Apple Turned the CrowdStrike BSOD Issue Into an Anti-PC Ad

An anonymous reader shares a report: It's been a while since Apple last mocked Windows security, but the iPhone maker has just released an ad that hits Windows hard. The eight-minute commercial pokes fun at the CrowdStrike Blue Screen of Death (BSOD) issue that took down millions of Windows machines last year.

Apple's ad follows The Underdogs, a fictional company that's about to attend a trade show, before a PC outage causes chaos and a Blue Screen of Death shuts down machines at the convention. If it wasn't clear Apple was mocking the infamous CrowdStrike incident, an IT expert appears in the middle of the ad and starts discussing kernel-level functionality, the core part of an operating system that has unrestricted access to system memory and hardware.

Matthew 7:3

[TwistedGreen]

Crowdstrike supports MacOS endpoints as well so there's no reason this couldn't happen on a Mac.

That said, who watches an eight minute commercial? At a certain point this passes from advertising into propaganda.

Re:Matthew 7:3

[Jabes]

They specifically say why the kernel does not (and does not need to) give the same low level access for third party scanners.
Interestingly macos is on a read-only volume

Re:

[thegarbz]

Indeed they don't, and you don't need to on Windows either. It just so happened that Windows wasn't quite as walled gardenish as Apple protecting you from using your computer.

Sidenote: know what other systems Crowdstrike has a history of taking down hard at boot? ... Linux / Unix. Do they suck too?

Re: Matthew 7:3

[drinkypoo]

The failures on Linux could be repaired remotely, unlike the infamous failure that took down all of those windows machines. Not surprised you're trying to equate the failures, though.

Re:

[thegarbz]

False. They caused a kernel panic during boot on loading the epbm module. The only way to fix this remotely was on systems that Linux happened to actually be running on, given the benefit of having BMS and being able to open a *local* terminal over the network.

Not surprised you once again have no idea what you were talking about.

Re:

[jonbryce]

Yes there is, because MacOS is an immutable distro, so you don't get to modify the kernel.
Immutible linux distros were also immune, but mutible distros (most of the mainstream ones) were not.

Re:

[caseih]

Not quite. On Linux, crowdstrike uses the ebpf mechanism to do its work, not deep, pre-boot kernel hooks like it uses on Windows.

Re:

[thegarbz]

Crowdstrike managed to cause Linux kernel panics and boot problems before the Windows issue. RedHat explicitly issued a customer notification about the EBPF module being the cause.

Also Windows supported EBPF but Crowdstrike simply didn't use it.

Re:

[kurkosdr]

This is btw the reason why you shouldn't let third parties into the kernel. If you give them the easy way out (keep third-party kernel code they've been using since the 90s), they'll take the easy way instead of using the OS APIs. On MacOS, where the easy way isn't possible, the Crowdstrike bros have to use the OS APIs.

Weakening PatchGuard in x86-64 versions of Windows to make the job of AV vendors easier was a terrible mistake by Microsoft, it allowed AV vendors to keep letting themselves in the kernel

Re:

[bsolar]

Weakening PatchGuard in x86-64 versions of Windows to make the job of AV vendors easier was a terrible mistake by Microsoft, it allowed AV vendors to keep letting themselves in the kernel (as they've been doing since Windows NT 4.0), with disastrous consequences (the Crowdstrike incident, for example).

The problem for Microsoft is that they are not only the OS vendor, they are also a vendor of paid AV products. Microsoft's AV products make Microsoft a competitor in the software security market against third-party AV vendors.

Due to anti-trust concerns, Microsoft could not really just prevent third-party AV vendors out of the kernel while at the same time keeping said access for their own product, so the decision was either everyone out - themselves included - or everyone in.

Apple didn't have the same anti-

Re:

[kurkosdr]

Yes, I was informed by another person here that Microsoft also injects Windows Defender code into the kernel with a driver called WdFilter. So, I guess they'll have to clean up their own act before demanding it from third-party AV vendors. That is, if they want to make good on their promise of getting AV vendors out of the Windows kernel (and that's a big "if").

Re:

[thegarbz]

This is btw the reason why you shouldn't let third parties into the kernel.

To be clear, this is why you *the user* shouldn't let third parties into the kernel. The Apple approach, and the way Microsoft is going of taking that option away from your control entirely and stepping yet further into territory of what you can do with your computer is a cure worse than the disease.

Sidenote: I wrote a utility to read out motherboard information using librehardware monitor and transmit it to a controller over USB. Microsoft just marked that code, code that I compiled and vetted myself as ma

Re:

[serafean]

> Crowdstrike supports MacOS endpoints as well so there's no reason this couldn't happen on a Mac.

yes there is: 3rd party kernel extensions are not allowed on mac, so to get the machine into an unbootable state is quite unlikely.
All security software can do on macos is hook itself into apple's APIs (System extensions and Network extensions in Apple nomenclature), which provide it with events.
From what I heard, MS will be going the same way long-haul.

Think fanotify and nfqueue APIs on Linux.

Re:

[mysidia]

However... It's still possible for Crowdstrike to do something stupid that brings a system to its needs.

The software is able to block a file from being opened or read, for example. Now what happens if Crowdstrike suddenly detects _EVERY_ file as malicious and starts preventing the system reading any files at all? For example.. the Browser.. the Windows manager.. the Launcher, Desktop, etc.. Any programs that have to run in order for the user to successfully log in and use their system.

Re:

[gweihir]

Crowdstrike also supports Linux. Yet there is no way this could happen on Linux. Why? Because Crowdstrike uses a sane design on Linux via the eBPF. No idea what they do on OS-X, but your statement is without insight.

Re:Matthew 7:3

[sizzlinkitty]

Crowdstrike has taken down linux systems at least twice in the past that I remember. This is a link to the most recent event.

https://www.theregister.com/20... [theregister.com]

Re:

[gweihir]

Yes. Bit not ion the same way they took down Windows. Details matter very much. On Linux, you had a few minutes after boot before the crash. That allows automatic fixes. On Windows, no login was possible. And if you had done _any_ research, you would know that.

Re:

[thegarbz]

Crowdstrike literally caused this to happen on Linux multiple times in the past. RedHat even issued a notification on it telling people how to get their systems to boot again.

Also Windows supports eBPF, Crowdstrike chose not to use it.

Re:

[gweihir]

I do not know where you get your information, but it is crap. On Linux you could reboot and then had a window for login. That allows automated fixing. On Windows, no login was possible.

Re: Matthew 7:3

[anonymouscoward52236]

On their video: Comments are turned off. LOL!

Of course they are. Can't have opposition to the Apple Borg walled garden.

Re: Matthew 7:3

[bobmagicii]

considering how gross os 26 is i'm sure they will accidentally eat their own at some point.

Re:

[jenningsthecat]

At a certain point this passes from advertising into propaganda.

There's a difference?

I'm being serious here. I suppose some small portion of advertising avoids being propagandistic, but IMHO the vast majority of it is exactly that.

8 minutes?

[Fly Swatter]

Sure maybe for an infomercial. Who would willingly watch a 'commercial' that is 8 minutes long?

Re:

[93 Escort Wagon]

Yeah, at first glance I'd suspect this is/was intended for one of their "fan" events, like WWDC.

Re:

[Petronius]

Bingo. They needed a TikTok video. They're completely out of touch.

Re:

[cusco]

Apple fanbois.

Re:

[sizzlinkitty]

I was starting to fast forward at the 4 minute mark..

Critics, critics, critics....

[FrankSchwab]

Cute commercial.

The concept is good, the execution is bit too awkward in spots. I would bet that we see some 30 second commercials riffing on the same themes over the next couple of months.

Re:

[supremebob]

No, it was pretty cringe worthy and stupid. It insulted my intelligence, and it was 8 minutes of my life that I want back.

But... the timing on it is pretty good. Millions of people are getting notices on their Windows 10 systems this month that they're no longer supported, and they're probably going to get new computers anyway. Might as well be a Mac.

Re: Critics, critics, critics....

[tiananmen tank man]

Then you're also needing to find new end user software cause the windows programs don't run on Mac OS

Re:

[ole_timer]

on parallels they do...

Re:

[cusco]

The average Mac user would never be able to figure it out, much less someone who just changed operating systems and is still trying to figure out how to add their frelling printer.

Re: Critics, critics, critics....

[drinkypoo]

The timing of an attack ad is good, but people have short memories, so the timing of THIS ad is crap. They should have released an ad like this within a couple of weeks of when clownstroke failed.

Double standards

[SeaFox]

No one would be complaining if a Linux vendor released a commercial like this to promote their OS. Instead the comments here would be filled with I.T. professionals talking about the CrowdStrike event, and how all the Windows systems were dead in the water but their *nix-based ones were humming along.

Re:

[kurkosdr]

Exactly. Windows and Linux are stuck in the past by allowing third parties into the kernel. The ad is as cringe as it gets, but the facts are there.

For those who still don't get it: If an OS vendor doesn't control the kernel, the OS vendor can't prevent kernel panics, no matter how good the OS vendor's code is.

Re:

[gweihir]

For those who still don't get it: If an OS vendor doesn't control the kernel, the OS vendor can't prevent kernel panics, no matter how good the OS vendor's code is.

The one that does not get it is _you_. System security is the responsibility of the system administrator. The OS vendor is just somebody that provides reasonable means and reasonable defaults (or not as in the case of Microsoft).

Re:

[kurkosdr]

This is the third comment where someone assumes the system administrator has a choice. PROTIP: They don't. If the administrator needs to enable some expensive hardware to work (say, some expensive NVIDIA GPU/AI accelerator the company has bought) and that hardware requires third-party code in the kernel, the administrator has to allow that third-party code in or get fired. Similarly, if you have to run some AV (Crowdstrike is required for compliance in some cases) and that AV requires third-party code in th

Re: Double standards

[drinkypoo]

Clownstroke is not required for compliance, there are other tools which do what it does.

Re:

[kurkosdr]

Doesn't matter, if your boss has already purchased 400 licenses of Crowdstrike to meet compliance needs (because it's the most popular AV or has the best marketing campaign or whatever), it's your job as an administrator to make it work. You, the administrator, don't have a choice. In other words, all those administrators who installed Crowdstrike on all those Windows boxes didn't really have a choice.

Also, most AV vendors on Windows (even consumer-oriented ones) do what Crowdstrike does (they let themse

Re:

[drinkypoo]

Nonetheless, there were organizations which did drop them after their big no input validation fuckup.

Re:

[kurkosdr]

They promptly moved to another AV vendor that injects their own third-party code into the kernel, which could also potentially cause a Crowdstrike-like incident in the future. And the administrator still doesn't have a freakin' choice but to allow that third-party code in (or get fired).

Re:

[drinkypoo]

They promptly moved to another AV vendor that injects their own third-party code into the kernel, which could also potentially cause a Crowdstrike-like incident in the future.

Yes, they could, if they are as incompetent as Clownstroke is, and they do not validate input to make sure it is even vaguely close to valid. That is a real problem whose likelihood we cannot evaluate because we are discussing closed source software, but one at least hopes that they learned something from the debacle.

And the administrator still doesn't have a freakin' choice but to allow that third-party code in (or get fired).

Moving the goalposts. We were talking about getting ride of Clownstroke.

Re:

[kurkosdr]

Yes, I oversimplified there (should have said "AVs like Crowdstrike"), my bad. But my initial point stands: Windows and Linux are stuck in the past by allowing third parties into the kernel. The administrator doesn't really have a choice on what third-party code they allow into the kernel, so if an OS vendor allows third parties into the kernel, the OS vendor can't prevent kernel panics, no matter how good the OS vendor's code is.

Re:

[fafalone]

Microsoft hasn't actually dropped km defender crap like WdFilter last I heard.

Re:

[kurkosdr]

Ah, crap, then I guess they'll have to clean up their own act before demanding it from third-party AV vendors. That is, if they want to make good on their promise of getting AV vendors out of the Windows kernel (and that's a big "if").

Re:

[mysidia]

Third parties don't belong in the kernel even on Linux. There IS an alternative.

That is up to you as the administrator to reject vendors who don't use the alternative and want to send you a custom kernel driver instead.

Re:

[kurkosdr]

Crowdstrike is required for compliance in some cases, so the administrator doesn't have a choice: install Crowdstrike or get fired. So, I'd rather the OS vendor not allow third parties into the kernel in the first place. Crowdstrike exists for MacOS too, but they use OS APIs, they don't let themselves into the kernel (because they can't).

Re:

[sizzlinkitty]

Just FYI, Compliance frameworks only call out the controls that need to be in place, they don't recommend products to fulfill those controls, that's left up to the organization.

Re:

[kurkosdr]

And one cheerful Monday, the administrator walks into the office and learns the "happy news" that the company has purchased 400 licenses of Crowdstrike to meet compliance needs (because it's the most popular AV or has the best marketing campaign or whatever), and it's your job as an administrator to make it work. You either make Crowdstrike work or get fired, they aren't cancelling the purchase anyway. Do we understand now why all those administrators who installed Crowdstrike on all those Windows boxes did

Re:

[caseih]

Crowdstrike uses eBPF on Linux, so it doesn't require a third-party kernel module as far as I understand it. In other words they use a kernel-provide API to do their detection work on Linux, much like they do on macOS.

Re:

[kurkosdr]

Still, Linux has its own important third-party vendors that require to be let in the kernel. Nvidia (I think) does this if you want to use their proprietary drivers. Imagine a Crowdstrike-like screw-up making all those computers in all those AI datacenters (relying on Nvidia GPUs and hence Nvidia's proprietary drivers) unbootable. This is why I said Windows and Linux are stuck in the past by allowing third parties into the kernel.

Re:

[thegarbz]

Exactly. Windows and Linux are stuck in the past by allowing third parties into the kernel.

I prefer not to have someone dictate what code I can and can't execute on my machine thanks. Allowing 3rd parties into the kernel on Linux is not a bug, it's a feature of an open ecosystem.

If you need a nanny Tim Cook is more than happy to embrace you in his loving bosom.

Re:

[kurkosdr]

Out there in the real world, it's not you who decides what third-party code you invite to the kernel, it's either some hardware vendor whose peripheral happens to be in your laptop or some AV vendor whose AV you have to run (Crowdstrike is required for compliance in some cases). So, I'd rather the OS vendor not make this possible in the first place. Crowdstrike exists for MacOS too, but they use OS APIs, they don't let themselves into the kernel because they can't.

Re:

[ole_timer]

macos IS a linux-based distro of BSD thanks to Jobs and NextOS...

Re:

[Predius]

Those words don't go together as a sentence like you think they do. Now, if you want to talk about a mach microkernel with a userland originally derived from FreeBSD you'd make more sense. No linux involved.

Re:

[Valgrus Thunderaxe]

Linux-based distro of BSD? Please explain.

Re:

[kurkosdr]

There is a faction of Linux fanbois that believes all Unix OSes are "Linux distros". No, it doesn't make sense, but apparently it's a thing on Slashdot.

Re:

[sizzlinkitty]

Linux? Did you hit your head while climbing underneath your desk to unplug your AS400? Go take a look at FreeBSD and the fork called Darwin, that is where MacOS originally came from.

Re:

[_merlin]

It isn't a fork of FreeBSD, the kernel is descended from CMU Mach, and it had a BSD userland tacked on. It definitely isn't Linux, though.

Who Is The Audience?

[SlashbotAgent]

Who is the audience for an 8 minute commercial?

I'm certainly not watching it. I doubt their putting that on TV either. So, WTF?

Re:

[Anonymous Coward]

Who is the audience for an 8 minute commercial?

I'm certainly not watching it. I doubt their putting that on TV either. So, WTF?

Trade shows

Re:

[dcooper_db9]

They don't need anyone to watch it. Just to talk about it.

Mission accomplished

Re:

[SlashbotAgent]

Is it true that it's full of furries?

And Still...

[zenlessyank]

Fuck Apple.

Boring

[Bahbus]

And useless. MacOS is not a professional, business OS. Never has been, and never will be. If you can't, or won't, use Windows, then the only real alternative is some flavor of Linux.

Lack of information....

[FrankSchwab]

It's almost like you missed the the other story on the front page today:
https://apple.slashdot.org/sto... [slashdot.org]

But being the smart, informed person you are, I must be mistaken.

Re:

[Bahbus]

First of all, that is not a front page story from today, but from a week and a half ago.

Secondly, I don't care what businesses are actually doing. if their CIOs want to be complete retards by increasing the usage of MacOS, that's on them and their companies.

Re:

[ArchieBunker]

You never actually say what's wrong with MacOS.

Re:

[fluffernutter]

I'll say a couple things. The launch bar is awkward to use and is stuck in the 90s. I found arranging windows very difficult because there is no grid system and if you fullscreen an app you move to a different screen with no desktop. Also the menu at the top doesn't make sense on high definition screens. Everything should be in the dialog menu but it seems like Apple wanted to remove things from the dialog menu instead of putting them in the most convienent place. I have more but that's enough for now.

Re:Lack of information....

[Bahbus]

-Upfront and repair costs
-Apple security is nowhere near as good as the average user (or seemingly the average CIO) would think it is
-Even if the Macs are easier to manage in and of themselves (they're not), they're absolutely terrible to manage in a mixed environment
-Does not play nice, if at all, with most of the rest of the hardware and software that businesses need or use

If you want a "workstation" that is easy to manage on a network, doesn't require crazy super Windows specific software, and works on any hardware the answer is Linux. Preferably, a Fedora Atomic based image customized to the employees role. Employee can choose between GNOME (if they prefer Macs) and KDE (if the prefer Windows). Easy to roll out, easy to manage, and basically impossible for the user to fuck it up in any way, and even if they somehow do it can be solved in under 10 minutes.

Re:

[ArchieBunker]

What makes something a "business OS" ?

Re:

[cusco]

How about "something that is interoperable with most of the hardware and software the enterprise uses, the ability to be centrally managed by the IT department, follows standards and conventions of the computer industry so that any user can sit down and be productive without training, and which can secure corporate digital and physical assets"? Apple doesn't hit ANY of those points. Until recently Apple products have been relegated to non-critical departments like Marketing which never touch high value

Re:

[ArchieBunker]

MacOS is a mostly POSIX compliant unix based operating system. It should work as well as linux.

Re:

[cusco]

The only nod that Apple makes to manageability is it can authenticate to an LDAP directory, no user profiles, no group policies. Won't run any of the building management or security programs that I've worked with, and won't even display typical security video correctly (probably because it's such a low frame rate). Engineering programs are flaky at best, when they'll work at all. Even using USB it won't talk to security hardware, can't plug into a wired network, has no file control equivalent to NTFS. I

Re:

[Bahbus]

Combination of what cusco said, and, to a lesser degree, the second half of my other reply to you.

Re:

[sizzlinkitty]

It's got to be the games and other pup's Microsoft pushes down at a whim that make it a "Business OS".

I've banned Microsoft Windows from the last 3 companies and I'll continue doing it until I retire. Windows is difficult to control and protect, which is why I will always buy a macbook pro over the highest end windows dumpster fire.

Re:

[Bahbus]

I'd rather skip the Apple tax altogether and choose my own hardware and choose something that actually plays nicely with all other hardware - Fedora Atomic distros. I would never pay $1600-3000 for hardware that costs less than $800.

Re:

[ratbag]

Just used my last mod points for the day. Here, have a personalized "TROLL" message, lovingly crafted by our artisans.

Re:

[sizzlinkitty]

I haven't heard anyone refer to MacOS (OSX) as not being business class in over a decade, not since a study from around 2011-2012 proving companies pay more money to have Microsoft on their endpoints over the TCO of Macbook's. Microsoft products take more time to deploy, support, and defend than Apple products.

Re:

[Bahbus]

I'm not necessarily advocating *for* Microsoft either. It's what a lot of people are stuck with because a lot of businesses have custom built software that they don't feel like spending the money to try and upgrade. But I stand by my statement that Apple is not suited for business - at least not big, corporate business. Maybe it's fine in smaller businesses.

Unpopular opinion

[kurkosdr]

Windows and Linux are stuck in the past for allowing third parties into the kernel.

The ad is cringe, but the facts are there.

Re:

[Bahbus]

I use a version of Linux that doesn't allow any third parties into the kernel at all, for any reason. It's completely immutable. Which is even better than anything MacOS does.

Re:

[kurkosdr]

What is the name of that version of Linux? Also, "immutable" doesn't necessarily mean "doesn't allow third parties into the kernel", since the kernel can be patched in-memory. So, the OS installation is theoretically immutable, but what runs in memory isn't. This is where Microsoft went wrong: They made system files immutable in Windows NT, but third parties simply patched the kernel in-memory (using kernel-space drivers). Then PatchGuard was introduced to fix this problem (in x86-64 versions of Windows), b

Re:

[Bahbus]

I'm using Bazzite, built by Universal Blue which is based off of Fedora Atomic Desktop. And yeah, you can't really install kernel-space drivers. I mean, technically, you *can*, but you'd have to custom build a new OS image in order to do so, and then update and reboot into it. And if you accidentally fucked up super hard in some way, you can just boot right back into the rollback before you did anything.

Re:

[kurkosdr]

Nice to know, though most mainstream distros are mutable, unfortunately. This means that "important" third parties such as Nvidia can demand and will be let into the kernel in those distros.

Re:

[Anonymous Coward]

Linux is in fact way in the future. Immutable if you want it, temporarily mutable it you really need it, totally mutable if you're kernel hacking or similar. Neither Windows or MacOS can match all three of those points.

Re:

[gweihir]

Dumb opinion, you mean. Linux does "allow" things into the kernel if the system administrator explicitly wants so. It is a very rare thing these days. Not even Crowdstrike requires that on Linux. They run via eBPF from userspace. The problem on Windows is that there are no sane in-kernel services for many things, because Microsoft does absolute minimum they think they can get away with and sometimes less. That problem is not present on Linux.

What a joke

[Revek]

I have some macs in a public environment that I'm responsible for. We have had a number of them crashed by people trying to get remote access to them. The machines have deepfreeze installed and when they try their exploit it kills the installation. So when I think of mac I think of poorly supported software that is easy to exploit/kill.

Just . . . bad.

[thecombatwombat]

It should have been two minutes long. It should have included John Hodgman. It should have come out a least a year ago.

Infeasible to use mac for anything infrastructure

[mukundajohnson]

You'll just get screwed by the rigorous updates and deprecations not caring for the mountain of legacy software out there.

The fucked-in-the-head thing is not the "PC".

[gweihir]

It is the PC running Windows.

Scathing Retort Dilbert Latestein

[kurt_cordial]

...or should I say BSODBert Latestein?

Undoing erroneous mod

[x_t0ken_407]

n/t

Eight minute commercial?

[paul_engr]

That's not a commercial

The video is actually pretty good.

[Qbertino]

It tries a tad to hard to be hilarious and is obnoxious in that way but overall the whole short film does lean into the major system level difference between W1ndows and macOS. It also shows how someone might actually solve the problem by quickly switching to macOS. They cleverly plug the Mac Mini as a gateway device for this. Which it actually in reality often is.

It pushes the diversity shtick/fad a little hard (the masOS geek that saves the day is a women - because of course _she_ is), but she is exaggera

macos is sorta linux

[ole_timer]

The core of macOS, its open-source operating system Darwin, has a clear and direct ancestry to Unix through BSD and NeXTSTEP. Linux is a completely independent re-implementation of Unix principles, making macOS and Linux more like distant cousins than direct relatives.

OK OK OK

[0xG]

I'll switch all of the windows servers in my datacenter to macs.
How does that work?

Re:

[Bahbus]

Check out https://universal-blue.org/ [universal-blue.org] and their various images depending on which suits your situation more.