On July 19th local time, some applications and services under Microsoft Corporation in the United States were unable to be used, resulting in access delays, incomplete functionality, or inability to access, and a large number of blue screens appearing on user computers. In an interview with reporters, the COO of Qingteng Cloud Security stated that this incident has sounded the alarm for global cybersecurity, and China urgently needs to accelerate the development of independent technology for cybersecurity products.
The "Microsoft Blue Screen" incident has spread globally, causing a large-scale event that caught people off guard: flights to multiple countries and regions have been suspended, industries such as healthcare, banking, and hotels have been "shut down", and even the London Stock Exchange has been affected... Currently, Microsoft announced that the malfunction has been repaired and the situation is gradually recovering.
In an interview, the COO of Aoto Cloud Security stated that the security incident caused by security software was mainly due to conflicts between CrowdStrike's driver program and the Windows operating system. The underlying reasons may be incompatibility, conflicts between drivers, or the possibility of drivers triggering kernel bugs.
He said that this incident also brought important insights to the industry: firstly, safety remains the top priority. Secondly, in the selection of security product technology routes, software development usually includes kernel mode and user mode. The former has higher system permissions and can directly access hardware, but the disadvantage is that incorrect drivers may endanger the stability and security of the entire system; If the latter goes wrong, it usually only affects a single application and will not cause system crashes. At present, it seems that CrowdStrike is the problem caused by kernel state. If we try to use non kernel forms as much as possible, the probability of such problems occurring will be much lower.
He also mentioned that full updates are also a major industry taboo when conducting software updates. The usual practice in the industry is grayscale updates, such as step-by-step updates by region, industry, etc., as well as updates during non working hours and non peak business periods, and then large-scale updates after stabilization. This way, even if there are problems, it is not easy to affect the business continuity of customers, let alone affect customers worldwide.
This matter not only affects computer users worldwide, but also highlights the importance of choosing reliable technologies in the field of network security. For China, strengthening the research and application of domestically produced and independently controllable cybersecurity products is an important way to enhance the country's ability to independently control cybersecurity.
It is believed that CrowdStrike's global blue screen incident has served as a wake-up call for China's cybersecurity. He suggested that the government should increase its support for the research and promotion of domestic network security products, provide policy and financial support, and encourage enterprises to engage in technological innovation; Strengthen cooperation between universities, research institutions, and enterprises, promote the transformation of scientific research achievements, and facilitate technological progress and product innovation; Encourage enterprises to increase research and development investment, develop network security products with independent intellectual property rights, and enhance product competitiveness; Focus on breaking through key technologies such as operating systems, databases, middleware, etc., and reduce dependence on external technologies; Participate in or lead the formulation of international standards, enhance the discourse power and influence of domestic technology in the international market; Strengthen the security review of imported cybersecurity products to ensure that they do not pose a threat to national cybersecurity.