JULY 24 — When I chose to do an IT degree, it was because I didn’t want to do anything too hard after a stressful year in matriculation — coinciding with my parents’ marriage imploding.
I knew I liked figuring out how things, and sometimes people, work. An IT degree just seemed a good fit out of all my options.
It helped me as I found my way into tech journalism, covering corporations and specialising in security, enterprise and the use of technology in the public sector.
The CrowdStrike-caused global IT disruption on July 19 did not surprise me in the slightest.
What did was that it took this long for the world to experience the consequences of overreliance on technology without a backup plan.
Microsoft blames the European Union (EU) for forcing it to allow security software the same access that Microsoft had to its operating system.
The company blames the EU’s overzealousness in clamping down on anti-competitive behaviour.
Is the accusation unfounded, though? One of the biggest criticisms of consumer security software was that it tampered too much with operating system code to the point it behaved like the very malware it is supposed to ward off.
In 2010, a faulty McAfee (a company that specialised in security software) update removed the svchost.exe file in Windows that was crucial for network connections — thus causing millions of computers worldwide to disconnect from the internet or worse, get trapped in a reboot loop.
You would think McAfee would have learned something from that. Instead, just two years later another flawed security update both disconnected computers from the Web but also turned off virus protection.
The CrowdStrike IT fiasco was also caused by a bad software update but one common factor connects McAfee and CrowdStrike, namely George Kurtz, CrowdStrike’s founder and CEO who was also CTO at McAfee during the infamous svchost.exe incident.
Having your name associated with not one but two global IT disasters does not look good on LinkedIn, just saying.
I think that Microsoft should take a good look at itself.
Being effectively a global monopoly with 72 per cent of the desktop operating system (OS) market share, Microsoft’s software and services failing would of course have global repercussions.
At the same time, I think it did not present its case to the EU as to the security risk that comes with security software having too much access to root systems.
Apple’s locked-down OS limits third-party software’s access, something many developers have called anti-competitive but the EU has not as yet forced Apple to make the same concessions Microsoft has.
It’s simple — Apple is not a monopoly in the OS space. Could that change in future? I don’t foresee that happening in the next 10 years, primarily due to the reliance of many firms on legacy software that only runs on Windows.
Apparently even Malaysia’s Road Transport Department (JPJ) is still reliant on ancient software because the possible pitfalls of migrating all the decades worth of car registration data has not outweighed (in their approximation) the possible benefits.
Some joked that the reason Malaysia was not more affected by the CrowdStrike meltdown was simply because most institutions were reliant on ageing, outdated software.
There could be some truth to that but at the same time, those old systems are fragile targets for hackers — just this week a Darkweb hacker claimed to have access to a local bank’s whole repository of user data and logins.
You bet I changed my password post-haste.
As someone who has reported on “tech bros” as they’re called, my main conclusion is you can’t trust them.
When Mark Zuckerberg proudly boasted that his ethos was “move fast and break things” it should not have become the norm.
Because of the CrowdStrike outage, people died. Hospitals could not access important data, appointments had to be rescheduled and people missed flights to access potentially lifesaving treatment.
Somewhere, a transplant organ could have been wasted because it could not be flown to its recipient in time or in equally sad, though not life-threatening incidents, people could be missing their chance to bid farewell at a loved one’s deathbed.
Where were the fail-safes? Where were the backup protocols for when systems failed, in handbooks that used to exist when we remembered that machines fail.
In Taiwan, the government pays rice farmers not to plant crops because the country’s limited water supply is instead being funnelled to chip makers.
You can’t eat chips or graphic cards.
There will come a time, again, when some other virus disturbs the flow of commerce and countries unable to feed themselves will find themselves grappling with logistics and soaring prices.
It’s like we forgot what happened just four years ago.
I don’t believe in doomerism, I believe in pragmatism. As the old Arab saying goes, trust god but tie up your camel.
Systems will fail, as people will, and both are not as easy as you’d think to repair or replace.
Update your systems, but prepare your backups and maybe, don’t always be thinking your outsourced IT team will save you. It’s a tough lesson too many firms learned the hard way and it should stick but seeing what happened to McAfee, I just can’t bet on it.
* This is the personal opinion of the columnist.
