MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.
Issue link: https://digital.macdirectory.com/i/1525170
Another downside is the sheer technical risk. EDR software like Falcon gains its omniscience by being tightly integrated into the core of Microsoft Windows: the fundamental software that controls most of our computers. This is why it could cause the crashes we saw in the first place. As a maker of highly privileged software, CrowdStrike had a responsibility to ensure its updates were safe. It demonstrably failed and we should all demand much higher standards of accountability from the makers of critical software. Privacy tradeoffs All of these issues have been widely canvassed in the days following the incident. Less discussed have been the privacy tradeoffs. If you ask a cyber security professional to name what type of software spies on everything you do on your computer, chances are they’ll name spyware before mentioning EDR. Spyware is malicious software hackers install on victims’ computers to capture sensitive information, such as passwords, banking information, or nude photos, among other things. Indeed, some privacy-conscious computer scientists equate EDR with spyware. As with other forms of corporate surveillance, there is a clear tension between the individual right to privacy and the organisational imperative to protect itself from cyber intrusions. EDR technologies have been rolled out across major organisations with little debate about their impact on user privacy and trust. This outage may provide an opportunity to finally have those debates. Is there a better way? In the wake of this incident it’s worth considering whether the tradeoffs made by current EDR technology are the right ones. Abandoning EDR would be a gift to cyber criminals. But cyber security technology can – and should – be done much better. From a technical standpoint, Microsoft and CrowdStrike should work together to ensure tools like Falcon operate at arm’s length from the core of Microsoft Windows. That would greatly reduce the risk posed by future faulty updates. Some mechanisms already exist that may allow this. Competing technology to CrowdStrike’s Falcon already works this way. To protect user privacy, EDR solutions should adopt privacy-preserving methods for data collection and analysis. Apple has shown how data can be collected at scale from iPhones without invading user privacy. To apply such methods to EDR, though, we’ll likely need new research. More fundamentally, this incident raises questions about why society continues to rely on computer software that is so demonstrably unreliable. Especially in Australia where we are internationally recognised world leaders in engineering highly secure computer systems, such as those that protect highly classified information. In the long term, we should reduce our dependence on invasive technologies like EDR by focusing our efforts on building software that’s reliable and secure in the first place.