CrowdStrike's Falcon software is also hitting Linux-powered computers.

Action
CrowdStrike's Falcon software is also hitting Linux-powered computers.

Some people thought that only PCs running Windows were hit with a BSOD (Blue Screen of Death) during last week's IT disruption caused by a bug in anti-hacking software. However, it turns out that CrowdStrike's Falcon program has caused similar damage to Linux systems, bringing down client and server machines.

The fact that it is not just a Windows problem is noteworthy, given the self-praise posted by many people on Linux systems on Friday.

The news that CrowdStrike's woes are not limited to Windows installations confirms what was already suspected in last week's IT outage reported by the Register and spread worldwide. The application in question, CrowdStrike Falcon, is essentially an anti-hacking/anti-malware package used by countless companies, government agencies, and services large and small.

A bug update to the program caused Windows PCs to experience a stoppage error known as a BSOD (Blue Screen of Death) that kept recurring every time they tried to boot. Microsoft took action and created a recovery tool to resolve the affected computers, and Crowdstrike CEO George Kurtz was very apologetic about the entire incident.

But behind the news headlines with their endless BSOD pictures was the little-reported fact that Linux systems were also affected by the Falcon bug; RedHat has reported that CrowdStrike's software caused a kernel panic ( Linux equivalent of a Windows stop error), and Register noted that previous Falcon updates had done the same thing on Debian and RockyLinux.

Software bugs are so common that anyone who uses a computer accepts them as part of the modern IT world. However, there is a big difference between an application with a few glitches and one that brings the operating system kernel to a halt; this difference is even more important when one considers how widely used CrowdStrike's software is.

I have never been in a position where I had to manage a huge network of computers providing mission-critical services, but I have taken care of a few small computers back when the stability of Windows and its updates was really unstable In such cases, the entire system would be in a state of disarray. In such cases, I have pushed updates to only one test machine, leaving the rest of the network with the previously tested update, just to make sure there were no changes that would render the entire system unusable.

I should imagine this is a common practice, but after seeing the extent of the impact of the Falcon update on Friday, it is probably not as common as I would like to think. I'm not saying that this problem is the fault of IT system administrators (blame can be placed on CrowdStrike), but if you manage a system that can't be taken down for any reason, you wouldn't let the update roll out without testing it first.

Whether this CrowdStrike outage will be the worst in history remains to be seen, but I am certain of a few things: CrowdStrike's market value will plummet and IT managers will be very wary of the company's software in the future.

Categories