Windows should NEVER blue screen for third-party software. This is definitely as much Microsoft's fault as anyone's.

Maybe Microsoft doesn't offer an ABI or whatever other access is needed for the CS module. So there's some work that needs to be done on the kernel to enable the functionality to run in user space. Third-party libraries should not have privileged access to the kernel internals.

In this case, the CloudStrike kernel module attempted to read a bogus data file and crashed. The Windows kernel should detect the module crash, inform you in some meaningful way, but continue to boot. Maybe even in some limited execution model, but not a blue screen.

CloudStrike should have tested better. A LOT better. Multiple layers of tests better. They should most definitely take serious their obligations to the millions of customers that are affected by this. But Microsoft needs to own some of the responsibility too, by allowing a 3rd party kernel module to even be able to bring down its system. Just because the program was signed, doesn't mean when it crashes, Windows should crash with it.

> Windows should NEVER blue screen for third-party software. This is definitely as much Microsoft's fault as anyone's.

It's Microsoft's fault that someone wrote drivers for its OS?

It is Microsoft's fault that computers running Windows caused 911 systems to fail, surgeries to be postponed, flights to be canceled and so on. Yes, a third party was involved, but why didn't Microsoft have a system for vetting third parties before giving them kernel access?

Apple won't let you add an app to their app store without a vetting process. Microsoft lets you alter the kernel without a vetting process? How many people died today because they didn't get surgeries and because of failed 911 calls?

And what responsibilities do hospitals and 911 centers or the makers of products to these institutions have for running mission critical software properly? At the bare minimum these systems should have been air gaped.

Microsoft is not recommending to run software that monkey patches kernel for mission critical applications or run them on public networks like this. Does your car download software like this and crash on the road because of faulty update?

Time and again we keep seeing down times at hospitals due to ransomware or hacks, when will these institutions that people trust their lives with, take their IT posture seriously rather than blame anyone else.

> Windows should NEVER blue screen for third-party software.

Agreed, it's a Windows weakness. It should be improved. But if the system boots normally even if something like CrowdStrike fails, then you create other problems, which may be more serious than a BSOD.

I don't put the blame on Microsoft because enterprise customers should know how Windows works. Should we use Windows and some low level, 3rd party, remotely updated software (without a slow, controlled rollout) if you can't have BSODs? Yeah...

It's a big "cock up". I blame mostly CrowdStrike because they're the ones who messed up. Then we have those who decided to use Windows with CrowdStrike even on very sensitive systems. Microsoft is at fault for creating an OS with this weakness, but this is how Windows works... if it's not good enough for the task, don't use it.

> CrowdStrike's mess up is CrowdStrike's fault, not Microsoft's.

Disagree. It is everyone's fault. It is CrowdStrike's fault for not testing their product. It is Microsoft's fault for allowing CrowdStrike to mess with kernel and not vetting such critical third parties. It is the end customers' fault for installing crapware and not vetting the vendor.

We expect different things from the OS we use, I guess.

My main machine is a Macbook Pro and one thing that annoys me a lot is the way Apple handles apps that are not notarized. I don't use iPhones because of the system restrictions (file access, background running, etc) and because I can only install what Apple allows on their store. You can see why I don't want Microsoft to hold my hand when I use Windows... it's my machine, I paid for it, I should be able to install crapware and extend the system functionality if that's what I want especially when I pick an OS that allows me to do that.

In this case, enterprise customers decided to use an OS that allows them to also use CrowdStrike. Maybe Microsoft could handle this stuff better and not show a BSOD? I guess so, but I won't blame them for allowing these tools to exist.

Don't get me wrong, there's a place for very restrictive operating systems like iOS or ChromeOS, but they're not for everyone or enough for all tasks. Windows is a very capable OS, certainly not the best option for everyone, but the day Microsoft cripples Windows like that, it's the day I am forced to stop using it.

> be Microsoft could handle this stuff better and not show a BSOD?

How would the OS differentiate between a compromised agent and a faulty one ?. Do you want the OS to continue boot when it is potentially compromised ? That is likely to cause a lot more damage than yesterday did.

so now we're vouching for more restrictive operating systems? the last thing I want is an operating system that can only install vetted apps, and that these apps are restricted even if I provide my root password.

Allowing an application to run with privilege is different than allowing an application to crash the kernel. These are two different things.

CloudStrike is effectively running as a Windows kernel module. Which in Windows, might as well be the Windows kernel itself. There should be a deliberate difference between things that a bare operating system needs to function vs. things which are allowed to execute in a privileged manner.

This isn't a restrictive operating system. You have to trust your operating system vendor just a little more than you trust the 3rd party software installed on it.