SEATTLE (KOMO) — Microsoft and a Seattle-based internet security firm both said Friday that the "CrowdStrike" update was not reflective of a cyber attack and should not cause people to stop automatic updates.
“Basically, it was a bad update,” said Corey Nachreiner, the Chief Internet Security Officer for Seattle-based Watchguard.
RELATED | Worldwide tech outage disrupts Sea-Tac flights, banks, KOMO News and more
“It's basically enterprise-grade anti-malware software that can go on everything from computers, mobile phones, those kiosks you have in the airport, even ATM, you may not realize runs Windows and may have the security software,” Nachreiner said about the update, which was pushed out late last night to CrowdStrikecustomers around the globe.
Instead, the update crippled major Windows-based customers, from airlines to banks, and from government offices to hospitals.
“That application that got installed is doing its own communication with CrowdStrike servers to get regular updates. It's the nature of cybersecurity software that it has to stay up to date, because attackers are always rapidly evolving their attacks and techniques and changing things,” said Rob Lefferts, the Microsoft Corporate Vice President of Threat Protection.
Lefferts and Nachreiner described the update as "endpoint" protection, meaning that it goes directly to laptops and servers that subscribe to the CrowdStrike updates.
ALSO SEE | What is CrowdStrike? A look behind the global tech glitch
“For Microsoft, and really any company that does regular updates, there's guardrails and safety practices in place to make sure that those updates are safe. In particular, a lot of what those updates are doing is keeping, keeping customers secure from attackers all over the landscape. If you turn off those updates, you'll actually not stay up to date and not actually be ready to defend yourself or that laptop to be safe,” said Lefferts, noting that he did not believe there was any immediate concern to banking systems or other personal information.
CrowdStrikehas posted that users should boot their computers in "Safe Mode" and delete the update.
“It really shows that there needs to be focus and accountability on the security industry,” said Nachreiner, noting that there is a lesson in how companies post updates. “We have this staged rollout process where we start with what's called a friends and family beta, where we don't give software updates to everyone at once, rather our employees people, we're connected to partners get it first, then we spend time making sure it's working."
MORE | Widespread computer disruptions should be wake-up call to companies, expert says
“I don't want people to think they should turn off updates for security software, because the reason we release updates very regularly is to fight the cat-and-mouse game with new techniques. It is really our industry that needs to make sure we improve and do very well at our quality control, rather than customers actually turning off the update capabilities,” Nachreiner said.
ncG1vNJzZmihlJa1sLrEsKpnm5%2BifK%2Bx1qxmp5mknryvedaoqaWcX6K2pL7OrKafrF2YxqOx0aycnK2insG6ecSxp56qpKh6psTPpZiipl2Yv7DDw6yrq6Gbmnqku8ulmKmrlWKutsDOZqypnJGpsm6y1K2sq51dmLyvr8Srpaxll6G8o63LZquem5hiwaavx6empaeXrnqwwdOanp5ll6G2ta%2FHZp6rp6WjsaawjJ%2Bjop%2BYqcBursCnoqxlnZqxqq2MpKamp12jsri%2FjJupqJmUmK60wIysn6ivXai8p8DWmqmeZaWlsaLAxGakopuipMCwstNmnZqtnKnGbq%2FOpqeurJWnerTF0q2cpg%3D%3D