: Reached for comment, Southwest "would not confirm" that's it's using Windows 3.1, reports SFGate. But they did get this quote from an airline analyst:
âoeWe believe that Southwestâ(TM)s older technology kept it somewhat immune from the issues affecting other airlines today."
Pretty crazy, but also smart (Score:4, Insightful)
Seriously? I wonder what kind of hardware they run it on. And what their software looks like. Crazy.
That said, it's good to know that at least a few companies do get off the update treadmill. If you protect and manage your critical infrastructure yourself, there is no reason to let X different companies continually install updates that you cannot realistically check.
Re: Pretty crazy, but also smart (Score:2)
This is why MS moved to patch Tuesdays. Updates are released on a known schedule to let IT test updates before deploying to production.
Re: (Score:1)
let IT test updates before deploying to production.
”Thus endeth thy lesson for you today, Sir Crowdstrike of Irony.” - King Testbench of Noshittsland
Re: (Score:2)
The drawback to even that is that any change, including bug fixes, runs the risk of introducing new bugs. There is a measurable ratio to this (it's been studied quite a bit). As a program becomes bigger and more complicated, that ratio goes up, to the point where at a million lines of code each bug fix is likely to introduce more than one new bug. The larger the code base, more more new bugs are likely to be introduced with each fix. Good coding practices can certainly reduce that ratio, but perfection is i
Re: Pretty crazy, but also smart (Score:2)
Imagine the sheer amount of dust in those machines?
Or maybe they just run them in VMs? I have a few windows xp VMs myself..
Re: (Score:2)
Either VMs in Linux or actual Win 3.1 running FreeDOS on modern hardware I would guess.
Re: (Score:3)
Re: (Score:2)
Back in the day, Windows 3.1 used to regularly shit itself due to memory leaks. If you were particularly unlucky, it would crash in a way that corrupted system files and you'd need to do a reinstall. I'd imagine anyone actually trying to maintain it in 2024 would have to be really machoistic if they're running it on bare metal (and hardware that can run 3.1 has become increasingly scarce).
Course, if they're running it in a VM, then they're not really running Windows 3.1 - they're really running whatever t
Re: (Score:2)
Windows 95 F-Disk, Format, Reinstall, doo darr, doo darr.... (to the tune of "Camptown Races.")
Also, I think they just announced that all it takes to fuck Southwest over is one network intrusion and some guy with an old copy of Back Orifice... [f-secure.com]
Re: Pretty crazy, but also smart (Score:2)
Abort, retry, fail? oh doo dah day.
Re: Pretty crazy, but also smart (Score:5, Interesting)
Memory leaks were mostly a problem for Windows 3.1 if it ran in the 80386 Enhanced mode, due mainly to insufficiently polished virtual memory manager (WIN386.EXE) and VXDs. In the "80286 Standard mode" Windows 3.1 tended to be much more stable. In fact, Win9x systems contained a minimal Windows 3.1 install, known as FAILSAFE.DRV than ran in Standard mode, and was used for critical tasks that couldn't be allowed to fail, such as the initial compression of the disk with DRVSPACE.
Re:Pretty crazy, but also smart (Score:5, Informative)
Back in the day, Windows 3.1 used to regularly shit itself due to memory leaks
What on earth are you talking about? I've seen third-party software crash and take down the system, but I've never run across a memory leak. It's hard to image such a thing escaping notice, given how resource constrained machines of that era were. You could run Windows 3.1 with as little as 1mb of RAM, if you recall.
A few years back, I had a 3.1 machine setup in a public computer lab as a novelty. It ran for something like 3 months without issue. We had WEP games and some productivity software installed for people to play with. This squares with my personal recollections using Windows 3.1 from ~1993 to 1996.
While not Windows 3.1, from ~2000 to 2002 I maintained a rapidly aging pair of Windows 3.11 servers. The only downtime the first server had was during a failover test and an unusually long power outage.
I'd imagine anyone actually trying to maintain it in 2024 would have to be really machoistic if they're running it on bare metal (and hardware that can run 3.1 has become increasingly scarce)
Remember that Windows 3.1 ran on top of DOS. You can run Windows 3.1 on FreeDOS, which runs on modern hardware.
Re: (Score:3)
What on earth are you talking about? I've seen third-party software crash and take down the system, but I've never run across a memory leak. It's hard to image such a thing escaping notice, given how resource constrained machines of that era were. You could run Windows 3.1 with as little as 1mb of RAM, if you recall.
I think you are confusing the hardware requirements of 3.1 back in the day compared to today's requirements and the quality of the memory management of Windows 3.1. I have seen many bluescreens of death on Windows 3.1. In fact the blue screen of death originated with Windows 3.1 as it was the black screen of death before then.
A few years back, I had a 3.1 machine setup in a public computer lab as a novelty. It ran for something like 3 months without issue. We had WEP games and some productivity software installed for people to play with. This squares with my personal recollections using Windows 3.1 from ~1993 to 1996.
Anecdotally, in a testing lab with a bunch of Windows 3.1 machines, at least one crashed every week in my experience. Since they were not mission critical it did not bring down the lab
Re: (Score:3)
It was Windows 95 that first introduced the BLUE SCREEN crash notification when something serious prevented the system from continuing to run.
Re: (Score:2)
Yeah, my memory is that it was the apps that leaked memory like a sieve, and when we migrated from 3.11 to NT3.51 the same issue followed the same apps. Unfortunately Excel 4.something was one of the apps that leaked, probably through the print queue since closing the app didn't seem to clear it.
Re: (Score:2)
Re: (Score:2)
You could boot bare metal off a floppy with NetBEUI, reach the network share, copy the install files to the local drive, and run it from there. Worked really well.
Re: (Score:2)
Probably just modern hardware running virtual machines so that they have reliable hardware while staying compatible with older software.
Re: (Score:3)
That said, it's good to know that at least a few companies do get off the update treadmill.
Yes if you run a system with the network capabilities of carrier pigeon you can get off the update treadmill. On the flip side if you run a system that is actually capable of connecting to a network then the "update treadmill" is part of security.
We live in a world of zero day attacks. If you're afraid of a Crowdstrike (because it happened once) and therefore decide not to update your systems (bad actor attacks happen daily) then you have a serious risk management problem.
Re: (Score:2)
You're conflating Crowdstrike with good update practices. One does not presuppose the other.
You're correct insofar as if you're running a system on a network, the update treadmill is unavoidable. That doesn't mean Crowdstrike needs to be a part of that. Crowdstrike just, starkly, proved itself to be a particularly nasty single point of failure. It's also obvious that their QA and release process is all screwed up. Crowdstrike is capable of differentiating between different environments, say a test environme
Re: Pretty crazy, but also smart (Score:2)
Being on a Windows version predating NT comes with a completely different set of risks.
So I wouldn't call it smart.
And now when it's known what they run then they are becoming a target.
Re: Pretty crazy, but also smart (Score:2)
Re: (Score:2)
You can buy brand new Windows 3.11 era hardware still. Head over to AliExpress or AliBaba and there are plenty of 8086 and up systems, aimed at running old software on real hardware. You can get 386 and 486 industrial computers.
On the one hand it's probably very easily hackable if someone gets inside their network and tracks down some old exploits. On the other hand, no modern malware will work on a 16 bit only OS, and employees can't open Facebook on those systems.
Also Windows 3.11 works reasonably well wi
Re: (Score:2)
Pretty good FP, though I'm dubious of the "insightful" moderation. You're touching on insight, but I think you need to carry it farther. Yes, the computers are quite limited, but insofar as they are doing something straightforward, like reserving airplane seats, they are already way more powerful than they need to be and the newer and fancier technologies are mostly just adding new failure modes, not improving the essential functions.
But I'm just checking the relatively active discussion in search of Funny.
Misleading (Score:5, Insightful)
Re: (Score:2)
Perhaps they should rename it ON-Strike. Certainly the machines running it are.
What's in a name? (Score:2)
By the way, it's called Crowdstrike, not Cloudstrike, so you might want to fix that title.
Considering the damage this incident has done to their reputation, they may actually want to rebrand.
Re: What's in a name? (Score:2)
Re:Misleading (Score:4, Interesting)
This. It didn't matter what version of Windows you were running as long as you weren't a CrowdStrike customer.
Otherwise, the fact that they're still on Window 3.1 makes my avoidance of Southwest all the easier. Their software has already been proven to be ass. Their planes are almost always disgusting unless you get a fresh one early in the morning.
Re: (Score:2)
Otherwise, the fact that they're still on Window 3.1 makes my avoidance of Southwest all the easier.
I avoid Southwest because all the avionics in their planes runs on old TRS-80 Model I systems strapped under the dashboard with duck tape.
(Although there is one advantage: These machines can't run MCAS.)
Re: (Score:2)
Eh, the changes to MCAS since then makes that mostly irrelevant.
Re:Misleading (Score:5, Interesting)
I avoid Southwest because all the avionics in their planes runs on old TRS-80 Model I systems strapped under the dashboard with duck tape.
The avionics of the plane are dependent the age/model/certification of the plane. It is not like Southwest can just install a Ryzen 7900x with the latest avionics because they want to do that.
(Although there is one advantage: These machines can't run MCAS.)
That is factually untrue [wikipedia.org]: "When the grounding of all MAX aircraft was extended to the US on March 13, 2019, Southwest Airlines was significantly impacted as the largest operator of the MAX, with 34 grounded aircraft representing 4.5% of its fleet " Southwest was affected by the 737 groundings. Since 2019, Southwest still currently has the largest 737 MAX fleet of any airline.
Re: (Score:2)
I'm sorry, were you somehow under the impression that I was in any way being serious?
Re: (Score:2)
Re: (Score:2)
My statement that they control airliners with TRS-80s didn't seem sarcastic to you? I thought that you were claiming to know something about avionics.
Re: (Score:2)
Re: (Score:2)
but folks failing to recognize the sarcasm of "old TRS-80 Model I systems strapped under the dashboard with duck tape." is fortunately still uncommon . . .
I don't think you need to know much about computers to, even if you miss the 1970s model reference, that it wouldn't be held on by duct tape . . .
Re: (Score:3)
What we have here is a known problem, called the "Normal Accident Theory." [princeton.edu] As systems get more and more complex, eventually, something is going to come into conflict at some point.
It's also "big news" because people are mad about the airline delays. But let's be honest, CrowdStrike's competitors can be far worse. McAfee causes wide-ranging Windows BSOD issues at least yearly, they just had one outbreak in January.
Re: (Score:2)
Re: (Score:2)
Here's the thing though: any choice in this arena will almost certainly be in the zone of Normal Accident Theory. Most companies do not have their own fabrication teams, nor programming teams large enough to code entire operating systems plus all of the other software they might need.
They're buying computer hardware, premade, from a major vendor.
They're running a Windows version of some sort, or maybe some Unix/Linux variant. (Side note: Apple has basically given up even trying for the enterprise systems
Re: (Score:2)
If they are using CrowdStrike they almost certainly have a seven figure or greater security expense.
CrowdStrike is a "we have no clue what to do about what to do about ransomware let's buy something" mentality.
If you are going to stop ransomware you need to rethink your recovery strategy. Immutable infrastructure is generally very resilient to ransomware as there can be a huge amount of read only disks which greatly resist encryption and allows you to delete and recreate much of your infrastructure reliabl
Re: (Score:2)
If they are using CrowdStrike they almost certainly have a seven figure or greater security expense.
Thank you for confirming you have no fucking clue what you're talking about.
Re: (Score:2)
Banks don't even bother to hire a web developer any more, it's all contracted to lowest-bidder in India. That's why a few years ago Chase customers could change the account number in the URL for their online banking web page and be in someone else's account.
utterly untrue (Score:2)
>(. . . MacOS is a forked Unix variant so that Apple can barely-legally
>steal FreeBSD and NetBSD's code, write their prettified front-end,
>and never give any code back to the community.)
Of course, that is utterly untrue.
They *did* pump massive numbers of fixes back.
On top of that, Darwin, it's resulting *BSD, is released under a free license.
But don't let facts get in the way.
Re: (Score:2)
Multiple systems means maintaining multiple systems, which is a headache and expensive in manpower. It's also generally more expensive for the licenses, which for enterprise installs are frequently $Z overall license + $Y per seat it's installed. With three installs you now end up paying for 3 x $Z.
Re: (Score:2)
Or you could come up with an architecture and defense strategy that doesn't involve using CrowdSrike nor their competitors.
Good luck explaining that to your auditors, regulators, and cyber insurance company.
Re: (Score:3)
Or you could come up with an architecture and defense strategy that doesn't involve using CrowdSrike nor their competitors.
Good luck explaining that to your auditors, regulators, and cyber insurance company.
I have been there.
If you know what you are doing, It is just a couple of extra meetings before the auditors sign off on your alternative remediations. If you have no clue why you are doing what's on the checklist but just following the checklist then you won't be able to explain to your auditors why you have effective remediations for what they checklist is trying to accomplish.
I say this as having been a security officer at a health tech company that held Anthem PHI without being HITRUST compliant and re
Re: (Score:2)
before the auditors sign off on your alternative remediations
Please, do list these that are not "competitors of CrowdStrike." I dare you so we can all laugh at your dishonest ass.
Re: (Score:2)
I also don't necessarily want them to have complex, bleeding edge stuff either. There can be, and is, a good middle ground and Southwest isn't near it.
Re: (Score:2)
McAfee once labeled the OnGuard.exe program a virus and destroyed the functioning of thousands of Lenel (the largest vendor of integrated security software/hardware) installations, including their own. Yep, they hadn't even tested the update file against their own network before releasing it. I started working in the physical security profession about a year later, and heard horror stories of electricians, cable pullers, even the salescritters, being pressed into service to restore the damn file on my emp
Re: (Score:2)
Interestingly Russia is unaffected by the CrowdStrike issue, because of the sanctions CrowdStrike isn't operating in Russia at all. Yet another way the sanctions benefit Russia more than intended.
Re: (Score:2)
The World Bank just upgraded Russia from an 'upper middle income' country to a 'high income' one a couple of weeks ago. They've sold more petroleum the last two years than ever before, and none of it for Petrodollars. They're running their highest ever trade surplus. The sanctions sure as hell don't seem to be doing much damage.
Re: (Score:2)
Re: (Score:2)
3.1? (Score:4, Insightful)
```
Microsoft introduced a new operating system called Windows 95, to replace its predecessor operating system Windows 3.1. The 95 in Windows 95 refers to the year of its introduction: 1995. By some accounts, major portions of Southwestâ(TM)s scheduling system for pilots and flight attendants is built on the Windows 95 platform.
```
Is there a reliable source for the 3.1 claim other than this linked contradictory source?
Re: (Score:2)
Yes, but they must be running MSWindows95b. And IIRC even that version required an add-on to access the internet. (What was the name of that add-on? I forget.)
But Windows95a crashed every month (well, every 49.7 days), so they're probably not using that.
Re: (Score:2)
required an add-on to access the internet.required an add-on to access the internet.
socks?
At any rate, that may have been the source of their security. Everything you need to do your job is on your LAN. You don't need the Internet. So you can't have it. No Slashdot, eMail, Pornhub or Amazon on your work system
But Windows95a crashed every month
So, just turn it off every night and back on in the morning. Even some planes [theregister.com] need to be rebooted once in a while.
Re: 3.1? (Score:2)
Are you thinking of Trumpet Winsock?
Re: (Score:2)
Depends on the software, and how and what it communicates. Our cash registers run on state of the art Win10+, but the basic operations run, essentially, as a terminal emulator. The official bandwidth requirement for a cash register is 10k. 10,000 baud. Because it's text only, and not that much of that. The credit card pads require more bandwidth (and again, not much more).
So it's possible, especially if it's entirely within their network with no internet access.
Re: (Score:2)
Why not? They probably wrote the end user interface to work on Win 3.11, it still works, and everyone in the company knows exactly what it does and doesn't do. The connection to the back end is almost certainly some dumb terminal emulation with all the secret-squirrel code combinations everyone in the industry learns and can do in their sleep. For that matter, the OS itself is probably running on a VM somewhere that gets shut down every time the user disconnects. It's a cheap, reliable, and pretty much
PDP-11 to the rescue (Score:3)
I maybe have a better approach for all those enterprises. You can call me at 555-DEAD-BEEF
Re: (Score:2)
Re: (Score:2)
I wonder if Ticketmaster is still running their virtualized PDP-11?
Re: PDP-11 to the rescue (Score:2)
Nope. They moved to FORTH-based 8-bit systems since long now. Mainly Z80s and 6501s.
Do they boot the planes from floppy disks too? (Score:1)
Re: (Score:2)
Re: (Score:2)
Ironically enough they replaced the ATM at my last company with one running XP.
Guessing it needed the extra capability to serve up all those ads and play commercials and do all that other shit no one asked an ATM to do. Ever.
Re: (Score:2)
More likely, the hardware in the old one finally failed, and isn't made any more, Win 3.1 doesn't have drivers for something in the "next generation" repurposed-old-hardware model, and the manufacturer chose to move forward a kernel or three rather than hire someone to try to code new drivers.
Re: I'm not sure of my facts here . . . (Score:2)
No one is a bit of a stretch. The c-suite execs almost certainly did ;-)
I doubt it's "most" at this point (Score:3)
Back in the mid '00s, ATMs tended to use eComStation (an OS/2 derivative) and Windows XP Embedded was starting to be rolled out on the newer ones. I doubt they moved back to Windows 3.1, although there may be some ATMs that still use it.
You're right that Windows 3.1 didn't include TCP/IP. Microsoft specified the WinSock API, but you needed to install a third-party implementation of it.
Re: (Score:3)
Back in that era, most UK ATMs ran OS/2.
Re: (Score:2)
Very few (if any) ATMs run windows 3.1 or ever did...
Older ones often ran OS/2, newer ones tend to run XP, 7 or 10. Most of the hardware in any ATM made in the last 20 years is attached via USB which win3.11 doesnt support.
Re: (Score:2)
The first ATM I ever used - in the early 1980s - was a batch-mode machine with a display that was presented on a roll of some sort of flexible material - it might have been rubber or similar - spooled around two cores, and moved forwards and backwards. Think of 35mm chemical film, with a different image on each frame. It belonged to a credit union but was able to process cards from other organisations.
You put your card in, poked a "start" button, and the roll was positioned at the frame that told you enter
Re: (Score:2)
XP, or OS/2 (ecomstation)
The world will be saved by a (Score:2)
...Commodore 64 in a cave.
Re: (Score:2)
fake news / reading failure (Score:5, Informative)
I went two articles deep looking for the root-level citation. Here it is:
"Some systems even look historic like they were designed on Windows 95."
Read that again. "Look historic like." Not *are* Win95, or indeed Win3.1. Probably just VB6 applications with outdated controls.
But nobody bothered to read two articles deep, and then somebody tweeted authoritatively that they were running Win3.1, and now it's a Known Fact. This shit pisses me off so much. Great example of how stories grow in the telling.
Re: (Score:2)
Re: (Score:2)
Well...nothing has changed (Score:2)
I used to work for a business travel agency back in the 90's. We developed for their systems using Win31 and 95.
Re: (Score:2)
Only it's a lie (Score:5, Informative)
So congrats, you all bought it hook, line, and sinker.
Re: (Score:2)
Southwest does not run their shit on Windows 3.1.
For one thing, there's no TCP/IP stack in Windows 3.1, so how would that otherwise even meet an airline's requirements?
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
It's a two floppy disk ad-on to make your Win 3.1 install run TCP/IP.
Re: (Score:3)
In the Corporate world... (Score:2)
Don't use computers (Score:2)
Just use handwritten tickets like what grandpa used to fly with. If it was good enough for taking a flight on Pan Am to Rio, it's good enough for you today.
SW-Dust (Score:2)
Southwest Airlines Avoids Cloudstrike Issues
So are they saying "Counter-terrorists win"?
Why not? (Score:2)
Since Nazis could fly a spaceship from the backside of the moon with an iPad...
Southwest is having fun... (Score:2)
https://preview.redd.it/how-th... [preview.redd.it]
2 other US based airlines reported no problems (Score:3)
American Airlines was largely impacted along with their hubs. No surprise there. They are the most incompetently run airline in the USA.
United Airlines reported problems. So did their major hubs. Ugh. Was hoping for better here, but not completely surprised at this.
Delta Airlines reported problems along with its major hubs. I honestly expected better from Delta here.
All the big minor carriers reported problems except
Southwest. Kind of shocked. I thought they did a recentish major IT upgrade and they probably didn't go Linux. Maybe their lack of problems was that their crap is still old as hell.
Alaska Airlines didn't report any problems.
Hawaiian Airlines, now a subsidiary of Alaska Airlines, also reported no problems. Maybe those 2 have good (Linux) tech.
Re: (Score:2)
If well-isolated, no problem (Score:2, Interesting)
One of the most insane things many enterprises do these days is not keeping a strong perimeter. "Zero Trust" by Google is a striking instance of that insanity. If you isolate things well, there is really no issue using older systems. But you really need to know hat you are doing.
Airlines still use mainframes (Score:3)
Some airlines probably use something older, TPF, that dates back to 1979 running on Z system mainframes, and PARS, which is built on it. I imagine the bad crowdstrike thing probably impacted the terminals at airports that run Windows but interface to a mainframe
Re: (Score:2)
Yes, CrowdStrike would have affected Windows machines running as front-end terminals for any airline that has that. It may also affect a lot of the operational systems that often run on Windows (flight planning & dispatch, gate planning, etc)
Southwest does not use TPF any more, they're hosted by Amadeus and they're completely off the mainframes these days. SWA's previous system was running TPF, it was originally based on a clone of Braniff's system years ago, but this system was shut down about 8-10 y
I remember seeing this in 2004 (Score:2)
Trigger warning for any hardcore originalists
The 1979 show was good but I really liked the new one better
Business Recovery Plan Failures (Score:2)
No Funny here (Score:2)
Disappointed again. Another humor-rich target missed. (But I can't help. Stopped flying long ago, though I'm pretty sure I've flown on Southwest at some time in the past.)