It has comparable access, yes, but assuming no malicious intentions, it’s extremely unlikely that they achieve something as catastrophic.
If they fucked up in a similar fashion, that would cause your PC to bluescreen, too, but since League does not start up during boot, you could still use your PC, just not League.
This is correct, as in windows a driver is the most straightforward method to runlevel0 access. It absolutely could at any time do exactly what crowdstrike did. But also so could Nvidia/amd with GPU drivers, your motherboard manufacturer with chipset and RGB drivers, etc. it’s not quite the smoking gun people make it out to be, as there are a lot of legitimate reasons to have this kind of system access.
The egregious part was that crowdstrike users agreed to allow a vendor to bypass canary channels and deploy straight to their endpoints.
One important thing about CS was that it’s also marked as a boot-start driver. That flag tells the OS that it can’t boot without it no matter what happens, aside from safe mode, and iirc if your driver doesn’t have that flag, which drivers probably shouldnt have, from how I understand it if such a boot loop would happen due to a faulty non-boot-start driver, the system will recognize that and simply disable it.
And that’s the problem, like CrowdStrike Vanguard will update itself in the background unlike your GPU driver which you need to go through an update process explicitly, so if the same thing happens where they pushed a bad update, the same outcome of causing failed boots without prompt could happen.
Does Vanguard not seek testing and validation by Microsoft before pushing updates?
I saw the recent video from the Task Manager designer Dave’s Garage on YouTube, lack of thorough official validation seemed to be an important part of the CrowdStrike problem.
Microsoft testing updates?
They have an extremely bad track record of that.
My information might be a bit outdated, but Microsoft themselves only test on virtual machines and let their Windows Insiders to the rest. Unfortunately that doesn’t include many use cases in production.
So we sysadmin have to either test all Microsoft software/updates ourselves and/or fix mistakes from Microsoft after it was rolled out.
That has caused thousands of hours of downtime this year alone in my company. All users combined that is.
Unfortunately management just believes whatever the sales/marketing teams tell them.
What non algorith streaming sites are there? The reason these people appear to be in the majority is because most people who agree wont post " i agree with the protests" under those yea but windows amd etc get through the microsoft driver signing wich is the process where microsoft checks if the drivernis broken or not. The crowdstrike driver got its updates via microcode. Think off the driver as a engine that runs code from a file. The druver was signed but the code it exevuted was broken. I dont know how vanguard handels updates but i guess they take a similar approach as crowdstroke did and only got their “engine” signed but kot the actual code that the driver executes. Else they need to resign their driver every time they donupdates and that wouöd be costry and slow.
Of course it’s not a smoking gun. That’s the wrong metaphor. It’s an extra stick of dynamite that isn’t needed, just waiting to explode at the flip of a coin. That there are other sticks of dynamite doesn’t negate the risk posed by this one.
Riot Vanguard is an on-boot application. That means if you do choose to disable it and later decide you’d like to play VALORANT, you will have to restart your computer.
I guess, it’s only user-space drivers which Windows can load at runtime then?
At least, I’m hoping that’s a technical limitation of Windows. Otherwise, this is fucking stupid.
Well, it always is fucking stupid, but it would be even more so.
It has comparable access, yes,
but assuming no malicious intentions, it’s extremely unlikely that they achieve something as catastrophic.If they fucked up in a similar fashion, that would cause your PC to bluescreen, too, but since League does not start up during boot, you could still use your PC, just not League.Nope.
Vanguard doesn’t care if LoL or valorant or any other game is running. Vanguard is in your kernel and will be starting regardless.
This is correct, as in windows a driver is the most straightforward method to runlevel0 access. It absolutely could at any time do exactly what crowdstrike did. But also so could Nvidia/amd with GPU drivers, your motherboard manufacturer with chipset and RGB drivers, etc. it’s not quite the smoking gun people make it out to be, as there are a lot of legitimate reasons to have this kind of system access.
The egregious part was that crowdstrike users agreed to allow a vendor to bypass canary channels and deploy straight to their endpoints.
One important thing about CS was that it’s also marked as a boot-start driver. That flag tells the OS that it can’t boot without it no matter what happens, aside from safe mode, and iirc if your driver doesn’t have that flag, which drivers probably shouldnt have, from how I understand it if such a boot loop would happen due to a faulty non-boot-start driver, the system will recognize that and simply disable it.
And that’s the problem, like CrowdStrike Vanguard will update itself in the background unlike your GPU driver which you need to go through an update process explicitly, so if the same thing happens where they pushed a bad update, the same outcome of causing failed boots without prompt could happen.
Does Vanguard not seek testing and validation by Microsoft before pushing updates?
I saw the recent video from the Task Manager designer Dave’s Garage on YouTube, lack of thorough official validation seemed to be an important part of the CrowdStrike problem.
Microsoft testing updates? They have an extremely bad track record of that.
My information might be a bit outdated, but Microsoft themselves only test on virtual machines and let their Windows Insiders to the rest. Unfortunately that doesn’t include many use cases in production.
So we sysadmin have to either test all Microsoft software/updates ourselves and/or fix mistakes from Microsoft after it was rolled out. That has caused thousands of hours of downtime this year alone in my company. All users combined that is.
Unfortunately management just believes whatever the sales/marketing teams tell them.
What non algorith streaming sites are there? The reason these people appear to be in the majority is because most people who agree wont post " i agree with the protests" under those yea but windows amd etc get through the microsoft driver signing wich is the process where microsoft checks if the drivernis broken or not. The crowdstrike driver got its updates via microcode. Think off the driver as a engine that runs code from a file. The druver was signed but the code it exevuted was broken. I dont know how vanguard handels updates but i guess they take a similar approach as crowdstroke did and only got their “engine” signed but kot the actual code that the driver executes. Else they need to resign their driver every time they donupdates and that wouöd be costry and slow.
Of course it’s not a smoking gun. That’s the wrong metaphor. It’s an extra stick of dynamite that isn’t needed, just waiting to explode at the flip of a coin. That there are other sticks of dynamite doesn’t negate the risk posed by this one.
Huh, seems like you’re right:
https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard
I guess, it’s only user-space drivers which Windows can load at runtime then?
At least, I’m hoping that’s a technical limitation of Windows. Otherwise, this is fucking stupid.
Well, it always is fucking stupid, but it would be even more so.