And keep in mind, the falcon sensor exists for Linux. All those big companies largely use it.
Essentially we just got lucky that their buggy patch only affected the windows version of the sensor in a showstopping way. Could have been all major OS.
I don’t think the Linux culture is very similar to the windows culture. At least for me personally, I wouldn’t use crowdstrike and let them install whatever they want into my environment.
It’s not your machine, your choice of distro, or your choice of specific packages to use or not use. It’s a work tool you get handed as part of a job. So whether CrowdStrike runs on it or not is not your decision and you aren’t allowed (and usually not capable) to change that.
That’s an entirely different situation from one where you get a PC to do with as you please and set up yourself, or a private machine.
Plus we’re mostly talking endpoint devices for non-technical users with many of these difficult-to-fix devices as techs have to drive out to them. The users expect a tool, and they get a tool. A Linux would be customized and utterly locked down, and part of that would be the endpoint protection software.
We tried to fight against having to install Crowstrike on our Linux servers but got overruled by upper management without discussion. I assume we are not the only ones with that experience in the world due to the need to check a checkbox for some flimsy audit.
Probably not. Most Linux admins know their systems and are able to navigate out of the situation with ease. But also most people don’t use any corporate off-the-shelf software, because there are better options that are freely available.
Furthermore a Linux installation is dedicated and slim for one single purpose. The flexibility creates diversity.
I think the shower thought is centered around IF a ubiquitous bug that required physical access to the machine to resolve occurred simultaneously across all Linux machines.
If you couldn’t remotely resolve the issues, regardless of your competence, simply the WALK to each machine and hooking up a KVM to each one would take a long time.